[Gpg4win-users-en] S/MIME vs. OpenPGP

[David Kronlid]

It's interesting to read your discussion. Don't underestimate the "users",
they tend to be very highly motivated to learn. The ones that aren't,
generally stop being users within a month from trying out encrypted mail
because it's too complicated if you don't have an interest in learning.

In my personal opinion as a technically interested user, S/MIME is very
good for companies and organisations that have to encrypt mail within the
organisation. The IT technicians can create certificates, verify that a
person really is an employee/member, and check their ID-card when they hand
out the certificate. If someone ends their employment the IT people can
revocate the certificate. If someone from company A want to communicate
encrypted to someone from company B, and both companies use S/MIME and have
good control over their certificate distribution, Anna from AT&T can really
know with 99,9% probability that she is communicating with Bob from
Bombardier.

However with S/MIME, for normal users from small companies or private users
there is no way of knowing for sure that we communicate with the right
person. The only way of knowing for sure is if we meet the person in
person, and tell each other which email address we use and exchange keys or
identification strings of a key uploaded to some server. With S/MIME
certificate creation the only thing the CA's verify from normal users is
the email address. But they don't verify who is using it, or if the email
address has been stolen, or if the email address ever has belonged to the
right person. So it really doesn't give any sense of extra security over
OpenPGP for normal users.

That's why I prefer OpenPGP personally, I don't get any false sense of
security when I communicate with normal users. I only trust the
certificate/key after I met the persons in real life anyway so although
S/MIME is good for others it gives me nothing extra that OpenPGP hasn't
given me for a long time already.

The thing I don't like with OpenPGP is the "recently" implement WOT system.
Just like the S/MIME system with global CA's it gives a false sense of
security and really makes me trust OpenPGP less as it shows that the
persons in charge of OpenPGP don't think things through before they
implement new things. In my opinion most people that sign other persons
keys aren't suited to do so, either because they aren't technically
advanced enough or don't know enough about the other person's key creation
process and safekeeping of key/password, or because they don't know the
person well enough. Sometimes key signing is also done on special key
signing gatherings, and the persons key you sign could as well be the key
of a spy/agent or a criminal trying to impersonate another person by using
a false ID. The persons that sign a key also gets an eternally long
connection to the other person, which probably doesn't matter as long as
either of you doesn't get into court. But the moment a person gets into
legal problems, the people they have key signings with will automatically
be seen as possible crime accomplices just like real life colleagues and
friends.
I'll give a realistic but very unlikely example: What if a TV personality
called Anthony has key signing relations with 30 other persons and then one
day happens to be caught with "his fingers in a cookie jar" in some way,
for example the police finds out that he has one million child porn
pictures on his laptop and some policeman sells the story to the national
news and returns home that night with 100000€ in a bag. The day after
Anthony is all over the news, and a couple of million people do searches on
his name on the Internet. Thousands or maybe tens of thousands will
possibly try to find his email address in order to send hate messages to
him. Then some people start speculations on an Internet forum about him
being part of a larger network of pedophiles and lists all the persons he
has had some kind of encrypted relations/communications with. And you
happen to be one of all the people who signed his key. Then the information
spreads on other forums and Facebook, and finally makes it to the news that
you are part of this big child porn network. Then the hate mail start
arriving, maybe you don't get 10000 like Anthony but possibly 100 hate
mails and some anti pedophile graffiti on your front door.

Unfortunately this is a realistic example of what might happen because of
the WOT system. But in reality your only connection with him was that you
signed his key on a key signing party. Others just falsely accused you
because there was proof that you had some kind of encrypted relations with
an alleged pedophile that was all over the news and they assumed that
someone who commits crime prefers encrypted communications.

Besides with the WOT, anyone can impersonate anyone by creating fake email
address and associate keys with these. For example one could create a key
and email impersonating Merkel and having it signed by Obama and Putin to
make it look more trustworthy. This could easily be done by spies in order
to have people send important information to the wrong person.

To sum up, I prefer OpenPGP for normal users but the current WOT system is
really bad and should be abandoned. The only way I can think of where a WOT
system would really work is if the closest relatives of every person signed
the keys. That would be the only way I can think of to really know if a
person is who he says he is on a global scale. However it would only work
well if enough people in the world signed the keys of their relatives so
that the chain would be complete, and the few people without any living
relatives would need another solution. So a good WOT isn't easily feasible
in reality even if it's theoretically possible to have a Web Of Trust to
actually give some trust.
Den 9 sep 2014 09:05 skrev "Bernhard Reiter" <bernhard at intevation.de>:

> On Monday 08 September 2014 at 16:02:42, Werner Koch wrote:
> > On Mon,  8 Sep 2014 09:58, bernhard at intevation.de said:
> > However. in practise CRLs do not work on a global scale.
>
> There are a number of working examples, but I agree that they have
> problems.
> Especially since nss (from mozilla) does not enable them by default
> (AFAIR).
>
> We came from the question what the use of dirmngr is, I just tried to
> explain
> it: There are a number of nicely working real world examples where dirmngr
> does the crl checks just fine, so validity information is quite current and
> minimally requested over the wire.
>
> > > Of course someone could run a similiar service for OpenPGP's
> > > certificates, but this is less frequently done.-
> >
> > You have the numbers?  I can only guess.  Broken CRLs often go
> > undetected for weeks but when I released a GnuPG version with a bug in
> > --refresh-keys it took only hours for people to detect that.
>
> Educating guessing, just like you.
>
> > > The result of the usage of web of trust that I've seen is that it is
> very
> > > hard to find certificates of communication partners that you rarely
> > > communicate with.
>
> > So what?  You need a trusted communication channel to someone you don't
> > know?  No key validation scheme will help you here.  Without having an
> > established trust connection to your peer you won't send him
> > confidential data anyway.
>
> People do this all the time, though. Usually is it someone you know and you
> want to establish that the certificate belongs to this person (with a good
> chance).
>
> > Similar to keyservers an LDAP does give you any hin on the validity
> > (trust) of the key (certifciate).
>
> Does not... yes.
>
> > > I guess we both agree that the currently used systems need a lot of
> > > improvements.
> >
> > S/MIME is broken by design because it has been build on the assumption
> > of a global directory (X.500 the global directory of the X.400 mail
> > system).  This global directory does not exists and thus S/MIME requires
> > dozens of sometimes contradicting workarounds and a lot of hand waving.
>
> I agree that the overall design never worked out. It also does not make too
> much sense to me, because I want people to have aliases, so they can keep
> multiple identities. Still S/MIME is in use and where it is used in an okay
> way, it provides reasonable end-to-end security.
>
> > OpenPGP steps that all aside and does not define any infrastructure.
> > Nevertheless the keyservers came to life and are still the easiest way
> > to find a key for a mail address and to upload a revocation.
>
> In my humble opinion, the usability of this OpenPGP mechanism is worse than
> the mechanism of S/MIME right now. But we need to understand this in order
> to
> improve OpenPGP (or other solutions), so I think it is okay to speak openly
> about it. Your STEED proposal also addresses this point.
>
> Anyway, I think that we should take this discussion to a different place,
> this is a users list after all. ;)
>
> Best Regards,
> Bernhard
>
> --
> www.intevation.de/~bernhard (CEO)    www.fsfe.org (Founding GA Member)
> Intevation GmbH, Osnabrück, Germany; Amtsgericht Osnabrück, HRB 18998
> Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
>
> _______________________________________________
> Gpg4win-users-en mailing list
> Gpg4win-users-en at wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/gpg4win-users-en
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20140909/a1bde219/attachment.html>