* S/MIME with OpenSSL? @ 2015-11-08 16:15 Jens Lechtenboerger 2015-11-10 16:42 ` Uwe Brauer 0 siblings, 1 reply; 17+ messages in thread From: Jens Lechtenboerger @ 2015-11-08 16:15 UTC (permalink / raw) To: help-gnu-emacs, info-gnus-english Hi there, I plan to refactor the code used for GnuPG in the Message mode of Emacs (Gnus) and started a discussion on the Gnus devel mailing list ding. An open issue is the use of OpenSSL for S/MIME in Emacs, which might be removed in the future. So if you use S/MIME via OpenSSL, please let me know why. I recommend that you use gpgsm instead of openssl for S/MIME as: ** Gpgsm manages certificates (storage, expiry, revocation). Users need to perform those tasks manually with openssl. ** Openssl has bugs as documented in the BUGS section of man smime(1). In particular: SMIMECapabilities are ignored, no revocation checking is done on the signer's certificate. ** Advertised SMIMECapabilities include broken encryption algorithms. With the precompiled openssl 1.0.1f on my system RC2 is advertised, which should have been dropped since S/MIME 3.x, see: https://tools.ietf.org/html/rfc5751#appendix-B Currently, openssl is preferred over epg (gpgsm), via (defcustom mml-smime-use (if (featurep 'epg) 'epg 'openssl)) in mml-smime.el. However, epg does not get loaded on its own even if it is present. Thus, users need to set mml-smime-use or require epg in their ~/.emacs, but the manual does not mention gpgsm at all. I plan to change this to prefer epg by default (and to document and recommend gpgsm). What’s your opinion? Best wishes Jens P.S. I’d like to clarify that I recommend OpenPGP, not S/MIME. Still, S/MIME is better than plaintext. ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: S/MIME with OpenSSL? 2015-11-08 16:15 S/MIME with OpenSSL? Jens Lechtenboerger @ 2015-11-10 16:42 ` Uwe Brauer 2015-11-10 21:41 ` Adam Sjøgren 0 siblings, 1 reply; 17+ messages in thread From: Uwe Brauer @ 2015-11-10 16:42 UTC (permalink / raw) To: help-gnu-emacs; +Cc: info-gnus-english >>> "Jens" == Jens Lechtenboerger <jens.lechtenboerger@fsfe.org> writes: > Hi there, > Currently, openssl is preferred over epg (gpgsm), via > (defcustom mml-smime-use (if (featurep 'epg) 'epg 'openssl)) > in mml-smime.el. However, epg does not get loaded on its own even if it > is present. Thus, users need to set mml-smime-use or require epg in > their ~/.emacs, but the manual does not mention gpgsm at all. > I plan to change this to prefer epg by default (and to document and > recommend gpgsm). > What’s your opinion? I agree completely. > Best wishes > Jens > P.S. I’d like to clarify that I recommend OpenPGP, not S/MIME. > Still, S/MIME is better than plaintext. The problem is that openpgp, in my experience, much more difficult to install and to use than S/MIME. I can provide a list why this is so. This list of people with whom I communicate in S/MIME contains 8 individuals, for opengpg there is just 1. ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: S/MIME with OpenSSL? 2015-11-10 16:42 ` Uwe Brauer @ 2015-11-10 21:41 ` Adam Sjøgren 2015-11-11 9:38 ` Uwe Brauer 0 siblings, 1 reply; 17+ messages in thread From: Adam Sjøgren @ 2015-11-10 21:41 UTC (permalink / raw) To: info-gnus-english Uwe writes: > This list of people with whom I communicate in S/MIME contains 8 > individuals, for opengpg there is just 1. The list of people I have communicated using PGP contains 3 individuals, for S/MIME the number is 0. This is not useful information. Best regards, Adam -- "It was called Tinderbox so we could make the joke, Adam Sjøgren 'the tree is on fire'. Puns are very important in asjo@koldfront.dk naming tools." _______________________________________________ info-gnus-english mailing list info-gnus-english@gnu.org https://lists.gnu.org/mailman/listinfo/info-gnus-english ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: S/MIME with OpenSSL? 2015-11-10 21:41 ` Adam Sjøgren @ 2015-11-11 9:38 ` Uwe Brauer 2015-11-11 16:12 ` Adam Sjøgren 0 siblings, 1 reply; 17+ messages in thread From: Uwe Brauer @ 2015-11-11 9:38 UTC (permalink / raw) To: info-gnus-english [-- Attachment #1.1: Type: text/plain, Size: 984 bytes --] >>> "Adam" == Adam Sjøgren <asjo@koldfront.dk> writes: > Uwe writes: >> This list of people with whom I communicate in S/MIME contains 8 >> individuals, for opengpg there is just 1. > The list of people I have communicated using PGP contains 3 individuals, > for S/MIME the number is 0. I presume these persons have some software knowledge. Did you try once to convince computer how shall I say illiterate to use encryption? Here is short table to show why it is much *easier* to use S/MIME for such people. | operations | S/MIME | PGP | |----------------------------+----------------------------+-----------------| | Inst of software | no; included | yes | | Installation of plugin | no; included | yes | | generation of keypair | no; ask for a certificate | yes | | interchange of public keys | simply send a sign message | yes interchange | [-- Attachment #1.2.1: Type: text/html, Size: 1619 bytes --] ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: S/MIME with OpenSSL? 2015-11-11 9:38 ` Uwe Brauer @ 2015-11-11 16:12 ` Adam Sjøgren 2015-11-12 9:31 ` Uwe Brauer 0 siblings, 1 reply; 17+ messages in thread From: Adam Sjøgren @ 2015-11-11 16:12 UTC (permalink / raw) To: info-gnus-english Uwe writes: > Did you try once to convince computer how shall I say illiterate to > use encryption? I learned a long time ago not to try and impose my preferences on other computer users. > operations S/MIME PGP > Inst of software no; included yes I think you have some hidden assumptions about what software is used here? Don't both S/MIME and PGP use external tools in Gnus? > Installation of plugin no; included yes Again, you must be assuming something about the software being used - Gnus has built in support for both, right? > generation of keypair no; ask for a yes > certificate This seems to be a negative for S/MIME: it is easy to generate a PGP key. How do you generate an S/MIME certificate? > interchange of public simply send a sign yes interchange > keys message I have never received or sent an S/MIME message, so it's hard to judge this one. Does it mean that every S/MIME message includes the public key of the sender? What prevents you from doing that with PGP-signed messages? I've set up Gnus/GnuPG to automatically fetch keys for every person I see a signature from, so there is nothing manual for me to do here. Best regards, Adam -- "Probabilistic algorithms don't appeal to me. (This Adam Sjøgren is a question of aesthetics, not practicality.) So asjo@koldfront.dk later, I figured out how to remove the probability and turn it into a deterministic algorithm." _______________________________________________ info-gnus-english mailing list info-gnus-english@gnu.org https://lists.gnu.org/mailman/listinfo/info-gnus-english ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: S/MIME with OpenSSL? 2015-11-11 16:12 ` Adam Sjøgren @ 2015-11-12 9:31 ` Uwe Brauer 2015-11-12 15:31 ` Adam Sjøgren 2015-11-12 19:20 ` S/MIME with OpenSSL? Peter Münster 0 siblings, 2 replies; 17+ messages in thread From: Uwe Brauer @ 2015-11-12 9:31 UTC (permalink / raw) To: info-gnus-english >>> "Adam" == Adam Sjøgren <asjo@koldfront.dk> writes: > Uwe writes: >> Did you try once to convince computer how shall I say illiterate to >> use encryption? > I learned a long time ago not to try and impose my preferences on other > computer users. This is not about impose, this is about practical matter. Suppose you want to interchange confidential information with someone outside the GNU/emacs world and that person has very little computer knowledge. For him/her pgp is a nightmare to install. Smime not. >> operations S/MIME PGP >> Inst of software no; included yes > I think you have some hidden assumptions about what software is used > here? Don't both S/MIME and PGP use external tools in Gnus? I am speaking here about software in general, almost all mail programs, thunderbird, evolution, kmail, outlook, whatever have smime support >> Installation of plugin no; included yes > Again, you must be assuming something about the software being used - > Gnus has built in support for both, right? Same comment. >> generation of keypair no; ask for a yes >> certificate > This seems to be a negative for S/MIME: it is easy to generate a PGP > key. How do you generate an S/MIME certificate? It is not easy to generate a pgp for an illiterate, trust me. You can generate a S/MIME certificate, but it will be self signed and therefore useless, most clients would refuse a message from someone with a self signed certificate. So you apply for certifcate which is signed by a root authority, in one of the dozen services like commodo, they provide with a class 1[1] certificate for one year.[2] >> interchange of public simply send a sign yes interchange >> keys message > I have never received or sent an S/MIME message, so it's hard to judge > this one. Does it mean that every S/MIME message includes the public key > of the sender? yes > What prevents you from doing that with PGP-signed messages? Again for most illiterate this is not obvious. For s/mime it is by design. > I've set up Gnus/GnuPG to automatically fetch keys for every person I > see a signature from, so there is nothing manual for me to do here. Again this is not as trivial as you think. An my fetch you mean from a keyserver where that person has uploaded his key I presume. > Best regards, > Adam Footnotes: [1] class 1 means only the email is verified not your identity. If you want that you have to pay. [2] this is of course the weak point of the whole model. If those services are breached, the security breaks down or can break down. _______________________________________________ info-gnus-english mailing list info-gnus-english@gnu.org https://lists.gnu.org/mailman/listinfo/info-gnus-english ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: S/MIME with OpenSSL? 2015-11-12 9:31 ` Uwe Brauer @ 2015-11-12 15:31 ` Adam Sjøgren 2015-11-13 18:55 ` Uwe Brauer 2015-11-12 19:20 ` S/MIME with OpenSSL? Peter Münster 1 sibling, 1 reply; 17+ messages in thread From: Adam Sjøgren @ 2015-11-12 15:31 UTC (permalink / raw) To: info-gnus-english Uwe writes: > This is not about impose, this is about practical matter. Sure. My point is that I don't want to tell people how to handle their email. > Suppose you want to interchange confidential information with someone > outside the GNU/emacs world and that person has very little computer > knowledge. For him/her pgp is a nightmare to install. Smime not. I understand that this is how you feel. You haven't convinced me this is the case. You just keep stating that it is. > >> operations S/MIME PGP > >> Inst of software no; included yes > > > I think you have some hidden assumptions about what software is used > > here? Don't both S/MIME and PGP use external tools in Gnus? > I am speaking here about software in general, almost all mail programs, > thunderbird, evolution, kmail, outlook, whatever have smime support I see. I have never heard of anyone (but you) using S/MIME with any of these programs. > > This seems to be a negative for S/MIME: it is easy to generate a PGP > > key. How do you generate an S/MIME certificate? > It is not easy to generate a pgp for an illiterate, trust me. You can > generate a S/MIME certificate, but it will be self signed and therefore > useless, most clients would refuse a message from someone with a self > signed certificate. So you apply for certifcate which is signed by a > root authority, in one of the dozen services like commodo, they provide > with a class 1[1] certificate for one year.[2] So, in my eyes, PGP is much easier here. I don't even know how to tell someone to "apply for a certificate signed by a root authority", much less how to get the certificate into their chosen email-program. But every "illiterate" computer user knows this? > > I've set up Gnus/GnuPG to automatically fetch keys for every person I > > see a signature from, so there is nothing manual for me to do here. > > Again this is not as trivial as you think. An my fetch you mean from a > keyserver where that person has uploaded his key I presume. It is literally one line of configuration. Much easier than "applying for a certificate signed by a root authority" - what so-called "illiterate" person even knows what those words mean, much less how to do it? Oh, and, ooops, that's exactly what you say the problem with creating a PGP key is. Maybe we should wrap this up, as both are, as far as I know, equally supported by Gnus, and so this is wandering off topic. Best regards, Adam -- "Lef ma nine imma Jeep" Adam Sjøgren asjo@koldfront.dk _______________________________________________ info-gnus-english mailing list info-gnus-english@gnu.org https://lists.gnu.org/mailman/listinfo/info-gnus-english ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: S/MIME with OpenSSL? 2015-11-12 15:31 ` Adam Sjøgren @ 2015-11-13 18:55 ` Uwe Brauer 2015-11-14 15:37 ` Trust and public keys (was: S/MIME with OpenSSL?) Jens Lechtenboerger 0 siblings, 1 reply; 17+ messages in thread From: Uwe Brauer @ 2015-11-13 18:55 UTC (permalink / raw) To: info-gnus-english >>> "Adam" == Adam Sjøgren <asjo@koldfront.dk> writes: > Uwe writes: >> This is not about impose, this is about practical matter. > Sure. My point is that I don't want to tell people how to handle their > email. I still don't understand. I say: I want to interchange encrypted mail with someone. I don't care whether it is gpg or smime, but my experience tells me it is easier for the other one to use smime. What has this to do with «imposing»? >> Suppose you want to interchange confidential information with someone >> outside the GNU/emacs world and that person has very little computer >> knowledge. For him/her pgp is a nightmare to install. Smime not. > I understand that this is how you feel. You haven't convinced me > this is the case. You just keep stating that it is. I cannot convince you, since you obviously have not had the same experience, good for you. > I see. I have never heard of anyone (but you) using S/MIME with any of > these programs. Oh, 99\% of the persons I am in contact with (not counting people on mailing lists on software issues like the gnus or auctex list etc) do not use Emacs but use either Apple mail, Thunderbird or outlook (or a webmail interface which is another matter). So if I want to interchange encrypted emails with them, I am faced between pgp or smime. Smime is included already in these programs, well that first step is therefore solved, no extra installation is needed. > So, in my eyes, PGP is much easier here. I don't even know how to tell > someone to "apply for a certificate signed by a root authority", much > less how to get the certificate into their chosen email-program. But > every "illiterate" computer user knows this? I explain that it a minute. It seems that you are not familiar with the issue of PKI https://en.wikipedia.org/wiki/Public_key_infrastructure or with smime https://en.wikipedia.org/wiki/S/MIME I don't want to write here a long explanation since this gets off topic easily. The main issue with asymmetric encryption is not encryption but authentication. In a nutshell: how can you be sure that the public key you obtain belongs to the person, it claims it belongs to? This is the famous man in the middle attack. The answer is to sign a public key and here PGP and SMIME take two very different approaches: - PGP creates a net of trust: there are key servers where you can upload your public keys so that it can be signed by people you trust. As a rule of the thumb: one should trust a public key if its signed by somebody one trusts or if this is not the case, trust a key which has a lot of signatures. One should never just use a public key which has been sent to him/her, since one cannot trust it. - SMIME has a hierarchical model: there are a dozen or so certificate authorities (CA) which can sign keys. Keys signed by these authorities have to be trusted 100 \%. All software mail programs I listed are configured such that public keys signed by these authorities are trusted. That is why it is unproblematic to send a public key by email, contrary to pgp. If you don't think that obtaining a certificate (a public key signed by a CA) is easy please visit https://www.comodo.com/home/email-security/free-email-certificate.php (This is just a site I know there are dozen others) Fill in name and email address, after a while you receive an email with a link, which after clicking on it[1] , does the following - if you (not you Adam, but you the generic user) use seamonkey the certificate is already installed and since seamonkey is basically firefox+thunderbird you are done. - if you are using firefox, the certificate is installed in firefox you have to export it and then to import it to your mail client thunderbird say or gpgsm/gnus - if you use safari, the certificate gets downloaded to your Desktop you double click and restart Apple mail and you are done. This is *not* easy? Installing pgp, a plugin and generating a pgp key is easier? Well if you think so then I cannot convince you. > It is literally one line of configuration. Much easier than "applying > for a certificate signed by a root authority" - what so-called > "illiterate" person even knows what those words mean, much less how to > do it? But this is a serious security risk (if not a breach) if you download a key without checking its signatures it before. See my comments above. > Oh, and, ooops, that's exactly what you say the problem with creating a > PGP key is. > Maybe we should wrap this up, as both are, as far as I know, > equally supported by Gnus, and so this is wandering off topic. This topic has turned to «what is easier to use SMIME or PGP», which came up in that tread, however in fact is not so relevant for the GNUS list and that is why it better to drop it here and to continue off-list if needed. Regards Uwe Footnotes: [1] (important: you must use the *same* browser on the *same* machine, you used for applying the certificate for that operation) _______________________________________________ info-gnus-english mailing list info-gnus-english@gnu.org https://lists.gnu.org/mailman/listinfo/info-gnus-english ^ permalink raw reply [flat|nested] 17+ messages in thread
* Trust and public keys (was: S/MIME with OpenSSL?) 2015-11-13 18:55 ` Uwe Brauer @ 2015-11-14 15:37 ` Jens Lechtenboerger 2015-11-15 21:07 ` Trust and public keys Uwe Brauer 2015-11-16 11:32 ` Trust and public keys Uwe Brauer 0 siblings, 2 replies; 17+ messages in thread From: Jens Lechtenboerger @ 2015-11-14 15:37 UTC (permalink / raw) To: info-gnus-english On 2015-11-13, at 18:55, Uwe Brauer wrote: > - PGP creates a net of trust: there are key servers where you can > upload your public keys so that it can be signed by people you > trust. As a rule of the thumb: one should trust a public key if > its signed by somebody one trusts or if this is not the case, > trust a key which has a lot of signatures. The number of signatures does not tell much. Attackers can create as many as they like. > One should never just > use a public key which has been sent to him/her, since one cannot > trust it. That depends on the scenario. If I know your “real” e-mail address, it does not hurt if I use a public key for that e-mail address that I just “found” (e-mail, key server, homepage). If an attacker, say Mallory, created that key in your name, Mallory would need to intercept all e-mails encrypted under that forged key and replace them with e-mails encrypted to your real key (or plaintext ones) to go undetected. I don’t think that ordinary human beings need to care about attackers of such power. Of course, if they did care, all they would need to do is verify key fingerprints via some out-of-band channel. No signatures required, but admittedly beyond the reach of “illiterate” users. (Besides, attackers that are able to replace encrypted e-mails should also be able to create S/MIME certificates for other people’s e-mail addresses.) > - SMIME has a hierarchical model: there are a dozen or so > certificate authorities (CA) which can sign keys. The color map at [0] shows about 650 of them. > Keys signed by these authorities have to be trusted 100 \%. Do you realize what you just said? With CAs, the positive term “trust” is misused to hide something else. “Having to trust” just does not make sense. I don’t trust CAs, for good reasons. Trust has to be earned. PKIs fail with the weakest link, and there are too many examples of broken links [1, 2, 3, 4, 5]. > All software mail programs I listed are configured such > that public keys signed by these authorities are > trusted. Please, do not misuse the term “trust”. I wrote about that in some detail elsewhere [6]. Best wishes Jens [0] https://www.eff.org/files/colour_map_of_cas.pdf [1] http://www.h-online.com/security/news/item/Trustwave-issued-a-man-in-the-middle-certificate-1429982.html [2] https://blog.mozilla.org/security/2013/12/09/revoking-trust-in-one-anssi-certificate/ [3] https://googleonlinesecurity.blogspot.com/2014/07/maintaining-digital-certificate-security.html [4] http://googleonlinesecurity.blogspot.de/2015/03/maintaining-digital-certificate-security.html [5] https://googleonlinesecurity.blogspot.com/2015/09/improved-digital-certificate-security.html [6] https://blogs.fsfe.org/jens.lechtenboerger/2013/12/23/openpgp-and-smime/ _______________________________________________ info-gnus-english mailing list info-gnus-english@gnu.org https://lists.gnu.org/mailman/listinfo/info-gnus-english ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: Trust and public keys 2015-11-14 15:37 ` Trust and public keys (was: S/MIME with OpenSSL?) Jens Lechtenboerger @ 2015-11-15 21:07 ` Uwe Brauer 2015-11-16 21:15 ` Jens Lechtenboerger 2015-11-16 11:32 ` Trust and public keys Uwe Brauer 1 sibling, 1 reply; 17+ messages in thread From: Uwe Brauer @ 2015-11-15 21:07 UTC (permalink / raw) To: info-gnus-english > On 2015-11-13, at 18:55, Uwe Brauer wrote: > The number of signatures does not tell much. Attackers can create > as many as they like. > That depends on the scenario. If I know your “real” e-mail address, > it does not hurt if I use a public key for that e-mail address that > I just “found” (e-mail, key server, homepage). > If an attacker, say Mallory, created that key in your name, Mallory > would need to intercept all e-mails encrypted under that forged key > and replace them with e-mails encrypted to your real key (or > plaintext ones) to go undetected. I don’t think that ordinary human > beings need to care about attackers of such power. > Of course, if they did care, all they would need to do is verify key > fingerprints via some out-of-band channel. No signatures required, > but admittedly beyond the reach of “illiterate” users. > (Besides, attackers that are able to replace encrypted e-mails should > also be able to create S/MIME certificates for other people’s e-mail > addresses.) I am bit confused by all the scenarios. Just to make that clear. If I had to communicate something really secret say with Ed Snowden, I would use of course use gpg[1] and not smime, , then I would try somehow to compare the fingerprints of the keys by some secure means (a secure chat). Now if you say that all the above scenarios are usually out of reach of «normal» attackers, I am curious to see what a security breach in a CA would really imply (see below) > The color map at [0] shows about 650 of them. Nice map, however on my laptop screen I cannot see much and understand what these colors mean, sorry. > Do you realize what you just said? With CAs, the positive term > “trust” is misused to hide something else. “Having to trust” just > does not make sense. C'mon, sigh, don't take this «literate». I just wanted to describe the basic concepts of smime. There are two type of certificates, self signed which are not to be trusted and those signed by a CA, these are trusted by the model. Whether you (the user) should trust them is another question. > I don’t trust CAs, for good reasons. Trust has to be earned. PKIs > fail with the weakest link, and there are too many examples of > broken links [1, 2, 3, 4, 5]. Ok, now let us play this to the end. Let us assume that a CA, say comodo is breached, now what does this imply?? When I apply for a certificate the private key is generated by the crypt module of my browser. Are you suggesting that this is also hacked? That indeed would be disastrous. Then indeed the intruder could obtain a copy of my private key and sell it to some sinister organisation. Or what else could the attacker do, and how long realistically would such a breach go on undetected? For months? > Please, do not misuse the term “trust”. I wrote about that in some > detail elsewhere [6]. I know. Again I just claimed that for the «normal» user, with moderate security demands smime is the easier solution, nothing more. Best Uwe Footnotes: [1] Among other things, with gpg I can generate a larger key say 4096 that with smime. _______________________________________________ info-gnus-english mailing list info-gnus-english@gnu.org https://lists.gnu.org/mailman/listinfo/info-gnus-english ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: Trust and public keys 2015-11-15 21:07 ` Trust and public keys Uwe Brauer @ 2015-11-16 21:15 ` Jens Lechtenboerger 2015-11-18 15:04 ` Uwe Brauer 0 siblings, 1 reply; 17+ messages in thread From: Jens Lechtenboerger @ 2015-11-16 21:15 UTC (permalink / raw) To: info-gnus-english On 2015-11-15, at 21:07, Uwe Brauer wrote: > If I had to communicate something really secret say with Ed Snowden, I > would use of course use gpg[1] and not smime, , > then I would try somehow to compare the fingerprints of the keys by some > secure means (a secure chat). > > Now if you say that all the above scenarios are usually out of reach of > «normal» attackers, That came out wrong, then. Part of my problem would be to figure out the “real” e-mail address of “Ed Snowden”. If you registered the fresh e-mail address “ed.snowden@gmail.com” and uploaded a matching key to usual keyservers, then I might fall for that. No special attack skills required. I don’t know too much about CAs that issue e-mail certificates for free. However, based on your description of Comodo I guess that you could also obtain an S/MIME certificate in the above case (for ed.snowden@gmail.com after registering that address). So the “trust” built into S/MIME seems worthless. > When I apply for a certificate the private key is generated by the crypt > module of my browser. Are you suggesting that this is also hacked? That > indeed would be disastrous. Then indeed the intruder could obtain a copy > of my private key and sell it to some sinister organisation. For me as malicious CA (or intruder into a CA) there is no reason to steal the private key as I could generate a certificate with matching private key in your name for your e-mail address, which is “trusted”. Then I could send signed e-mails in your name. That alone might get you into trouble, but you might receive responses that alert you about some ongoing attack. If I was a powerful attacker, able to replace e-mails on the way, I could additionally re-encrypt (modified) responses to your real certificate (or drop messages entirely), and you would never know I was there. If I cannot replace e-mails on the way, I can still send “trusted” signed e-mails in your name and tell the recipients to switch to different e-mail addresses with “trusted” certificates. Then, again, I can re-encrypt responses to your real certificate and e-mail address. Best wishes Jens _______________________________________________ info-gnus-english mailing list info-gnus-english@gnu.org https://lists.gnu.org/mailman/listinfo/info-gnus-english ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: Trust and public keys 2015-11-16 21:15 ` Jens Lechtenboerger @ 2015-11-18 15:04 ` Uwe Brauer 2015-11-19 17:05 ` Jens Lechtenboerger 0 siblings, 1 reply; 17+ messages in thread From: Uwe Brauer @ 2015-11-18 15:04 UTC (permalink / raw) To: info-gnus-english > On 2015-11-15, at 21:07, Uwe Brauer wrote: > That came out wrong, then. Part of my problem would be to figure > out the “real” e-mail address of “Ed Snowden”. If you registered > the fresh e-mail address “ed.snowden@gmail.com” and uploaded a > matching key to usual keyservers, then I might fall for that. No > special attack skills required. Correct but this applies to smime and gpg. > I don’t know too much about CAs that issue e-mail certificates for > free. However, based on your description of Comodo I guess that you > could also obtain an S/MIME certificate in the above case (for > ed.snowden@gmail.com after registering that address). So the > “trust” built into S/MIME seems worthless. For class 1 certificate yes, for class 2 not, there you have to show up (and to pay.) > For me as malicious CA (or intruder into a CA) there is no reason to > steal the private key as I could generate a certificate with > matching private key in your name for your e-mail address, which is > “trusted”. Then I could send signed e-mails in your name. That > alone might get you into trouble, but you might receive responses > that alert you about some ongoing attack. If I was a powerful > attacker, able to replace e-mails on the way, I could additionally > re-encrypt (modified) responses to your real certificate (or drop > messages entirely), and you would never know I was there. > If I cannot replace e-mails on the way, I can still send “trusted” > signed e-mails in your name and tell the recipients to switch to > different e-mail addresses with “trusted” certificates. Then, > again, I can re-encrypt responses to your real certificate and > e-mail address. But in all of these scenarios you need to hack the email account. It is not sufficent just to use a linux smptmail server and manipulate the form field. You also have to intercept the reply. I don't see much of a difference between - the pgp scenario: to place a falsified pgp key on a server - the smime scenario: to crack a smime certificate by breaching a CA (which is more difficult that placing a falsified pgp key). Best Uwe Again the question was is smime easier to use. _______________________________________________ info-gnus-english mailing list info-gnus-english@gnu.org https://lists.gnu.org/mailman/listinfo/info-gnus-english ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: Trust and public keys 2015-11-18 15:04 ` Uwe Brauer @ 2015-11-19 17:05 ` Jens Lechtenboerger 2015-11-22 18:09 ` [smime and gpg] (was: Trust and public keys) Uwe Brauer 0 siblings, 1 reply; 17+ messages in thread From: Jens Lechtenboerger @ 2015-11-19 17:05 UTC (permalink / raw) To: info-gnus-english On 2015-11-18, at 15:04, Uwe Brauer wrote: > > That came out wrong, then. Part of my problem would be to figure > > out the “real” e-mail address of “Ed Snowden”. If you registered > > the fresh e-mail address “ed.snowden@gmail.com” and uploaded a > > matching key to usual keyservers, then I might fall for that. No > > special attack skills required. > > Correct but this applies to smime and gpg. I’ll refer to this point below. > [...] > > For me as malicious CA (or intruder into a CA) there is no reason to > > steal the private key as I could generate a certificate with > > matching private key in your name for your e-mail address, which is > > “trusted”. Then I could send signed e-mails in your name. That > > alone might get you into trouble, but you might receive responses > > that alert you about some ongoing attack. If I was a powerful > > attacker, able to replace e-mails on the way, I could additionally > > re-encrypt (modified) responses to your real certificate (or drop > > messages entirely), and you would never know I was there. > > > If I cannot replace e-mails on the way, I can still send “trusted” > > signed e-mails in your name and tell the recipients to switch to > > different e-mail addresses with “trusted” certificates. Then, > > again, I can re-encrypt responses to your real certificate and > > e-mail address. > > But in all of these scenarios you need to hack the email account. It is > not sufficent just to use a linux smptmail server and manipulate the > form field. You also have to intercept the reply. No, please re-read the paragraph starting with: “If I cannot replace” > I don't see much of a difference between > > - the pgp scenario: to place a falsified pgp key on a server > > - the smime scenario: to crack a smime certificate by breaching a > CA (which is more difficult that placing a falsified pgp key). I agree to your above statement “Correct but this applies to smime and gpg.” Thus, I consider the following attacks to be comparable: Upload some OpenPGP key and register some S/MIME certificate. However, newbies are warned not to trust downloaded OpenPGP keys, while I’m not aware of similar warnings for “trusted” (signed) S/MIME certificates. > Again the question was is smime easier to use. No. The question was whether someone on this list uses S/MIME with OpenSSL and would object to a change of defaults to epg. The current topic is “Trust and public keys.” I changed that in response to your e-mail where you stated: “Keys signed by these authorities have to be trusted 100 \%.” The ensuing discussion helped me to see clearer: There are S/MIME certificates that have been issued without checks (except ability to receive e-mail), which I find ridiculous given the goal of certification. The situation is even worse than I thought initially. Best wishes Jens _______________________________________________ info-gnus-english mailing list info-gnus-english@gnu.org https://lists.gnu.org/mailman/listinfo/info-gnus-english ^ permalink raw reply [flat|nested] 17+ messages in thread
* [smime and gpg] (was: Trust and public keys) 2015-11-19 17:05 ` Jens Lechtenboerger @ 2015-11-22 18:09 ` Uwe Brauer 0 siblings, 0 replies; 17+ messages in thread From: Uwe Brauer @ 2015-11-22 18:09 UTC (permalink / raw) To: info-gnus-english >>> "Jens" == Jens Lechtenboerger <jens.lechtenboerger@fsfe.org> writes: > On 2015-11-18, at 15:04, Uwe Brauer wrote: >> Correct but this applies to smime and gpg. > I’ll refer to this point below. >> [...] > No, please re-read the paragraph starting with: “If I cannot replace” So you are talking only about evil clear signed messages, which are sent by some smtpmail hacking, say in my name. Well this does not pass the reality check in my experience. People usually do not check clear signed messages, that is they do not check whether an un encrypted message is signed or not. They tend to check whether *encrypted* mails are signed. Now in order that the attacker sends an evil *encrypted and signed* message say in my name, to Joe Foo, this attacker needs the public key of Joe Foo. However in the smime model he usually cannot download that key from some server but has to interchange with Joe Foo smime signed messages (which include the public keys) so either at the end he needs to hack my mail account or obtain that key by some other more complicated (social) attacks. In order to do something similar in gpg the attacker needs to hack directly my account where I have my private gpg keys installed. Well. >> I don't see much of a difference between >> >> - the pgp scenario: to place a falsified pgp key on a server >> >> - the smime scenario: to crack a smime certificate by breaching a >> CA (which is more difficult that placing a falsified pgp key). > I agree to your above statement “Correct but this applies to smime > and gpg.” Thus, I consider the following attacks to be comparable: > Upload some OpenPGP key and register some S/MIME certificate. Agreed. > However, newbies are warned not to trust downloaded OpenPGP keys, > while I’m not aware of similar warnings for “trusted” (signed) > S/MIME certificates. Well most users I know are not over--enthusiastic about applying for a free certificate from a organisation they barely know[1], but in practise I tell them I will send them a signed message in 5 minutes which contains my public key. So they do not over trust that model and accept every key from everybody without thinking. But again my scenario is about having a on the fly encryption which works without much hassle for the newbies. A question I really would like to ask Edward Snowden is what he thinks about smime and whether NSA and friends have backdoors installed. >> Again the question was is smime easier to use. > No. The question was whether someone on this list uses S/MIME with > OpenSSL and would object to a change of defaults to epg. Right, the original question was that, but I made a point about the simplicity of the smime model. > The current topic is “Trust and public keys.” I changed that in > response to your e-mail where you stated: “Keys signed by these > authorities have to be trusted 100 \%.” Again by the model, not as an recommendation or a moral advice. > The ensuing discussion helped me to see clearer: There are S/MIME > certificates that have been issued without checks (except ability to > receive e-mail), which I find ridiculous given the goal of > certification. The situation is even worse than I thought > initially. Well you could go for a class 2 certificate.[2] But I admit I also learnt something about gpg: it is not as safe as I thought, since it seems to difficult to identify trusted public keys from a server. Best Uwe Footnotes: [1] and they are even worried that this organisation keeps a copy of their private key. That however I have checked, and seems not to happen with Comodo, I don't know the other organisations. [2] actually I don't know anybody who posses such a certificate. _______________________________________________ info-gnus-english mailing list info-gnus-english@gnu.org https://lists.gnu.org/mailman/listinfo/info-gnus-english ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: Trust and public keys 2015-11-14 15:37 ` Trust and public keys (was: S/MIME with OpenSSL?) Jens Lechtenboerger 2015-11-15 21:07 ` Trust and public keys Uwe Brauer @ 2015-11-16 11:32 ` Uwe Brauer 1 sibling, 0 replies; 17+ messages in thread From: Uwe Brauer @ 2015-11-16 11:32 UTC (permalink / raw) To: info-gnus-english [+] > On 2015-11-13, at 18:55, Uwe Brauer wrote: > The number of signatures does not tell much. Attackers can create > as many as they like. [+] > That depends on the scenario. If I know your “real” e-mail address, > it does not hurt if I use a public key for that e-mail address that > I just “found” (e-mail, key server, homepage). > If an attacker, say Mallory, created that key in your name, Mallory > would need to intercept all e-mails encrypted under that forged key > and replace them with e-mails encrypted to your real key (or > plaintext ones) to go undetected. I don’t think that ordinary human > beings need to care about attackers of such power. > Of course, if they did care, all they would need to do is verify key > fingerprints via some out-of-band channel. No signatures required, > but admittedly beyond the reach of “illiterate” users. > (Besides, attackers that are able to replace encrypted e-mails should > also be able to create S/MIME certificates for other people’s e-mail > addresses.) I am bit confused by all the scenarios. Just to make that clear. If I had to communicate something really secret say with Ed Snowden, I would use of course use gpg[1] and not smime, , then I would try somehow to compare the fingerprints of the keys by some secure means (a secure chat). Now if you say that all the above scenarios are usually out of reach of «normal» attackers, I am curious to see what a security breach in a CA would really imply (see below) [+] > The color map at [0] shows about 650 of them. Nice map, however on my laptop screen I cannot see much and understand what these colors mean, sorry. [+] > Do you realize what you just said? With CAs, the positive term > “trust” is misused to hide something else. “Having to trust” just > does not make sense. C'mon, sigh, don't take this «literate». I just wanted to describe the basic concepts of smime. There are two type of certificates, self signed which are not to be trusted and those signed by a CA, these are trusted by the model. Whether you (the user) should trust them is another question. [+] > I don’t trust CAs, for good reasons. Trust has to be earned. PKIs > fail with the weakest link, and there are too many examples of > broken links [1, 2, 3, 4, 5]. Ok, now let us play this to the end. Let us assume that a CA, say comodo is breached, now what does this imply?? When I apply for a certificate the private key is generated by the crypt module of my browser. Are you suggesting that this is also hacked? That indeed would be disastrous. Then indeed the intruder could obtain a copy of my private key and sell it to some sinister organisation. Or what else could the attacker do, and how long realistically would such a breach go on undetected? For months? [+] > Please, do not misuse the term “trust”. I wrote about that in some > detail elsewhere [6]. I know. Again I just claimed that for the «normal» user, with moderate security demands smime is the easier solution, nothing more. Best Uwe Footnotes: [1] Among other things, with gpg I can generate a larger key say 4096 that with smime. _______________________________________________ info-gnus-english mailing list info-gnus-english@gnu.org https://lists.gnu.org/mailman/listinfo/info-gnus-english ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: S/MIME with OpenSSL? 2015-11-12 9:31 ` Uwe Brauer 2015-11-12 15:31 ` Adam Sjøgren @ 2015-11-12 19:20 ` Peter Münster 2015-11-13 18:21 ` Uwe Brauer 1 sibling, 1 reply; 17+ messages in thread From: Peter Münster @ 2015-11-12 19:20 UTC (permalink / raw) To: info-gnus-english On Thu, Nov 12 2015, Uwe Brauer wrote: > Suppose you want to interchange confidential information with someone > outside the GNU/emacs world and that person has very little computer > knowledge. For him/her pgp is a nightmare to install. I've guided 3 such persons through GPG utilisation. They use seahorse and thunderbird: easy, no nightmare. (Just my personal experience...) -- Peter ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: S/MIME with OpenSSL? 2015-11-12 19:20 ` S/MIME with OpenSSL? Peter Münster @ 2015-11-13 18:21 ` Uwe Brauer 0 siblings, 0 replies; 17+ messages in thread From: Uwe Brauer @ 2015-11-13 18:21 UTC (permalink / raw) To: info-gnus-english >>> "Peter" == Peter Münster <pmlists@free.fr> writes: > On Thu, Nov 12 2015, Uwe Brauer wrote: >> Suppose you want to interchange confidential information with someone >> outside the GNU/emacs world and that person has very little computer >> knowledge. For him/her pgp is a nightmare to install. > I've guided 3 such persons through GPG utilisation. They use seahorse > and thunderbird: easy, no nightmare. (Just my personal experience...) Linux or windows or mac users? Thunderbird+ is the easiest option, apple mail is a little harder, outlook seems even more so. Did you try smime also? I am just curious. _______________________________________________ info-gnus-english mailing list info-gnus-english@gnu.org https://lists.gnu.org/mailman/listinfo/info-gnus-english ^ permalink raw reply [flat|nested] 17+ messages in thread
end of thread, other threads:[~2015-11-22 18:09 UTC | newest] Thread overview: 17+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2015-11-08 16:15 S/MIME with OpenSSL? Jens Lechtenboerger 2015-11-10 16:42 ` Uwe Brauer 2015-11-10 21:41 ` Adam Sjøgren 2015-11-11 9:38 ` Uwe Brauer 2015-11-11 16:12 ` Adam Sjøgren 2015-11-12 9:31 ` Uwe Brauer 2015-11-12 15:31 ` Adam Sjøgren 2015-11-13 18:55 ` Uwe Brauer 2015-11-14 15:37 ` Trust and public keys (was: S/MIME with OpenSSL?) Jens Lechtenboerger 2015-11-15 21:07 ` Trust and public keys Uwe Brauer 2015-11-16 21:15 ` Jens Lechtenboerger 2015-11-18 15:04 ` Uwe Brauer 2015-11-19 17:05 ` Jens Lechtenboerger 2015-11-22 18:09 ` [smime and gpg] (was: Trust and public keys) Uwe Brauer 2015-11-16 11:32 ` Trust and public keys Uwe Brauer 2015-11-12 19:20 ` S/MIME with OpenSSL? Peter Münster 2015-11-13 18:21 ` Uwe Brauer
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).