RE: FYI: More on WebTV security
--- begin forwarded text From: Pablo Calamera <pablo@microsoft.com> To: "'dstoler@globalpac.com'" <dstoler@globalpac.com>, rah@shipwright.com, mac-crypto@vmeng.com Cc: jimg@mentat.com Subject: RE: FYI: More on WebTV security Date: Thu, 15 Oct 1998 17:19:11 -0700 comments inserted, extraneous text deleted.
-----Original Message----- From: dstoler@globalpac.com [mailto:dstoler@globalpac.com] Sent: Tuesday, October 13, 1998 5:39 AM To: Pablo Calamera; rah@shipwright.com; mac-crypto@vmeng.com Cc: jimg@mentat.com Subject: Re: FYI: More on WebTV security
[stuff deleted] The press release implies that there is secure end-to-end email between two WebTV customers.
The wording is somewhat ambiguous though it does have more of a bent on the security of the transport layer. Perhaps it could have been clearer and specifically said that messages where encrypted during transport using 128 bit encryption.
Perhaps I am overly cynical, but I am guessing that they are using SSL (TLS) from a web based email application on the client to WebTV's servers. I presume email data is decrypted at the servers, then re-encrypted to the recipient when she uses the WebTV client to read email.
Close. We could not even export SSL (TLS) with 128 encryption in this scenario. We have a proprietary transport protocol that we use that employs 128 bit RC4.
This approach would allow access to private email at the servers by WebTV employees or law enforcement agencies.
Note the careful use of the phrases "unauthorized party" and "without posing undo risks to national security and law enforcement" in the press release.
I believe that WebTV's email security is directly coupled to their ability to establish and enforce good security policy within their operation and the trustworthiness of the employees who have access to sensitive data.
Partially true. We believe a major component of our security is indeed in the encrypted transport of your email from the service through the internet, through a leased POP to your box. Our Privacy Policy and Terms of Service are available for your viewing. http://webtv.net/home/privacy_text.html http://webtv.net/home/tos_text2.html This level of protection goes beyond email to registration, preferences/setup, "favorites" etc... Virtually all communications with the WebTV service.
I am concerned that carefully constructed wording of Microsoft's press release implies stronger email security than really exists. I hope I am wrong.
We believe that with the level of encryption and the quality of our network operations that we have the best level of privacy protection for our users of any online service. I agree that the carefully worded press release may imply more than what we got. But we are very happy with this initial step. It has taken a very long time just to get export approval for this architecture and we look forward to further relaxation of export controls so we can compete on even footing with our foreign competitors. Pablo
David Stoler
Key paragraphs from Microsoft's press release:
WebTV Networks has been granted the first export license to use strong 128-bit encryption for any user and any application in Japan and the United Kingdom. So, for example, an e-mail message with personal information sent from a WebTV subscriber in Japan to a second WebTV subscriber in Japan will be sent securely because there is no known technology by which an unauthorized party could intercept and decipher it.
Therefore, as part of the WebTV Network, the WebTV-based Internet terminal (starting at under $100) is now the most secure communications device available from a U.S. company.
"WebTV Networks' export approval is a significant step for industry and reflects the U.S. government's commitment to promoting e-commerce abroad," said William Reinsch, U.S. undersecretary for export administration. "The WebTV Network provides secure communications for its customers and partners without posing undue risks to national security and law enforcement."
--- end forwarded text ----------------- Robert A. Hettinga <mailto: rah@philodox.com> Philodox Financial Technology Evangelism <http://www.philodox.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Pablo Calamera writes:
Perhaps I am overly cynical, but I am guessing that they are using SSL (TLS) from a web based email application on the client to WebTV's servers. I presume email data is decrypted at the servers, then re-encrypted to the recipient when she uses the WebTV client to read email.
Close. We could not even export SSL (TLS) with 128 encryption in this scenario. We have a proprietary transport protocol that we use that employs 128 bit RC4.
Hope you are doing sensible things with RC4 -- sounds like you/webTV group know what you are doing, but we have seen a lot of dumb things done with RC4 by microsoft (and by others) in the last couple of years. Things like using the same key multiple times (doh!) etc. Only it is worrying that they would refuse SSL (which is presumably going to be 128 bit RC4) and make you design another SSL-alike replacement which uses the same cipher and key size. Perhaps they are hoping that you will make subtle errors in a non-peer reviewed protocol. As you have given them your protocol spec (they require this, so I presume you have), it may be that your export permission hinges on a exploitable flaw they have found. SSL went through a few revisions before it got to be very secure. The other crucial point is this: do you use a forward secret key negotation alogrithm? So that a court ordered demand for decryption definately only gets traffic from that point onwards (and not all traffic going backwards if the LEA has been unofficially recording all the traffic to the user / all users).
Partially true. We believe a major component of our security is indeed in the encrypted transport of your email from the service through the internet, through a leased POP to your box. Our Privacy Policy and Terms of Service are available for your viewing. http://webtv.net/home/privacy_text.html http://webtv.net/home/tos_text2.html
Will look at those, thanks.
I am concerned that carefully constructed wording of Microsoft's press release implies stronger email security than really exists. I hope I am wrong.
We believe that with the level of encryption and the quality of our network operations that we have the best level of privacy protection for our users of any online service.
That's a strong claim. I don't think you provide as much privacy as say Infonex (pay with cash, no ID required), ssh, use a nymserver, anonymous web pages etc. There are a few others with similar offers also. I wonder -- do you archive mail? (As it goes in the clear through your mail hub which the users are connecting to.)
I agree that the carefully worded press release may imply more than what we got. But we are very happy with this initial step. It has taken a very long time just to get export approval for this architecture and we look forward to further relaxation of export controls so we can compete on even footing with our foreign competitors.
It does seem to be somewhat of a relaxation, and is potentially useful at that. For example Phil Karn said Qualcomm where refused use of 3DES between their US and an non-US office with only their own staff using it, though this was a few years ago. In all I am very pleased to see this being discussed. Microsoft as a norm does not get involved in answering it's critics (in other than carefully spun press releases). Thanks! Adam -- print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
participants (2)
-
Adam Back -
Robert Hettinga