Thunderbird and OpenPGP - Autocrypt

holger krekel holger at merlinux.eu
Mon Dec 9 14:46:02 UTC 2019


Hi Magnus,

On Mon, Dec 09, 2019 at 12:32 +0200, Magnus Melin wrote:
> On 2019-12-08 19:10, holger krekel wrote:
> >Beides, if you can hack the likes of Gmail, Proton Mail, Posteo or Riseup, and do
> >very targeted MITM attacks against intelligently selected users, then you can probably
> >much more easily directly hack the phone/device of your target and get everything,
> >not just the cleartext of some mails.
> 
> You did hear about Snowden, right? ;)

Snowden majorly contributed to my being involved with this quagmire that is 
e-mail encryption -- i'd otherwise have an easier life with lots more money ;) 

> Anyway, I do think we need to design it so that the e2e encryption is secure
> even for the case where it would become the norm, and relevant
> agencies/governments would actually be interested in breaking that security.
> It's an unfortunate reality probably the majority in people world live under
> circumstances where it would not be at all out of question to have all the
> residents' traffic MITM attacked this way. The "targeted MITM attacks" could
> simply be 100% of users in a region.

If MITM becomes the norm, then circumventing probably leads to a not-so-nice
visit from state authorities. Take Iran for a example where activists
requested to be able to disable encryption, in order to avoid being easily 
flagged as suspicious. We've had such requests from another crisis region
a year ago.  These worries are quite different worries from achieving
Snowden-quality dev ops security. 

Anyway, if you are set to provide a workable UX for countering MITM-attacks,
then please at least skim the "When Signal hits the fan" slides (simulated 
MITM attack against 28 users -- not representative but the best we have ASFAIK):
https://eurousec.secuso.org/presentations/WhenSignalHitsFan.pdf

Three years ago, we used such research findings to inform our countmitm work.
So I am really with you when it comes to wanting to do something against
MITM, and i continue to invest efforts into it. But requiring to
consent/deal with keys is a hindrance to addopting e-mail encryption at
all. Better wording or icons are unlikely to help much. 

Please also don't forget here that people want to use mail apps on their phones, 
side by side Thunderbird.  This means that one might have a key
associated with an e-mail address but not want to receive encrypted
e-mail by default, because it'd be unreadable on the mobile device.  
There thus needs to be a way to tell the other side "use encryption only when
really needed" because otherwise the resulting frustration leads to
dropping the whole damn thing, and TB/encryption getting a bad name. 

I know this sounds difficult if your stance is "encrypt whenever you
can" -- but if eagerly encrypting leads to people dropping the concept
alltogether, then you have just made them vulnerable to *passive* data
collection attacks which are actually real and reported (see Snowden's PRISM etc.). 

best,
holger


More information about the tb-planning mailing list