Hacker News new | ask | show | jobs
by Geezus-42 1170 days ago
My last company used S/Mime, but it required a dedicated appliance on both ends and a key server to provide the public key from the sending appliance to the receiving one. It's complicated and not practical for most people, but it worked quite well and is used by some big orgs.

That said, the bigger issue is how messages are stored at rest. Basically all the major email providers support and use TLS at this point, which is plenty strong enough for most mail in transit if you're only worried about the body of the message.

I think we need to worry about mail at rest before trying to make in transit encryption stronger. What's the point of anything stronger than TLS in transit if GMail can just read the full unencrypted message?
2 comments
upofadown 1170 days ago
In normal encrypted email usage (without appliances at both ends) the emails are encrypted at any point after creation. They are only decrypted when someone wants to look at a particular message. So encrypted archiving comes for free. This is actually a significant and helpful feature here. I don't see the point of giving this feature up and then working to create a secure archiving system to make up for it.
link
tzs 1170 days ago
> What's the point of anything stronger than TLS in transit if GMail can just read the full unencrypted message?

I thought the point was to make it so that if GMail reads the message body they see something like this:

  -----BEGIN PGP MESSAGE-----

  hF4DiRYQNnty8w4SAQdAdiM2arHOheTBYTJriZZQOarZJy39Hs2Hl2tbAM/n5yMw
  3DrQEjbJtP2LAm1oxaKPI3cyL05OFMU4p5ZMzbNIChEgNG7dxrUZJ9/0aS1P/8hl
  0lkBHVB0DPdgxtLk7tl23iozcnoP4Heua1Lvqf891Cy51409FHk4UX/hUPwg2E/O
  mRczP2UVrbBB90CA0L0wRFfXZpPTtq0UusAtPZ4evtzEgcH4pDK5LV7hog==
  =vlQ3
  -----END PGP MESSAGE-----
which is probably not going to tell them anything useful.

That seems pretty useful to me. Sure, they still get to see the subject, the sender, and the recipient list so they get important metadata about my communications. But most of the time my communications are with people that I'm already known to communicate with, and the subject just reveals that the message is about some topic that I'm already known to communicate with them about. All the stuff that would actually be new and interesting to a third party is in the body.

On the other hand I seem to recall tptacek saying that just encrypting the message body is worthless, and when it comes to cryptography that guy's smart. I mean like fuck-a-guy smart. Know what I'm saying? So it is possible I'm overlooking something.

link
Avamander 1170 days ago
Not entirely worthless, but there are a bunch of things that are left unprotected and may thus pose an issue. Certainly not up to the same standards of your average EE2E IM platform, but it kinda doesn't have to be to be useful.
link
kebman 1169 days ago
I totally agree. Se my "philosophical" reply further up if you want to delve more into the logical yet non-technical aspects of your argument.
link