Re: <nettime> Re: 'Self-destruct' e-mail offers virtual privacy

[Craig Brozefsky <craig@red-bean.com>]

"Wojciech S. Czarnecki" <ohir@sec.pl> writes:

> Ana Viseu wrote:
> [on Sat, Oct 09, 1999 at 08:30:47PM -0400]
> (>) Owego dnia Ana Viseu napisał(a):
> > I found this article to be interesting for it affects the nature and uses
> > of communication via email.
> 
> Pity, I found this article a shiny example of 'snake-oil'.

I think anyone who mis-understands the problem domain DI is limiting
themselves to would call this snake-oil as well.  They are not trying to
solve sabateur problems, and they are assuming that the sender and
receivers hosts are trusted computing domains, and they are not trying to
solve the problem of active attacks on the transmission of the message. 
This is for "after the fact" attempts at recovering the message, the
commmon example being the exploratory subpeona of emails.  It's not a
message security tool, it's a messaging policy tool some might say. 

Solving the sabateur, untrusted computing domain and active attack
problems are very very difficult, and anyone who claimed to have solved
them by providing a third-party service is probably selling snake-oil.  DI
is not claiming they have a solution to those problems. 

> Plaintext messages can be captured and stored everywhere on theirs
> way. And even behind this way.

Yes, and anyone can read a message written in disappearing ink before it
dissolves.  I found the best way to understand what problems they are
trying to solve is to take the name quite literally.  Think of the threat
profile and policy problems real disappearing ink tries to solve.  It
doesn't try and stop the receiver from making copies, anyone who has the
key and document (there is limited authentication of key requests in DI,
password based so not strong IMO) can read the disappearing ink.  But, if
you're coming back 3 months from now and trying to get these emails for a
court case, or maybe your merger attempt failed and you have to destroy
all email between you and your ex-mmerge-partner (US law requires this)
that disappearing ink would not allow anyone to read that document after X
number of days.  That is all DI is trying to do, nothing more. 

>   If they both were use PGP, no one would ever get into these, even stored,
>   copies of messages. 

Yes, and they advise the use of PGP in these messages (not sure if their
"filters" support it easily).  But PGP does not solve the key disposal
issue which guarantees that subpeona or other attemp to recover the
message at a later date will be in vain.  With PGP, the recipient (any one
of them) could be forced to divulge the key thru various methods (legal,
torture, economic) at a later date, even if at the time of receiving the
message he agreed to the policy of keeping it secret and disposing of it
after X number of days. 

>   PGP is avaliable FREE for noncommercial use. Also PGP means: NO
>   THIRD PARTY need to be 'notified across the Net', NO THIRD PARTY
>   is to assign 'secret' numbers nor keys. NO THIRD PARTY to keep eye
>   on your e-mail traffic.

This is the biggest problem with DI too, the trust you have to give them. 
They are a single point of failure for the entire system.  You have to
trust them to not flub up disposal of backups, to not be compromised by
the NSA or other organization and thus not fully carry out their key
disposal, and to not have their hosts compromised from the outside and all
key requests and submissions intercepted.  From a security standpoint
these are not acceptable trust relations, from a business messaging policy
standpoint these trust relations may not be show-stoppers.  Trying to beat
the NSA is one thing, trying to beat anti-trust lawyers is another. 

Their hosts also become nice juicy foci for traffic analysis.  Phone call
logs can be just as incriminating as phone taps.  All the key requests are
SSL encrypted tho, so passive attacks will reveal limited information. 
MITM attacks may be possible here depending on how they handle the SSL. 

One solution to this might be to tie their server in with other mail
server software and basically let a corporation run their own key server. 
But it's difficult to really do key disposal properly (as I'm sure you are
aware) so I don't know if that's gonna fly. 

>   If you will use 2048 bit rsa keys with your PGP, you're certain,
>   that content of your encrypted e-mails remain safe for at least
>   next hundred years.

Not certain, but more certain than most other calculated risks in life. 
This is why I would suggest to anyone using DI to encrypt their messages
as well if they are looking for a security solution, as opposed to just
the policy solution DI really is providing. 

>   In most countries destroing financial documents is a crime. 
>   Keeping them secret isn't though.

Maybe you're not familiar with several high profile cases in the U.S.
where older documents where subpeonaed and used against the organization
or individuals who sent/recieved them.  This is not a "security" tool in
the sense of stopping an active attack upon the message at the time of
transmission, this is a policy setting tool for handling the elimitation
of older documents.  It's common practice for companies to send paper
documents toa shredder after a set period of time, this could be thought
of as a cryptographic shredder for setting corporate policies on message
disposal.  It's not really meant for financial documents or other
non-email documents. 

I don't find DI very interesting from a personal perspective because it
doesn't help me much.  It's really for large companies and other
organizations setting email disposal policies.  For this reason, I'm
thinking that maybe nettime is not the best place for the rest of this
discussion (if you want to continue it).  There are plenty of other places
for corporations to hash out the validity of products directed at them. 

Full Disclosure: I am newly aquainted with Jeff Ubois and other people at
DI, thru purely coincidental circumstances.  Just met them within the last
two weeks and had no business or professional involvement with them at
all.  My perspective on the DI offering comes from some casual
conversation with them and thru their presentation at the Bay Area
Cypherpunks meeting.  I have no relationship with DI, and have no interest
in using it or selling it anyone. 



-- 
Craig Brozefsky                         <craig@red-bean.com>
Free Scheme/Lisp Software     http://www.red-bean.com/~craig
"riot shields. voodoo economics. its just business. cattle 
 prods and the IMF." - Radiohead, OK Computer, Electioneering

#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body
#  archive: http://www.nettime.org contact: nettime@bbs.thing.net