[comp.society] Mail security

db@helium.East.Sun.COM (David Brownell) (01/17/91)

In article <1618@limbo.Intuitive.Com>
	bradley@cs.utexas.edu (Bradley L. Richards) writes:

> A question which has been bothering me lately:  with readily available
> public-key algorithms, why hasn't the idea of secure mail caught on?

At the risk of being oversimplistic, there are two issues here:

    *	Implementing an encrypted mail user agent (which on most
	UN*X machines would be MH or /usr/ucb/Mail or somesuch);

    *	Running networks using such user agents.

Perhaps the encryption could be done by a transfer agent in an
OSI-style architecture, but I think it's fair to assume the current
(crufty, limited) /usr/spool/mail architecture for illustration.

 
> It seems a simple matter to implement public key encryption, using a
> standard algorithm (e.g., RSA), so that one could send a secure
> message merely by providing both the recipient's mail address and
> their public encryption key.

Agreed, the first of those issues is not "hard":  the technology is
well understood, it's "been done before" (repeatedly, unless I miss
my guess).  However, the second issue seriously dwarfs the first.

Believe it or not, most sites don't want to pay the price for security.
It's something else to manage, something else which will break and hence
needs troubleshooting (by rather sophisticated staff), and (to most sites)
offers no direct benefits -- it's pure overhead.

Moreover, look at the issue of getting such a mail system going.  It's
equivalent to starting an entire new mail network, replacing the one
you're using now ... the I14Y (interoperability) issues are exactly
that complex, since each mail reader and sender would need to know how
to encrypt and decrypt the messages.  (Assuming there's only one way
that a message will be encoded ... which seems pretty unreasonable.)

Also, one hint about how useful such mail is:  who uses the current
secret mail system xsend/xget?

Dave Brownell

db@East.Sun.COM (David Brownell) (01/29/91)

Curt Sampson asks a good question about a comment of mine:

>> .. look at the issue of getting such a mail system going.  It's
>> equivalent to starting an entire new mail network ...

> I don't see why you would have to start an entire new mail network.

  (Suggestion of RFC-822 'Encrypted:' header field deleted.)

I was actually implying that technique; the point being that all the leaf
nodes (readers and senders) need to get educated about the a variety of
message encodings.  The new network isn't message passing infrastructure,
it's a social one of agreements and conventions.  (That was a hard part
about getting the railroad, telephone, and RFC-822 networks going too!)

There are two practical problems here:  first is coming up with standard
ways of sending encoded messages; second is widely distributing programs
to understand those encoded messages.  There are lots of proposals for the
first, some exactly like Curt's suggestion; but it's the second part
that'll make it happen (or not).

The "multimedia mail" folk have similar, but simpler, problems.  Reading
a wordprocessing document you got in email requires knowing only decoding
rules.  Reading an encrypted message also requires, as Curt alluded, a key
distribution system to be in place.  For some people, a shared password
is fine; you can send such messages today if you've got the social support
in place so your recipient can apply the right key and algorithm.  Others
want a public key encryption system, which is more difficult.

Dave Brownell

db@helium.East.Sun.COM (David Brownell) (02/01/91)

Christopher Stacey comments:

> eDlhM Xq22L EaEGp GqvYT 6A0jB mgAXc Ab4Dp UZoGi snpcs ScgWA
> JRKBk ZZB0u RJgYo gu7MD zGR45 JsTuQ dFvnE zPY#P eQuia drGc6
> ...
 
> In the above message, David Brownell writes about how very hard it
> would be to have encrypted mail, and I reply, "What's the big deal?"

My point's been truncated here, to the point it's no longer related to
what I said; I guess Christopher missed the original post.  I never
said more secure mail was "hard".  I answered a question about why it
hadn't caught on by pointing out that the while the technology is all
but trivial, building social systems that can use it is quite hard.
One critical problem is that few people benefit from it.

I think the fact that Christopher has had to repeatedly translate his
message, even when he included the decryption key with his mail,
illustrates many of my issues rather nicely.

Dave

herrickd@iccgcc.decnet.ab.com (Dan Herrick) (02/05/91)

David Brownell and Curt Sampson have talked about encrypting mail
on our network.  
 
There's a mailing list working on developing software and RFCs for
Privacy Enhanced Mail.  Write to pem-dev-request@tis.com
Today's traffic included a discussion of a possible demonstration
at an upcoming conference (Interop?).
 
Dan Herrick