Public Key Cryptography (by alaric)
Last night, I somehow managed to pull off the first ORG key signing event successfully!
We exchanged proofs of identity - the ostensible purpose of the event. And the ORG people spread the word about ORG to everyone who attended (and even at least one random person who came up and asked what we were doing), and we all had good discussions about digital rights and crypto.
One topic that came up was the one us cryptogeeks rarely worry about too much:
Why bother?
We know why we want communications to be encrypted and signed by default, where possible; having a system that prevents spoofing and forging messages is vital for advanced electronic banking systems, ensuring privacy against criminals and corrupt governments, and so on. But encrypting and signing wherever you can - rather than just when you need to - means that the encrypted traffic doesn't stand out. If only important messages are encrypted, then a snooper can filter out encrypted messages and focus resources on breaking them, confident of a juicy find inside. If everything is encrypted, then finding the interesting messages amongst the chaff is difficult; if they pick a random message and break it somehow, odds on it'll just be mundane chatter.
Also, using cryptography routinely would make communications technology actually live up to the expectations passed upon it. People naively assume that their messages can't be spoofed. Most people, if asked, will probably say that they realise people can read their messages, but they will routinely trust that a message is from who it claims to be from, or that a message will not be modified in transit, which are both easily exploited by attackers.
So we try and use the technology where we can. I mean, I personally don't routinely sign all my email messages. I'd like to, but the support for it in mail clients isn't great. Unless I can get gpg-agent working on my Mac, I'd have to enter a passphrase for every email I send, too. And so on. I'm considering adding signing support to MSAD, where I give MSAD a special signing-only key I create with no passphrase on it (but which I have signed from my primary key) and have it sign all my emails automatically, but that will have to wait until I get time.
My key is mainly used for signing other people's keys, and signing my RDF description of myself (a feature which social networks like Facebook certainly inherently lack). I'd sign my blog posts, but that's not easy - I write them as Markdown text, but what you see on the blog is converted to HTML, wrapped in a template, and split into pages; you don't actually get to see the Markdown as written by me. I've been wondering about a WordPress plugin that adds a link to post pages that, when clicked, produces the underlying text of the entire post, which could then be wrapped in an ASCII-armored PGP signature, along with modifications to the display logic to strip out the signature when it's displayed as HTML, instead putting in the link to the 'raw' version. But I've not had time.
So if even cryptogeeks like me are hampered by the limitations of the available software, what hope is there for the general public to encrypt their communications by default?
There definitely needs to be work done. The infrastructure is all in place - GnuPG exists and works - but there really needs to be better integration and availability in consumer software.
So here's my proposal of how Apple should integrate it into OS X...
Pages: 1 2
Crypto / security | alaric | 
Tue 3rd Jun 2008 2:48 pm
Subscribe
By Ben, Tue 3rd Jun 2008 @ 4:21 pm
Did you know Mail.app supports the X.509 stuff? Search for "certificates" in Mail.app's help for info. It's not exactly advertised, though.
By alaric, Wed 4th Jun 2008 @ 12:18 am
Yeah. Sadly, I don't think X.509 is the way to go...
By alaric, Mon 7th Jul 2008 @ 9:53 am
I have an additional feature I think a MacOS/GPG integration should have, actually, purely to foster better adoption in commercial environments.
The X.509 model is actually fairly appropriate for corporate use - a central corporate CA can issue certificates for their employees. Such centralised operation is entirely correct in such an environment.
However, the neat thing about the web-of-trust model is that it's more general than hierarchial trust; a hierarchy is, in fact, a restricted form of a web.
So there should be a simple tool built into the directory services stuff used to maintain a centralised organisational user database (I must confess I've never come across Macs configured to operate in this way; I suspect most organisations will really be running Windows with Active Directory in the core; but a Mac can talk to that, which is sufficient for this purpose). It would simply manage an X.509-esque certificate hierarchy. Users who are connected to a directory service would be given the option, when they have created a private key, to submit it to The Directory for signing. In which case, the key management system (actually alongside the directory) would check the details on the key strictly match those on the user account that's submitting the key, and if so, sign it with a master key (to publish the fact that it's done the check), then slip the signed public key into the directory - and into public keyservers so that other organisations can then see that the new employee is, in fact, a certified employee of BigCorp when they start sending emails from their BigCorp address.
Oh, and when an account is deleted from the directory, the key management system would notice this and immediately publish a revocation of the organisation's signature of the key.
The next version of the thing could also support role/group keys. Administrators could grant a keypair to a user group, then a proxy system could ensure that outgoing email from members of that group (as long as the signature matches a real group member!) is also signed automatically by the group's key, optionally removing the original author's signature. This would enable digital identities to be assigned to roles or teams within an organisation, even as members come and go. Exactly how to implement the proxying is an intereting question; for emails, how do you know if an email is semantically from its author, or from a role the author holds? If you use a mail client that supports multiple sending accounts it becomes easy. But what about signing files and the like?
Incoming encrypted emails to the role/group are easy to handle - the mail system can decrypt them, then re-encrypt them for the members of the group and distribute it to them.