pgpfan:forwarding
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
pgpfan:forwarding [2021/01/20 02:39] – Some practical points. b.walzer | pgpfan:forwarding [2023/06/26 15:31] (current) – [Fixes] Typo b.walzer | ||
---|---|---|---|
Line 1: | Line 1: | ||
======Surreptitious Forwarding====== | ======Surreptitious Forwarding====== | ||
- | This is an interesting | + | This article |
* [[http:// | * [[http:// | ||
PKCS#7, MOSS, PEM, PGP, and XML]] | PKCS#7, MOSS, PEM, PGP, and XML]] | ||
- | PGP really | + | I will only discuss the article |
- | The writer | + | This article was originally presented as a paper 20 years ago (2021). I have not been able to find any examples |
- | > I love you. | + | The article begs the question of risk by assuming that a user might make a particular error of perception based on a misunderstanding of how OpenPGP protected email works. The article does not even state exactly what this error would be. |
- | That someone could then decrypt the message with signature, reencrypt it and then send it to someone else. Since it has your signature the writer suggests that that someone else would then be misinformed about your feelings toward them. This suggestion ignores the cultural context. | + | =====The Issue===== |
- | Email was set up to be an analogy of the preexisting and well known physical paper mail system. So we have a to and from " | + | Surreptitious forwarding works like this: |
- | The writer would have us believe that an analogy based system could be inherently confusing when it is slavishly following a well known analogy. If someone | + | - You send an encrypted and signed message to someone. |
+ | - That someone | ||
+ | - They decrypt the message leaving your signature attached. | ||
+ | - They then reencrypt the signed message to a third party. | ||
+ | - They forward | ||
+ | - That third party knows that the message | ||
+ | - That third party assumes that you originally intended | ||
- | The writer also implicitly suggests | + | From this we can see that the user error occurs at the last step. The only way your forwarded signature could contribute to the deception is if the third party incorrectly assumes |
- | If we can assume | + | The article actually disparages the idea that the root cause here could be an understanding error and casts off preexisting opinions to that effect. It then moves ahead based on the assumption that a purely technical solution is possible and desirable. |
- | * The email is from you. The ultimate recipient is going to ask you about it. So you find out right away. | + | We can also see the effect of the encryption. The encryption initially limits who has access |
- | * You will in most cases know exactly who did the forwarding. | + | |
- | * You will normally have a copy of the message | + | |
- | * The email servers will have logs showing when and where you sent the message | + | |
+ | =====Considering Cultural Context===== | ||
+ | So how likely is it that a user would make this particular error? | ||
+ | |||
+ | Email was set up to be an analogy of the preexisting and well known physical paper mail system. So we have a to and from " | ||
+ | |||
+ | With paper mail the signature only applies to the writing on the paper contained by the envelope. It does not apply to the writing on the outside of the envelope. The email '' | ||
+ | |||
+ | Now there is an issue if it is not obvious to the user what is in and what is outside of the envelope. This would mean that it would also not be clear which parts were or were not encrypted. So it is an issue that simply can not be left unaddressed. | ||
+ | |||
+ | Let's consider the examples given by the article of messages that you might send to the untrustworthy someone: | ||
+ | |||
+ | ===="I love you" | ||
+ | |||
+ | The risk here falls mostly on the third party. They might be tricked into revealing feelings for you that they might otherwise of kept to themselves. | ||
+ | |||
+ | Your mischievous message recipient can't really embarrass you without also revealing that they are the object of your affection. If they are willing to do that then only overt forwarding is required. So this has to actually be an attempt at matchmaking at the middle school level. The person you originally sent the message to would be using their surreptitious forwarding super power for good rather than evil. | ||
+ | |||
+ | This is the most effective example, but only because of the topic. The existence of a signature will make no difference to the third party recipient, They will address the issue or not depending on their nature. The [[wp> | ||
+ | |||
+ | ====A Sales Plan Forwarded to a Competitor==== | ||
+ | |||
+ | Here the goal is to get you in trouble and/or divert suspicion from the person who actually did the forwarding. | ||
+ | |||
+ | In practice, if your management did not like you then they would accept the email forgery as valid and not bother with the question of the signature before terminating you. If they did like you then they might accept the possibility of the email forgery. After that it would be a relatively easy to determine that your signature only meant that you had made the message and not anything about who you had sent it to. | ||
+ | |||
+ | ====" | ||
+ | |||
+ | This seems unlikely to work. Presumably someone would show up and demand money based on your signed email. Since an IOU is an informal agreement, and you did not actually incur the debt to this someone, then you would informally tell them to go away and not bother you anymore. | ||
+ | |||
+ | If this someone attempted to make a claim in court based on your signature they would have to prove that the " | ||
+ | |||
+ | Generally the difficulty with exploiting surreptitious forwarding is that you would need someone who understood and believed in the value of email signatures but at the same time did not know their scope. Such people must be very rare. | ||
+ | |||
+ | =====Fixes===== | ||
+ | |||
+ | Easiest is just to refer to the intended recipient in the body of the email. Normally there will be enough context to do this implicitly. | ||
+ | |||
+ | The article suggests a couple of ways to prevent surreptitious forwarding and I have run across another proposal that was probably made after the paper was published. All work by linking the destination of the encryption with the signature somehow. The ultimate intent seems to be to break the signature if the destination of the encryption changes. This does not strike me as a very good approach. | ||
+ | |||
+ | Where we used to have a simple user education problem understandable by most anyone, we now have a difficult documentation problem that involves an obscure technical element. That is assuming that it is even possible for the user to determine what happened to cause their signature to break. Unencrypted but signed messages would inexplicably not have this protection available and so this would have to be documented in a useful way to the user as well. | ||
+ | |||
+ | The user no longer is allowed to choose if they want their signature to include the destination of the message. This seems disrespectful to the user. | ||
+ | |||
+ | Not all forwarding is undesirable. Linking the signature to the encryption destination would break signatures in an encrypted email list system that decrypted incoming messages to the list and reencrypted them to each individual user. | ||
+ | |||
+ | =====Conclusion===== | ||
+ | |||
+ | Surreptitious forwarding is not a problem for encrypted email and does not really need to be solved. There are proposed solutions out there that would make things worse. | ||
pgpfan/forwarding.1611110345.txt.gz · Last modified: 2021/01/20 02:39 by b.walzer