The Problems With Secure Email
By ArticSoft, Fri Dec 9th
The ideal system that everyone is searching for – the silverbullet, is to have top security automatically regardless of whoyou are sending to and what product(s) they happen to be using.The reality is that many e-mail packages are not themselvessecure, and do not interoperate cleanly with anything but theirown products.
For the time being you are better off keeping your securityoutside of your e-mail or word processing package, andexchanging attachments that are fully protected and not relyingupon any of the different systems that people are using. Thatway you increase the security of the result and do not have torely on complex interactions between proprietary systems.
It may not be as elegant, but it will take you a lot furtherthan relying on a specific e-mail service and will give you, forthe time being, a much more secure result.
Introduction
For the last ten years or so we have become increasingly relianton e-mail. It is ubiquitous, and unlike real mail it can chaseus from continent to continent in seconds. For better or worsewe now have the ability to conduct the next worst thing toconversation, but in writing.
Of course, and despite all the advice, we treat this ability asif it were the same as personal conversation. Private. Off therecord. We also assume that no-one else is going to be able toread it, and that it can’t ever get into the wrong hands.
Slowly but surely we are finding out, the hard way, that, as inthe words of the song, “It ain’t necessarily so.” What we aredoing is like sending picture postcards through the mail. Itappears that everyone from our e-mail administrator to half thehacking community can pick up what we are doing, even off theinternal network.
Enter the answer – secure e-mail (Se-mail?). Run it just likeordinary mail but click on the secure button and you’re done.Shangri-La! But is it for real or is it yet another of the ITpipe dreams?
Silver Bullet Syndrome
This is not a new disease. Far from it. This is a regularepidemic every time someone goes near the IT security allergy.Somehow or other it seems obvious to anyone that the immensecomplexity of the computer can be made safe and secure by asingle act (the laying on of hands perhaps?). Despite the factthat every day experience teaches us how difficult it is to geta computer to anything without us making a significantcontribution, security is supposed to happen without any thoughtor planning (even less than putting something in a brownenvelope rather than a see-through folder).
Manufacturers have been quick to recognize two things. The firsthas been that they need to service their customers more so thatthey can charge more. The second is that despite all the claimsabout standards in security, the cold hard reality is that thereare hardly any.
What, no standards?
Well, almost none. We have S/MIME (version 2 or 3?) to sort outhow you might sign and encrypt streams going from one e-mailclient to another. That’s fine except that you need ‘PKI’standards sitting behind S/MIME to make it useful, and thereseem to be more of those than you can shake a stick at. This isa case where there are so many different standards (and evenmore interpretations of them) that in effect you have nostandards.
If you want to think about standards in terms of manufacturer’sproducts (after all, dominant suppliers and monopolies setstandards of a kind) then the picture is more like this. We haveOutlook Express and Outlook (not the same thing even if they arefrom the same stable) and HotMail. To that we must add Eudora,Lotus Notes and AOL (Compuserve). We have an increasing numberof web-mail products such as Yahoo and Lycos, just in case theothers weren’t enough. And we haven’t yet begun to mention allthe various brands of ‘secure’ mail that exist, including PGP.Can you believe that all of these interoperate smoothly andseamlessly with each other?
So we can conclude that standards are not yet in a position tohelp us.
Our objectives
Somewhere in the security debate, you lose, as we seem in dangerof doing, sight of what your objective actually is because thetechnology debate is so much more confusing.
The objective for the user might be summarized as follows(borrowing from the paper world):
- to be certain what they send goes to the right person/place; -to be certain that the right person/place can read theinformation; - to be able to use signed information as proof toa court or other body; - to stop the wrong people from readingpersonal and private information.
Some of these wishes are more difficult than others. Just as inthe paper world, you can’t stop anyone seeing the address on theoutside of a letter, the same is true of e-mail. If someonealters that address, it doesn’t go to the right place, and ifsomeone alters the return address (in many countries it
