Pablo Calamera writes:
Perhaps I am overly cynical, but I am guessing that they are using SSL (TLS) from a web based email application on the client to WebTV's servers. I presume email data is decrypted at the servers, then re-encrypted to the recipient when she uses the WebTV client to read email.
Close. We could not even export SSL (TLS) with 128 encryption in this scenario. We have a proprietary transport protocol that we use that employs 128 bit RC4.
Hope you are doing sensible things with RC4 -- sounds like you/webTV group know what you are doing, but we have seen a lot of dumb things done with RC4 by microsoft (and by others) in the last couple of years. Things like using the same key multiple times (doh!) etc. Only it is worrying that they would refuse SSL (which is presumably going to be 128 bit RC4) and make you design another SSL-alike replacement which uses the same cipher and key size. Perhaps they are hoping that you will make subtle errors in a non-peer reviewed protocol. As you have given them your protocol spec (they require this, so I presume you have), it may be that your export permission hinges on a exploitable flaw they have found. SSL went through a few revisions before it got to be very secure. The other crucial point is this: do you use a forward secret key negotation alogrithm? So that a court ordered demand for decryption definately only gets traffic from that point onwards (and not all traffic going backwards if the LEA has been unofficially recording all the traffic to the user / all users).
Partially true. We believe a major component of our security is indeed in the encrypted transport of your email from the service through the internet, through a leased POP to your box. Our Privacy Policy and Terms of Service are available for your viewing. http://webtv.net/home/privacy_text.html http://webtv.net/home/tos_text2.html
Will look at those, thanks.
I am concerned that carefully constructed wording of Microsoft's press release implies stronger email security than really exists. I hope I am wrong.
We believe that with the level of encryption and the quality of our network operations that we have the best level of privacy protection for our users of any online service.
That's a strong claim. I don't think you provide as much privacy as say Infonex (pay with cash, no ID required), ssh, use a nymserver, anonymous web pages etc. There are a few others with similar offers also. I wonder -- do you archive mail? (As it goes in the clear through your mail hub which the users are connecting to.)
I agree that the carefully worded press release may imply more than what we got. But we are very happy with this initial step. It has taken a very long time just to get export approval for this architecture and we look forward to further relaxation of export controls so we can compete on even footing with our foreign competitors.
It does seem to be somewhat of a relaxation, and is potentially useful at that. For example Phil Karn said Qualcomm where refused use of 3DES between their US and an non-US office with only their own staff using it, though this was a few years ago. In all I am very pleased to see this being discussed. Microsoft as a norm does not get involved in answering it's critics (in other than carefully spun press releases). Thanks! Adam -- print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`