[cryptography] LeastAuthority.com announces PRISM-proof storage service

wasa bee wasabee18 at gmail.com
Thu Aug 15 07:11:23 EDT 2013


To: and From: headers leak the emails/identity of communicating parties,
but it's not the only place that happens. I've never used PGP but I've used
SMIME, so I'll refer to SMIME here (that may also apply to PGP anyway). In
SMIME, the keyWrap (which contains the AES key encrypted under each
recipient's public key) has some sort of headers that the recipient parses.
The header contains info about the intended recipients' certs, like issuer,
SN and email. sometimes it even contains the entire recipient's cert (if
memory serves). So one has to be careful of what info is contained in the
keywrap structure. If the email is present, it will leak even if To/From
were protected somehow. Even if the email is not present, maybe the cert
info provided for the decryption of the keyWrap still leaks enough info
about recipients... for e.g. it might be enough to identify people by their
cert rather than by their email.
Another example where all this matters is in BCC headers. In Firefox (last
time i checked was 2 years ago i believe), Firefox would send the same
message to both To,CC and BCC recipients. The BCC header of course is not
present in the message so recipients don't have access to it. However,
going thru the keyWrap structure leaks the fact that the message has also
been encrypted for an extra recipient so it breaks the BCC purpose.

It seems to me that as long as a long-term info is transmitted in each
message, it can be used for tracking who's talking to whom. Or one needs to
build some sort of deniability into the crypto scheme.


On Tue, Aug 13, 2013 at 7:53 PM, ianG <iang at iang.org> wrote:

> On 13/08/13 20:16 PM, Peter Saint-Andre wrote:
>
>> On 8/13/13 11:02 AM, ianG wrote:
>>
>>> Super!  I think a commercial operator is an essential step forward.
>>>
>>
>> How so? Centralization via commercial operators doesn't seem to have
>> helped in the email space lately.
>>
>
>
> Centralisation works when the server doesn't have any information of
> value.  Presumably the most that LeastAuthority.com can say is that a
> certain company has X GB of documents and updates that set at rate Y. Not a
> lot of value there...
>
> The reason email space providers are suffering is that even when the
> content is encrypted, the To: and From are not.  This enables a fairly
> dramatic capability -- seeing who's writing to whom.  In contrast to the
> bland GB number, this would provide all a business's customers, all a
> dissident's contacts, all an insniding trader's leakees, etc etc...
>
>
>
>
> iang
> ______________________________**_________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/**mailman/listinfo/cryptography<http://lists.randombit.net/mailman/listinfo/cryptography>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130815/ec494768/attachment-0001.html>


More information about the cryptography mailing list