September 07, 2006

The one secure mode; Thunderbird would meet Kerckhoffs' 6th; and how easy it is to make it secure...

While on the conjunction of Mozo tools and security, woeful or otherwise ... a month or so back I used Thunderbird as a foil to introduce a hypothesis (which you can call a law when I'm dead):

* There is only one mode, and it's secure. *

Predictably, most people thought I was grumbling "about Thunderbird", when in fact I was grumbling about the brain-dead insecurity known as PKI.

Unfortunately, Thunderbird has a great name, but the security thing it follows does not. The absolutely dire architecture loosely and variously known as S/MIME or x.509 identity certificates, as applied to email, provides a textbook case of how a system breaches Kerckhoffs' 6th law -- that the system should be usable -- and therefore is bypassed by the users. As this is his most important law by far (by simple economic proof, if you wish to demur) the system is insecure, and the 5 lesser Kerckhoffs do not enter into the discussion.

I also pointed out that I had two newbies up and going in 3 minutes flat with Skype - both with next to no help (over some other chat thing like ICQ). So let's call that the benchmark for a superlative security solution that meets Kerckhoffs' 6th law.

Which leads me to last night's observation - Jimbo, a moderately experienced computer person, downloaded, installed and was sending and receiving email with Thunderbird within 10 minutes. "Less probably," he says, which was welcome relief after debugging what turned out to be an Microsoft Outlook failure brought on by a re-install of Microsoft Office. About an hour, times two, wasted, but at least we got another Tbird flying in <10mins.

From which we can conclude that Thunderbird is in the ballpark, that's actually a good result, albeit with no security. We could suggest that Thunderbird would potentially meet Kerckhoffs' 6th if it could boot up in some sort of quasi-secure mode (even though it and every other mailer won't meet my hypothesis and probably never will, due to the tired and aged infrastructure of email).

So, why is this important? Well, it's important because there are some relatively simple fixes to put in that would bring an x.509 identity based mail agent closer to being in line with modern security thinking (if we can stretch the point with the late19th century).

Here they are:

  1. The client creates a self-signed key/cert for every account.
    • Automatically, no questions asked, user not told.
    • The self-singed cert is marked "mail encryption only" to distinguish it from "person signing."
  2. All mails are sent out signed&cert attached, by default.
  3. Mails incoming are scanned for clues - certs - as to whether encryption can be used.
  4. Those recipients for whom we have certs are sent encrypted email.
  5. If an encrypted email is sent or received, colour it pretty. Reward the user. Not that funny little icon, but something much better.

The key is to be opportunistic, pun intended. By creating and adding the missing key, we bootstrap from nothing -- insecure comms -- to a security level which is good-enough-for-most-folks.

Let's step back and put this in context. The above simple crypto mechanism is better than the alternate as it encrypts when it can. The alternate is nothing, recall. Yet, some might say that it is worse than the PKI alternate, to which I say: comparing real world user comms -- email in flight -- to some paper ideal is an irrelevant comparison.

Keep in mind that the alternate is no crypto email, due to the immutable K6. If however you are one of those unfortunate souls locked in the world of PKI, and/or to die in the attempt, this method comes with an added bonus:

  1. It's ok to point out that the opportunistic key is a self-signed, non-identified cert.
  2. Allow easy replacement of the opportunistic key!
  3. It would be ok to provide a link there to *upgrade* the cert to something better.

I don't want to stress the last point, above. Perhaps that's because I audit a CA in my spare time (can you say conflict of interest?), or perhaps because I have a fairly pessimistic view of the ability of the players to deliver something the market wants. Or perhaps I don't want to encourage software suppliers to do yet more secret deals with yet more opaque partners which users can't control or even have reasonable security expectations about? Who knows...

But, notwithstanding all the above, points 1 thru 5 will approximately deliver a startup that gets a Thunderbird client into something like secure comms some of the time. And once something like that is done, there are plenty of ways to *improve* that to get more crypto, more of the time, more securely.

I wonder if it could be done with a plugin?

Posted by iang at September 7, 2006 05:45 PM | TrackBack

There is a further benefit to the idea of TBird (for example) quietly encrypting email to/from encryption enabled correspondents.

With the current low percentage of encryption enabled email, encrypting your mail is like waving a big red banner that says, "Keep an eye on me! I'm a dangerous intellectual (at the very least)". Quietly, and innocently, increasing the percentage of encrypted traffic, would get us closer to the same traditionally legitimate privacy of the paper envelope.

Posted by: Hasan at September 8, 2006 09:26 AM

This idea sounds like a good candidate for a Mozilla labs project. You may wish to consider adding it to the "Labs Ideas" page (

Posted by: Frank Hecker at September 10, 2006 11:58 AM

I applaud the design simplicity you describe. Its like the simplicity in Key2Mail, or corproate email security solution.
However, we even avoid the PKI processes, yet still maintain end to end email confidentiality/assurance, while allowing the corporate entity (not the individual) to maintain control of the business' email content, something your model doesn't permit (not does PGP, S/MIME et al).


Posted by: Lyal Collins at September 12, 2006 05:33 PM
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.