| Viewing Single Post From: The NSA May Read My Mail | |
|---|---|
| insecure | Sep 11 2005, 05:45 AM |
|
Elite member
  ![]](http://209.85.122.85/static/1/pip_r.png)
|
Your "hey, is anyone headed East? I have a letter for Joe Soapski in Siberia - could you take it?" analogy for SMTP is broadly correct, although the "long chain" is probably not all that long - I would guess that most emails are delivered via a chain fewer than, say, ten servers in length. But there's plenty of scope there for abuse! I concur about regular encryption of emails, except for one small problem. As you have said, there are ways in which it could be standardised, but the problem with all standardisation efforts is that of producing effective standards and then getting people to buy into them. If you eliminate from consideration the opinions of people who either know nothing about cryptography at all, or who fail to understand Kerckhoffs' Principle, on the grounds that they don't know what they're talking about, that leaves a (relative) handful of people who might reasonably be said to be worth listening to on the subject of standardisation. Alas, many of these people work for NSA, GCHQ, or related agencies! So how do we know we can trust them? Or let's say, for the sake of argument, that everyone decides that Twofish or Rijndael (AES) is trustworthy, so we'll all use - oh, AES for the sake of argument. We now have the problem that anyone wishing to write an email client must be able either to code AES (which isn't as easy as it sounds) or be prepared to trust a third-party developer's AES library. The second option may be workable, provided it's Open Source (so that you can read through it to make sure that it's not sending plaintext to a government agency in its spare time). But how do we know that, say, the NSA doesn't have a crack for AES? In practice, as you say, AES (or Twofish) might be good enough, on the grounds that, even if the NSA does have a crack for it, they would have to make an effort, whereas at present the only problem they have is sheer volume. This will, of course, slow down email - AES is not infinitely fast - but that is a price worth paying, I think. Another problem: if all email were encrypted, how would we send email to countries to which cryptographic export is illegal? Should we lift those export controls? (Undoubtedly YES in my opinion, on several grounds; but several governments seem to disagree with me.) |
 |
|
| The NSA May Read My Mail · Debates | |
6:06 AM Nov 27
