Hacker News new | ask | show | jobs
by ISV_Damocles 921 days ago
I think we agree[0] on this. Email encryption isn't ever going to be a thing because of the way email itself works. But email signing would help a lot. I still don't think GPG does this very well, though, because of issues with key rotation/invalidation/etc.

[0]: https://news.ycombinator.com/item?id=38557771
1 comments
arp242 920 days ago
I wish it would just use TOFU ("trust on first use") by default. It's not 100% fool-proof, but actually does cover a large number of use-cases, and is certainly better than nothing.

UI:

  "billing@paypal.com: we never seen this sender before, be careful"

  "billing@paypal.com: this is verified to be the same sender"

  "billing@paypal.com: ACHTUNG! THIS IS SOMEONE ELSE"
You can of course still manually add keys, and you can even do automatic or semi-automatic key rotation with some new header (e.g. "X-New-Key: [...]" that's signed with the old).
link
woodruffw 920 days ago
> You can of course still manually add keys, and you can even do automatic or semi-automatic key rotation with some new header (e.g. "X-New-Key: [...]" that's signed with the old).

Headers aren't part of an encrypted or authenticated body, so this is trivial to perform a key replacement attack against.

link
arp242 920 days ago
Or MIME part, or change the spec to include some headers (I thought it did?) – that's not an important detail here.
link
mschuster91 920 days ago
> Headers aren't part of an encrypted or authenticated body, so this is trivial to perform a key replacement attack against.

DKIM can be leveraged for that, although DKIM is one hell of a gun to give someone to shoot themselves.

link
morelisp 920 days ago
DNS records aren't part of the encrypted or authenticated channel, so SSH is trivial to perform a key replacement attack against?
link
woodruffw 920 days ago
Sorry, is this a rhetorical question? I thought the fact that SSH does TOFU was (somewhat) common knowledge, which is why it spits out all kinds of scary MITM warnings when a host fingerprint changes.

If you're connecting to an SSH server for the first time and don't already have a pre-established host fingerprint, then yes: someone who controls your server's DNS records can redirect you to another SSH host, which you'll then (presumably) enter your password into.

link
fl0ki 919 days ago
> which you'll then (presumably) enter your password into.

One of the many arguments for using pubkeys so that's all they'll get. Neverthless, the rest of the session could still be anything, and agent forwarding should never be used for untrusted hosts.

link