Access to Storage and Communication Keys
The government and its friends have tried for a while to convince the public that there's a great business market for access to keys by the Proper Authorities, whether bosses or cops. A number of us on the Pro-Privacy side have contended that this is wrong - the business need is for later access to stored files, not to encrypted communications keys and of course not to signature keys. Having argued that point vociferously in the past, I'm now going to waffle on the issue - while the business need is for access to stored data, this may often include stored messages received from a communication system in encrypted form. Either the User Interface needs to make it convenient to store the decrypted message, or else the user will store the message in encrypted form - which means there may be a business need for Proper Authority Access later. This means, as {cypher,coder,ranter}punks, we need to address this problem when building crypto tools, to avoid building systems that create or sustain a business need for access to communication keys. Some email systems really encourage you to save messages in one big hulking undocumented monolithic email box, with subfolders and databases and attachments and pointers, and some are a bit more friendly but still leave bits and pieces of MIME splattered on your disk. Some of the nicer tools I've used for encrypted file/mail handling make it convenient to take encrypted incoming mail, decrypt it, and either view it or save it to a file or clipboard. I've been using PGP Inc.'s PGP5.0 Eudora Plug-In, and it decrypts the mail into the mail message buffer itself. When you finish with that particular message (e.g. go to the next, or just close it), you get asked it you want to save the modified message, and if you say "yes" you'll have the decrypted message in your mailbox. However, there's a negative about this - if you receive mail that's signed and encrypted, and save the modified version, it loses the signature information - so it may be more valuable to save the encrypted version... # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp # (If this is a mailing list or news, please Cc: me on replies. Thanks.)
On Mon, 9 Jun 1997, Bill Stewart wrote:
Having argued that point vociferously in the past, I'm now going to waffle on the issue - while the business need is for access to stored data, this may often include stored messages received from a communication system in encrypted form. Either the User Interface needs to make it convenient to store the decrypted message, or else the user will store the message in encrypted form - which means there may be a business need for Proper Authority Access later.
Move all accounts that use corporate secured email to a secure local server (e.g. per office), and do something like a procmail recipe that will decrypt automatically and forward the plaintext to the recipient (archiving as per policy). If the messages need security, then they don't leave the secured server and the accounts are such that I can't read other people's mail directory and others can read mine. All the keys are generated and maintained on this server so passwords are controlled by the administrator. Or just have them use the encryption within the corporate standard word processor, and spend the $100 or so for the 5-second cracking program. You can automate security to prevent user's not following procedure (saving encrypted files). You can't do much about malice or creativity (e.g. my PGP on my laptop).
Bill Stewart <stewarts@ix.netcom.com> writes:
Having argued that point vociferously in the past, I'm now going to waffle on the issue - while the business need is for access to stored data, this may often include stored messages received from a communication system in encrypted form. Either the User Interface needs to make it convenient to store the decrypted message, or else the user will store the message in encrypted form - which means there may be a business need for Proper Authority Access later.
To me, mail encryption is not communications encryption. The mail message is encrypted, just like a file might be. Then those encrypted bits are sent over the net. It is precisely because I have access to the ciphertext as a separate entity that this is not communications encryption. This is in contrast to ssh, kerberized telnet, IPsec, etc., where once the communications has happened, I either have the cleartext bits (example: scp), or nothing but a memory in my head (example: telnet). In this situation, private escrow of keys is useless, unless I'm also escrowing the ciphertext. Nobody I know archives their cyphertext data flows. Anybody know of a contradiction? The *only* reason to escrow communications keys is to spy on people; there is never an opportunity for data loss here. Note that this also means that private key recovery (intra-corporate, for example) is consistent with perfect forward secrecy, since the former is never useful for communications, and the latter only is. This doesn't fix the potential problems with email, but it does let you continue to argue vociferously and with a clear conscience against communications key escrow in any form. Marc
participants (3)
-
Bill Stewart -
Marc Horowitz -
tzeruch@ceddec.com