--On Friday, November 1, 2024 13:36 -0700 Rob Sayre <sayrer@xxxxxxxxx> wrote: > Hi, > > I think the reason to encrypt everything is more innocuous. > > You get message integrity that way. This just helps prevent buggy > programs, as they will break right away. Rob, I'm sure our colleagues who spend their professional lives on security issues can explain this better than I can and will correct me if I get this wrong. With the understanding that I may not have the terminology quite right either, I think the answer is "no". If you trust the integrity of all of the systems and people involved in the message processing chain from end-to-end, sure, but then it it not clear why need additional integrity protection. However, to come back to the usual example, if there are one or more of them that cannot be trusted, and the message ends up in cleartext on a system over which they have control, then tampering with it (or even replacing it with a different message) and encrypting the result is fairly easy and, if, if one is relying on encryption for the purpose, there is any way the recipient can tell that either disclosure or tampering/ rewriting occurred, I can't imagine what it would be... unless the person or system doing the tampering is stupid, careless, or wants it to be discovered. I also don't know what buggy programs might have to do with it. With most encryption methods of which I'm aware, a message consisting of complete trash is no harder to encrypt than a good quality, intended, one. That might be somewhat different if the encryption mechanism were very specific to message structure and, e.g., handled encryption for different header fields differently, performing message conformance checks against various standards along thee way. But, as far as I know, while some of our authentication integrity methods partially do that, our encryption ones do not. What I've been told for nearly 50 years or so is that, if you want message integrity protection, you want digital signatures over the portion of the message you want to protect. And you still need to be sure that works from end to end, rather than relaying through some intermediate where tampering might occur. > SMTP is old and not always encrypted. But it can be a suggested > approach, and not because all messages are super secret. IMO, the strongest argument for "encrypt everything" is the one Barry mentioned: relative to only encrypting selected messages, it considerably increases the burden on anyone would wants to inspect messages by requiring them to try to decrypt all them. What is means in a world in which all of the messages between a pair of source and destination systems are readily available in cleartext at some intermediate point is an interesting question. > I think we want "Hanlon's Razor" here: > > https://en.wikipedia.org/wiki/Hanlon%27s_razor > > "Never attribute to malice that which is adequately explained by > stupidity." And I don't see what that has to do with this particular problem. The thread started from a comment about government prohibited STAETTLS or government-prohibit encryption more generally. Unless you want to suggest that any government that would try that is inherently stupid, those are deliberate actions. > If the encryption can be defeated by a sophisticated attacker, > that's not the worst result. It still prevents people from writing > buggy programs unintentionally. I don't see it; see above. best, john
