At 07:09 PM 8/25/2013, Shawn K. Quinn wrote:
On Sun, Aug 25, 2013, at 07:36 PM, John Young wrote:
Phil probably means the infrastructure of email is the vul not the crypto. Crypto alone is sterile, a boy in a bubble which requires life support which can be assaulted.
I think Phil is referring to traffic analysis. We solved this problem already somewhat with Mixmaster, but it's cumbersome to impossible to use for everyday email.
It's not just traffic analysis, though that's another layer of the problem. And it's not just the issue of PGP being hard to run on some phones, though that makes it a problem for users of those phones. Phil's not just a cryptographer; he's primarily a service provider here. If you assume that the NSA can come to you with a FISA court order overriding ECPA, saying "Give us every piece of information that anybody sends you, including your subscribers and outsiders who want to send email to them, any time any new bit of information arrives, Or Else!" then you can't run a "secure" email service that accepts unencrypted email, because what you have isn't secure against that threat model. If the NSA and their rubber-stamping buddies at FISA aren't stepping way over the bright shiny constitutionality line, you could run an email service that automatically PGP-encrypts any incoming message to a public key associated with the mailbox, and build a user interface for the mailbox client's device that's not totally annoying. The fact that Phil and Jon say they can't run a service implies that the threat model includes mail in transit, not just mail delivered to a mailbox. You might be able to run an email service that scans inbound email for an X-PGP-Encrypted: header, and if it sees "From:" or "Subject:" first, bounces the email with a 503 or 550: "Sorry, Encrypted Email Only, Get PGP at www.pgp.com", but that's really more annoying than just using Gmail with a user name pgp-only-johndoe43@gmail.com. An alternative threat model is that the NSA declares anybody sending encrypted mail to be a target (s/target/weasel-word-of-the-week/g), so any ISP that sends data to silentcircle.com has to allow the NSA to wiretap their connections, just in case they might be encrypted email. The effects are similar, though it wouldn't provide access to the contents of encrypted SMTP sessions; Phil and Jon might also be refusing to handle email because of this slightly less aggressive threat model. Bill Stewart
On 26.08.2013 06:12, Bill Stewart wrote:
You might be able to run an email service that scans inbound email for an X-PGP-Encrypted: header, and if it sees "From:" or "Subject:" first, bounces the email with a 503 or 550: "Sorry, Encrypted Email Only, Get PGP at www.pgp.com",
If you're crazy enough to do so, here's a mail filter that rejects non-PGP mail. Currently, it simply scans the first 5000 characters for "-----BEGIN PGP MESSAGE-----", and, if not there, rejects with a 550. https://github.com/moba/pgpmilter We will use it soon for the onion.to Tor mail gateway: https://lists.torproject.org/pipermail/tor-talk/2013-August/029464.html --Mo
At 10:24 PM 8/25/2013, Moritz wrote:
On 26.08.2013 06:12, Bill Stewart wrote:
You might be able to run an email service that scans inbound email for an X-PGP-Encrypted: header, and if it sees "From:" or "Subject:" first, bounces the email with a 503 or 550: "Sorry, Encrypted Email Only, Get PGP at www.pgp.com",
If you're crazy enough to do so, here's a mail filter that rejects non-PGP mail. Currently, it simply scans the first 5000 characters for "-----BEGIN PGP MESSAGE-----", and, if not there, rejects with a 550.
https://github.com/moba/pgpmilter
We will use it soon for the onion.to Tor mail gateway:
https://lists.torproject.org/pipermail/tor-talk/2013-August/029464.html
Oh, cool. I was going for more paranoid than that - if you're an email provider and the NSA has given you an order to retain all data and rat out all your customers, theoretically you don't even want to accept that much, but if it's feeding into Tor or some remailer anyway, non-PGP mail won't get very far, and you're less likely to be the kind of service provider who gets NSA/FISA orders.
How about refusing any Tor traffic (as the EU already does), irrespective of the used protocol, encrypted or not? 1. invent Tor 2. subsidize it 3. privatize it 4. force target traffic to use Tor 5. kill Tor access at nsp level 6. finish off remnants If I'm correct Shava Nerad (ex-EFF) had a while ago some quite perky pointers in that direction. /T ... Oh, cool. I was going for more paranoid than that - if you're an email provider and the NSA has given you an order to retain all data and rat out all your customers, theoretically you don't even want to accept that much, but if it's feeding into Tor or some remailer anyway, non-PGP mail won't get very far, and you're less likely to be the kind of service provider who gets NSA/FISA orders.
On Sun, Aug 25, 2013, at 11:12 PM, Bill Stewart wrote:
You might be able to run an email service that scans inbound email for an X-PGP-Encrypted: header, and if it sees "From:" or "Subject:" first, bounces the email with a 503 or 550: "Sorry, Encrypted Email Only, Get PGP at www.pgp.com", but that's really more annoying than just using Gmail with a user name pgp-only-johndoe43@gmail.com.
I like the concept, but not with the ad for commercial PGP at the expense of GnuPG and others. Though I think the following poster who suggested scanning the email itself for the PGP identifier might be more useful and less prone to being fooled by someone who just puts the header in there without actually encrypting. Also, headers don't have to be in a specific order, it's possible that "From:" or "Subject:" accidentally get moved ahead of "X-PGP-Encrypted:" by mistake and that would result in a false bounce. -- Shawn K. Quinn skquinn@rushpost.com
participants (4)
-
Bill Stewart -
Moritz -
Shawn K. Quinn -
taxakis