On Thu, Jan 6, 2022 at 10:41 AM Keith Moore <moore@xxxxxxxxxxxxxxxxxxxx> wrote:
On 1/6/22 9:28 AM, Phillip Hallam-Baker wrote:
Yes, but as I understand those attacks, they occurred _after_ the received messages were stored. Even if we manage to protect messages end-to-end (from the originator's mail client until they are received by the server), keeping the sender-supplied encryption after the messages are received is a much harder problem (as I and others have pointed out). People need to be able to search through received emails.
Also I think there's widespread agreement that hop-by-hop encryption is
necessary but insufficient; we need message encryption also.
Whether there is 'widespread agreement' is irrelevant. The facts and the evidence prove that messages need to be encrypted end to end.
We spent the entire 2016 election with Trump's team attacking Clinton's handling of email. The director of the FBI despicably abused his office to join in that partisan attack. On and on and on.
The reason I avoid using the term 'end-to-end encryption' when I can is that people fail to understand what the ends are.
If Alice sends a personal message to Bob, end to end is Alice's brain to Bob's brain. End to end is impossible, there must be compromises. Alice's phone to Bob's phone is about as close as we can get to end-to-end. Alice's phone to Bob's email server is not end-to-end by my definition.
If Alice sends a business message to Bob at his work, end to end is Alice's brain to Bob's employer which isn't a person and doesn't have a material existence. So the destination end is not a person, it is a process. Hence designs like XKMS.
Meanwhile, agents of the GRU and FSB hacked into the DNC and stole the Democrats campaign strategy off the mail server. These were passed to the Trump campaign and other emails were released through a Russian operative based in London.It seemed that their security was so lax that attacking their email didn't require the resources of a state-supported agency.
I have spoken with multiple principals with direct knowledge of the breach. It was a very sophisticated attack using two separate very sophisticated, proprietary tool chains. Every one of my contacts in the Threat Intelligence field who tracks APTs that I have talked to is confident that the Cloudstrike attribution to cosy bear/fancy bear is correct.
I will also note that my contacts in Threat Intelligence are disproportionately Republican. Or at least were.
And I think you make a good point that it's necessary to protect data at rest. But if the cleartext is still easily accessible by users running insecure computers, that encryption will do little good. If that cleartext is still accessible by users with passwords, the encryption will do no good at all. Had the Clinton campaign used an encrypted file store to store their email, their email would have been exfiltrated just the same. 2FA might have helped though.
The current implementation of Mesh Messaging is not complete, only the platform independent parts are currently integrated in the distribution. But the Windows variant does have the code to store keys in DAPI and I plan to add the same to macOS using the key manager (it is what it is for).
So in my end-to-end system, it is not sufficient to compromise the service host. Every part of the service can be compromised, including the service keys and key service, that is not sufficient to result in a breach of any user data.
Again, this is not 1980s public key, it is threshold. I am using the right technology for the task. Everyone who came before me was trying to climb Everest without oxygen and they failed. I am using oxygen. (And yes, Messner, 1978: he was following the route found by people wearing oxygen).
The only way my design can be compromised is if one of the user endpoint devices is compromised. With the DAPI code re-integrated, that means the Windows login password has to be compromised.
I have defense in depth: The Phase #0 release isn't for securing messages, it is for securing the powerpoint, word and excel attachments that would contain the actual strategy details. It was the fact that Trump's people knew where Clinton had spent her money that really damaged the campaign.
So even if an attacker gets the messages, they still have to decrypt the contents. And they need to have authorization from the key service to do that. And the key service can be configured to detect suspicious access patterns (too many requests, requests from odd IP addresses) and request out-of-band confirmation. So it is not enough for cozy beart to install malware on her laptop, they have to compromise her smart watch as well.
In short, I have spent four and a half years thinking about this particular set of attacks and how to block them.
Now if only 1% of the skepticism that greets every proposal to secure data was directed at the people peddling ponzi-currency schemes. Why is it that when people describe how to secure data, the blast shields are raised and nothing can possibly work at all, yet suggest a half-baked scheme to move money about while turning coal into gold and a hundred VC companies are queued up to throw their money at it.
