Re: The whole Process
From: Neb Okla (n_okla_at_hotmail.com)
Date: 04/16/04
- Next message: Shreeniwas Kelkar [MSFT]: "Re: Creating "My" Store"
- Previous message: Victor Pereira: "Creating "My" Store"
- In reply to: Michel Gallant: "Re: The whole Process"
- Next in thread: Michel Gallant: "Re: The whole Process"
- Reply: Michel Gallant: "Re: The whole Process"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 16 Apr 2004 19:47:38 GMT
"Michel Gallant" <neutron@NOSPAMistar.ca> wrote in message
news:uLXLYb9IEHA.1388@TK2MSFTNGP10.phx.gbl...
> "Sergio Dutra [MS]" <sergiod@online.microsoft.com> wrote in message
> news:e1lFT$8IEHA.376@tk2msftngp13.phx.gbl...
> -- snip
>
> > What you're describing is a digital signature - that is, you encrypt
> > something with your private key so that anyone with your public key can
> > decrypt it. It's only value is that it proves the message came from you.
>
> But oh what "value" ... imo probably MORE important these days than
> protecting privacy of information. Think about the number of slick
> non-authenticated (but fooled a lot of folks) messages purporting to
> come from Microsoft?
You also have to keep in mind that encryption is irrelevant if you don't
know who sent the encrypted message.
Digital signatures ensure two things. The first is that the message
originated from the claimed sender. The second is that the message was not
modified in transit.
We don't have to look far (check your on mailbox, or favorite newsgroup) to
find examples of messages sent by people who spoof their identity. Most
Spam and Virues are propogated this way, so my friends and colleagues know
that if a message was sent unsigned, it wasn't sent from me. And I have
them trained to notify me when they recieve a message that is unsigned or
has an invalid signature. It happens more often than you'd think -
especially since spammers often obtain their "to" and "from" addresses from
the same list of victims.
I can't tell you how many times I get automated email responses from AV
software all over the world expalining that I have a virus on my machine
because I sent a message to their company. All of these rejected messages
are unsigned. And most viruses use the same tactic as spammers - by lifting
the "from" address from the infected PC's address book to prevent people
from notifying the actual victim that their machine is infected.
I also frequently encounter cases where ISP's forcibly insert advertisments
into email after it has been sent - or otherwise edit the contents of
emails. A signed message notifies the recipient that they should check with
me if they want to be sure they have recieved the true meaning of my email.
And of course there is the case of "phishing" - a problem so crafty that I
can't understand why every company doesn't digitally sign all out-bound
correspondence with customers - especially banks and online retailers.
There are inexpensive systems that automatically sign each outbound email as
originating from the company - and if consumers were trained to check for
this (as they have been trained to look for the "SSL Lock" on secure
websites) it would be more difficult to fool them.
I think this is wishful thinking in a world where most email passwords are
sent cleartext. 8-)
So we've established that digital signatures have "value" - the question is,
how to make it convenient and easy such that the average user (like my mom!)
can benefit.
Luckily, there is already an answer. While most digital signature
validation schemes require a plugin, S/MIME signature validation has been
embedded in email and news clients from Microsoft and Netscape for years.
More recently, IBM and Apple joined the party, and in Mac OS X, even Mac
Mail supports S/MIME digitally signed or encrypted messages. Clients with
native support are also freely available for Solaris and Linux machines.
It's estimated that 90% of the email clients in the world support S/MIME.
Best of all, since it is integrated into the client, validation requires no
user intervention or configuration. If you're using an NNTP client that
supports S/MIME, you validated this message when you opened it - with zero
effort on your part.
This is the key part since such a vast majority of computer users can
benefit from the technology without understanding it.
> Heck, there are a lot of naive folks who would even be fooled by the PGP
> signatures commonly found on MS bulletins (that most folks know nothing
about verifying!).
It is true that novice users may assume that because a message is PGP-signed
that it must be valid. In fact, this view is not restricted to novice
users. Recently Spammers illustrated this perception problem by forging PGP
signatures and getting the "green light" to bypass SpamAssassin
<http://www.silicon.com/research/specialreports/thespamreport/0,39025001,100
06378,00.htm>. The signatures were never checked for validity - but they
were tagged as legitimate simply because they appeared to be properly
signed.
I'd like to see an added feature in the next version of Outlook. I'd like
it to verify any S/MIME signed emails and if they contain a VALID signature,
then I would like them to be forwarded to me. This would ensure that the
sender had a valid return email address - and the solution should also allow
me to block all messages signed by a specific ID (this should also be added
to IE to allow users to refuse ALL downloads from spyware companies - even
though they are digitally signed).
Anyway, the problem with "assumed validity" and PGP should be reason enough
that Microsoft switch to S/MIME for it's Security Bulletins.
To be nice to the PGP users, I have found that both signature types can
co-exist, so if MS wanted, they could sign their bulletins with S/MIME and
PGP allowing novice users to benefit from the auto-verification features of
S/MIME that they already have - while still allowing cryptomaniacs to verify
the message integrity manually with PGP. Of course, PGP users who use an
S/MIME compliant email client would be double-validating the message, but
I've met some hard-core types who S/MIME and PGP sign every email. 8-)
> Still don't understand why Microsoft doesn't use more of their own
implemented
> signature verification infrastructure (and S/MIME signed email) to
authentication
> messages they post!
It's a very good question - and one that I haven't seen answered yet. Mike
Nash, in a chat I was in the other day said "that's a great idea - we'll
look into it". It will be interesting to see if such an obvious and
beneficial security solution. It definately falls into the category of "low
hanging fruit".
In fact, MS using PGP to sign instead of S/MIME is a little like the
situation I encountered with Network Solutions (Verisign). Even though they
were owned by Verisign at the time, they were unable and unwilling to send
me a password via Verisign (X509) encrypted email. Instead we had to rely
on the highly secure technology of "the telephone" to provide me with the
password. Of course, with a phone you can't really verify who is on the
other end - which brings us back to why identity verification has value in
secure communications.
> Go X509-Sigs Go!
>
> - Mitch
...yeah! What he said!
-- *** Secure Digitally Signed Email Tutorial *** - Fight Spam, Viruses, Spoofing and in-transit email modification with your email software's security features! http://www.marknoble.com/tutorial/smime/smime.aspx ----------------------------------------------------------------------------
- application/x-pkcs7-signature attachment: smime.p7s
- Next message: Shreeniwas Kelkar [MSFT]: "Re: Creating "My" Store"
- Previous message: Victor Pereira: "Creating "My" Store"
- In reply to: Michel Gallant: "Re: The whole Process"
- Next in thread: Michel Gallant: "Re: The whole Process"
- Reply: Michel Gallant: "Re: The whole Process"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
