We are moving off topic slightly, but I disagree, and agree.
There is a bigger general problem caused by encrypting email in virtually
every PKI mechanism.
1. Virus and spam control measures fail.
2. Corporate access to the content in email is at the discretion of the
individual, not the corporate entity. This breaks many corporate laws, and
helps IP thft etc.
Signing email does not have these issues, but what's the point of the cost
to do that (cert cost, support overheads et al) and not protect the message
content from misuse?
There are better email authentication and confidentiality solutions that
PKI-based ones.
Just mho
Lyal
-----Original Message-----
From: Tom Stowell [mailto:jts@deforest.k12.wi.us]
Sent: Saturday, 29 October 2005 2:09 AM
To: DamhuisA@aforbes.co.za; webappsec@securityfocus.com
Subject: RE: Smells like a phish, is a fish?
I agree with you. Maybe we should just encrypt the whole message.
Client-side certificates, put in the kindest of words, are a customer
support nightmare come to life. But they're probably the best solution we
have right now...
http://www.thawte.com/secure-email/personal-email-certificates/index.html
Tom
Tom Stowell
Network Administrator
DeForest Area School District
520 E. Holum St.
DeForest, WI 53532
Fax: (608)-842-6545
Voice: (608)-842-6500
Email: <jts@deforest.k12.wi.us>
console, n. [From latin consolatio(n) "comfort, spiritual solace."] A device
for displaying or printing condolances or obituaries for the operator.
-- Stan Kelly-Bootle, The Computer Contradictionary.
"Damhuis Anton" <DamhuisA@aforbes.co.za> 10/28/05 05:39 AM >>>
Hi,
Signing an email authenticates the origin of an email,
(a) but it still does not stop the contents of the email to be read, while
in transit (as far as I know). (b)It also does not stop the contents being
read after an elapsed period of time.
(a) If an attacker saw the message the link in the message while being
transmitted, copied the link into a browser, they would get access to the
account.
(b) If the email lay dormant on the email server for some time, and is then
opened, it would/could still give access to that account.
That is why I say that something must always be kept secret. It will make
sure in both cases that someone could not get access to an account.
Another Example
===============
Lets assume there is web site that requires the user to enter their email
address and password to log in.
If the user forgets their password, it can be sent to them. An attacker at
that point has all the information from the email while in transit, and
while stored somewhere. Most likely the request would still be valid after 3
weeks. The site should have a timeout on the sent password. It should also
require the user to change their password as soon as they log in (thus
making the information in the email invalid).
Regards
Anton
-----Original Message-----
From: Tom Stowell [mailto:jts@deforest.k12.wi.us]
Sent: 27 October 2005 08:27
To: Damhuis Anton; Ofer.Shezaf@breach.com; vanderaj@greebo.net;
webappsec@securityfocus.com
Subject: RE: Smells like a phish, is a fish?
Greetings,
You say "email is sent over an unencrypted link". I say, why?
I would put forth that phishing is going to be a problem until there is a
secure, open, widely deployed standard for source-authentication of email.
S/MIME, for example. Maybe businesses should start signing messages, and
teach their customers to not trust ones that don't have the "golden
padlock."
Tom
Confidentiality Warning
=======================
The contents of this e-mail and any accompanying documentation are
confidential and any use thereof, in what ever form, by anyone other than
the addressee is strictly prohibited.
