db@helium.East.Sun.COM (David Brownell) (01/17/91)
In article <1618@limbo.Intuitive.Com> bradley@cs.utexas.edu (Bradley L. Richards) writes: > A question which has been bothering me lately: with readily available > public-key algorithms, why hasn't the idea of secure mail caught on? At the risk of being oversimplistic, there are two issues here: * Implementing an encrypted mail user agent (which on most UN*X machines would be MH or /usr/ucb/Mail or somesuch); * Running networks using such user agents. Perhaps the encryption could be done by a transfer agent in an OSI-style architecture, but I think it's fair to assume the current (crufty, limited) /usr/spool/mail architecture for illustration. > It seems a simple matter to implement public key encryption, using a > standard algorithm (e.g., RSA), so that one could send a secure > message merely by providing both the recipient's mail address and > their public encryption key. Agreed, the first of those issues is not "hard": the technology is well understood, it's "been done before" (repeatedly, unless I miss my guess). However, the second issue seriously dwarfs the first. Believe it or not, most sites don't want to pay the price for security. It's something else to manage, something else which will break and hence needs troubleshooting (by rather sophisticated staff), and (to most sites) offers no direct benefits -- it's pure overhead. Moreover, look at the issue of getting such a mail system going. It's equivalent to starting an entire new mail network, replacing the one you're using now ... the I14Y (interoperability) issues are exactly that complex, since each mail reader and sender would need to know how to encrypt and decrypt the messages. (Assuming there's only one way that a message will be encoded ... which seems pretty unreasonable.) Also, one hint about how useful such mail is: who uses the current secret mail system xsend/xget? Dave Brownell
db@East.Sun.COM (David Brownell) (01/29/91)
Curt Sampson asks a good question about a comment of mine: >> .. look at the issue of getting such a mail system going. It's >> equivalent to starting an entire new mail network ... > I don't see why you would have to start an entire new mail network. (Suggestion of RFC-822 'Encrypted:' header field deleted.) I was actually implying that technique; the point being that all the leaf nodes (readers and senders) need to get educated about the a variety of message encodings. The new network isn't message passing infrastructure, it's a social one of agreements and conventions. (That was a hard part about getting the railroad, telephone, and RFC-822 networks going too!) There are two practical problems here: first is coming up with standard ways of sending encoded messages; second is widely distributing programs to understand those encoded messages. There are lots of proposals for the first, some exactly like Curt's suggestion; but it's the second part that'll make it happen (or not). The "multimedia mail" folk have similar, but simpler, problems. Reading a wordprocessing document you got in email requires knowing only decoding rules. Reading an encrypted message also requires, as Curt alluded, a key distribution system to be in place. For some people, a shared password is fine; you can send such messages today if you've got the social support in place so your recipient can apply the right key and algorithm. Others want a public key encryption system, which is more difficult. Dave Brownell
db@helium.East.Sun.COM (David Brownell) (02/01/91)
Christopher Stacey comments: > eDlhM Xq22L EaEGp GqvYT 6A0jB mgAXc Ab4Dp UZoGi snpcs ScgWA > JRKBk ZZB0u RJgYo gu7MD zGR45 JsTuQ dFvnE zPY#P eQuia drGc6 > ... > In the above message, David Brownell writes about how very hard it > would be to have encrypted mail, and I reply, "What's the big deal?" My point's been truncated here, to the point it's no longer related to what I said; I guess Christopher missed the original post. I never said more secure mail was "hard". I answered a question about why it hadn't caught on by pointing out that the while the technology is all but trivial, building social systems that can use it is quite hard. One critical problem is that few people benefit from it. I think the fact that Christopher has had to repeatedly translate his message, even when he included the decryption key with his mail, illustrates many of my issues rather nicely. Dave
herrickd@iccgcc.decnet.ab.com (Dan Herrick) (02/05/91)
David Brownell and Curt Sampson have talked about encrypting mail on our network. There's a mailing list working on developing software and RFCs for Privacy Enhanced Mail. Write to pem-dev-request@tis.com Today's traffic included a discussion of a possible demonstration at an upcoming conference (Interop?). Dan Herrick