At 07:09 PM 8/25/2013, Shawn K. Quinn wrote:
On Sun, Aug 25, 2013, at 07:36 PM, John Young wrote:
Phil probably means the infrastructure of email is the vul not the crypto. Crypto alone is sterile, a boy in a bubble which requires life support which can be assaulted.
I think Phil is referring to traffic analysis. We solved this problem already somewhat with Mixmaster, but it's cumbersome to impossible to use for everyday email.
It's not just traffic analysis, though that's another layer of the problem. And it's not just the issue of PGP being hard to run on some phones, though that makes it a problem for users of those phones. Phil's not just a cryptographer; he's primarily a service provider here. If you assume that the NSA can come to you with a FISA court order overriding ECPA, saying "Give us every piece of information that anybody sends you, including your subscribers and outsiders who want to send email to them, any time any new bit of information arrives, Or Else!" then you can't run a "secure" email service that accepts unencrypted email, because what you have isn't secure against that threat model. If the NSA and their rubber-stamping buddies at FISA aren't stepping way over the bright shiny constitutionality line, you could run an email service that automatically PGP-encrypts any incoming message to a public key associated with the mailbox, and build a user interface for the mailbox client's device that's not totally annoying. The fact that Phil and Jon say they can't run a service implies that the threat model includes mail in transit, not just mail delivered to a mailbox. You might be able to run an email service that scans inbound email for an X-PGP-Encrypted: header, and if it sees "From:" or "Subject:" first, bounces the email with a 503 or 550: "Sorry, Encrypted Email Only, Get PGP at www.pgp.com", but that's really more annoying than just using Gmail with a user name pgp-only-johndoe43@gmail.com. An alternative threat model is that the NSA declares anybody sending encrypted mail to be a target (s/target/weasel-word-of-the-week/g), so any ISP that sends data to silentcircle.com has to allow the NSA to wiretap their connections, just in case they might be encrypted email. The effects are similar, though it wouldn't provide access to the contents of encrypted SMTP sessions; Phil and Jon might also be refusing to handle email because of this slightly less aggressive threat model. Bill Stewart