Saturday, 7 March 2015

A&A and PGP

We use PGP a lot already but I think we can do more - and I am interested in views on what we need to do.

For a start, I think all automated and even staff emails (e.g. ticket replies) from the company should be signed. We already have a system of staff keys signed by the company (which I control personally as owner/director).

At present accounting emails are signed, and some staff emails are but most are not.

But we need to go further.

My thought is that we need a way for customers to register that they want encrypted emails as standard and register key and email address.

Then, all automated and ticket manages emails should not only sign emails but encrypt, even including things like call recordings from our VoIP systems.

I suspect we need to work out the top level registration system first, then we can work system by system to ensure emails signed and, where requested, encrypted.

But ideas welcome.

12 comments:

  1. I usually read my email in Alpine. But sometimes in Thunderbird. Then there is the Apple Mail thing. And I have Squirrel Mail set up for silly internet connections. And I have an iphone. Do I have to set up all these for encrypted emails? And WTF do you need to enrypt your emails to me anyway?

    ReplyDelete
    Replies
    1. Well, if you want encrypted email and want to read on all of those systems, yes you would. But if you don't want encrypted email, don't ask for it. Many people do, especially for things like call recordings.

      Delete
    2. FWIW, I use iPGMail on my iPhone. Not as slick as GPGMail on Mac by a long shot, by convenient for when I get an encrypted email and want to take a look at it on the move.

      Delete
  2. Aren't your emails encrypted anyway? I have "(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)" in the received header?

    ReplyDelete
    Replies
    1. We use esmtp where possible, yes, PGP offers end to end encryption.

      Delete
  3. I doubt you'll agree with me on this :-) I'm not a fan of PGP for the reasons below.

    1) Even for IT pros it's a PITA. Recently read an article on wired where even Mr. Snowden slipped up with PGP! Chances of an average end-user setting up and, more importantly, using PGP correctly?
    2) It does not encrypt metadata which is far more valuable for certain purposes.

    I'm in the ForceTLS camp....over to the IETF :-)

    ReplyDelete
    Replies
    1. I agree it is far from perfect - but for end to end email it is about the best option. Much of the issues are down to the underlying complexity of maintaining an "identity" properly and securely and verifiably - and these are things that are hard to fix. The simplicity of https just working means everyone has to totally trust hundreds of CAs issued by god knows who and updated all the time.

      Delete
    2. Actually, one reason I'm not a fan of PGP is the inability to revoke keys from the key servers without having the actual key. My email address has had a key associated with it on the key servers that I lost years ago - absolutely no way for me to ever revoke that key.

      As for encrypting metadata, I suspect we simply need to stop putting some of that in the headers. Obviously some headers can't be end-to-end encrypted - you *have* to let each mail server see the envelope addresses, for example; encrypted SMTP offers some protection for those headers. However, stuff like the subject line could be included in the end-to-end encrypted part of the message.

      I guess what you actually need is minimal message headers in cleartext, then an encrypted RFC822 lump that contains the other headers (e.g. subject line), message body and attachments. I've not looked into it, but is this how S/MIME works?

      Delete
  4. Might be worth looking into https://keybase.io

    ReplyDelete
  5. Sure go ahead, sign & encrypt. I am happy with this. BTW your invoices are only partially signed (the attachment is not signed). Also I would prefer the PGP/Mime format to the inline. Regarding encryption, get registration easy, maybe something like "reply by e-mail with your public key". Registration could also be done on Clueless.

    And what about also supporting S/MIME as an option for those who are from the other school?

    ReplyDelete
    Replies
    1. The format invoice is the plain text which is why we only sign that, but also the attachment signing means a S/MIME format. We tried this but far too many people say "cannot open attachment" on the signature, and then refuse to pay the invoice!?

      Delete
    2. Would be helpful (in a wider sense) if we can reliably enumerate where this S/MIME format still causes unreadable-message problems. I know it *used* to be an issue with Outlook Express (but that shouldn't be used any more, XP EOL etc). Apparently this issue may live-on to windows 7 live-mail or something like that, but is otherwise a rare issue.

      See also: http://www.phildev.net/pgp/pgp_clear_vs_mime.html#matrix

      (that said, the cannot-open-attachment could also just be confused-people who don't realise they can just ignore the signature happily?? Puzzle =) .).

      I guess you could have a per-account option to enable/disable the PGP/MIME usage and a note in the email that the 'signature' attachment is normal and can be ignored if you are not using PGP...

      w/ Thanks,

      Delete