On Wed, 22 Oct 1997, Mike wrote:
Which leads to another idea, couldn't we encrypt SMTP by running it over SSL as a web server cgi? If 99% of Internet traffic is web browsing and we You don't need to run it through a CGI. There's a port defined for SMTP-over-SSL:
Sure, but the idea here was hiding email to defeat traffic analysis. Ssmtp would raise alarms in any snopper but https would seem like business as
Well, that wasn't *my* idea. My idea was to hide the contents of mail from totally passive attackers, and to do it with NO participation or training from the end users, MINIMAL participation and effort from the sysadmin, and transparent compatibility (minus security, of course) with standard mail systems. I claim that this combination of goals is worth pursuing; I recognize that there are systems which provide better security, but it's at the cost of some of my other goals. You want to defeat traffic analysis, use remailers. You want security against active attacks, use PGP (or equivalent). If you want these things to be really easy, you'll be stuck with talking only to systems you know support whatever application you're using. A significant advantage of an encryption extension to SMTP is that it requires no prior coordination between the two ends of a link. I don't have to know whether the destination system supports encrypted SMTP, and I don't need to try connecting to the "secure mail" port and then fall back to regular mail every time I connect to a system I haven't been introduced to. I just have to watch for the encryption extension in the list of extensions that current SMTP mailers already exchange when they connect to each other. My threat model is that the NSA is tapping thousands of people's lines; what can we do to make that impractical?
A significant threat to online privacy comes from passive attackers, because you can't do anything about them. If you have an active attacker, you can analyze his moves and fix the bugs he uses to break root, but a passive attack is difficult to even detect before it's too late and your romantic conversations are headline news.
Solutions like PGP won't see much use beyond people who care about privacy, and at the moment there aren't enough of those. But if encrypted SMTP is installed on *systems*, then all mail between such systems becomes protected from purely passive wiretapping. Yes, it can still be traffic-analysed, but only on the level of "this system sent this much mail to that system", not "this user sent this much mail to that user". It can still be intercepted by an active attack - if the NSA can fool my TCP into thinking it's talking to mail.aol.com, then all my mail to mail.aol.com is readable by NSA (unless the protocol gets elaborated to do more sophisticated key management than just exchanging public keys at the start of the session, but that quickly requires user involvement and I want to avoid that). However, can the NSA afford to do DNS spoofing on a grand scale? They might do it for one system if they want to get that system's mail in particular, but if you've got the NSA singling you out, you had better be using PGP anyway. I'm sure they can't do an active attack on thousands of ordinary people at a time, just in case we might be doing something interesting. I'm also not sure that traffic analysis on ordinary people is really going to produce any particularly damaging information. They *can* afford simple passive wiretaps on a large scale. (Substitute your favorite scary organization for "NSA" if you prefer...)