[ On Thursday, January 13, 2005 at 08:48:39 (+0100), Jan-Peter Koopmann wrote: ]
> Subject: RE: [exim] Securing Email for the prying eyes of any government
>
> And of course you have a totally differrent approach that will work in
> real life with all companies, does not use signatures, detects 100% of
> all viruses while letting pass all wanted attachments...
Yeah, it's called a security policy.
> What is the
> product called again? Utopia 2005 Second Edition?
No, it's usually implemented primarily by an auditor with a big stick.
(though appropriate selection of technology helps ease the pain)
> When they detect viruses they do solve a problem.
No, they do not solve any problem -- they merely mask one tiny aspect of
the real problems.
> It was you who then suggested that real security can only be
> achieved by using complete end-to-end security. That contradicts what
> you are saying now.
Huh? No, I've never strayed from saying end-to-end security through the
likes of PGP or S/MIME is the only real solution for the problem we're
discussing in this thread.
> My definition of end-to-end is from one MUA to the
> other not from one MTA to the other MTA.
Mine too.
> In case of Exchange the
> decryption then must take place on the client side which again makes
> virus scanning gateways obsolete.
Exactly.
Keeping all e-mail from the prying eyes of any government requires,
amongst other things, good MUA-to-MUA security using public key
cryptography. Other mechanisms _can_ take over once the mail has been
received (and successfully decrypted).
> Ok. Then enlighten me. Scenario:
>
> Company A needs to securely communicate with other companies over public
> networks. You are saying only real end-to-end security is up to the
> task. They choose to use PGP to secure their e-mail. Of course the
> decrypted mails should not be stored anywhere on the server or the
> client machine for obvious security reasons. Since ADKs are the
> antithesis you do not use them. Now one key accounter was either killed
> in an accident or was fired. Therefore he is not capable/willing of
> telling anyone his passphrase. The company needs to access his mails
> since technically they belong to the company and not to the person. What
> next? How - withouth advanced decryption keys - will you achieve this?
Any company that gets themselves into that scenario deserves what they
get. It should never happen that way in the first place.
Remember we're talking about keeping e-mail from the prying eyes of any
government. We seem to agree that goal requires public key
cryptography, e.g. as implemented by PGP. This goal also requires that
there be no use of key escrow technology (which could of course be
subverted by powerful enemies such as a government). So far so good.
However if the company security policies don't solve your proposed
dilema properly before it becomes a problem then their policies are
inadequate. There are many possible solutions that would work quite
well. None compromise the end-to-end security of e-mail transactions
over public networks. In fact there are so many possible viable
solutions it's pointless for me to bother describing any one or any few
since the appropriateness of any given choice depends almost entirely on
the precise goals, security, and privacy, needs inside the company in
question.
(You could pay my going rate to help analyze the risks, threats, and
requirements and help write a suitable security policy of course. :-)
> If a company sets up advanced decryption keys, how exactly is that a
> back-door for the government?
If you haven't figured that out yet then take a look at the real world
again! ;-)
--
Greg A. Woods
H:+1 416 218-0098 W:+1 416 489-5852 x122 VE3TCP RoboHack <woods@???>
Planix, Inc. <woods@???> Secrets of the Weird <woods@???>
