Principle, utilization and limitations for secure electronic mail systems FACULDADE DE ENGENHARIA DA UNIVERSIDADE DO PORTO Segurança em Sistemas Informáticos

Principle, utilization and limitations for secure electronic mail systems

FACULDADE DE ENGENHARIA DA UNIVERSIDADE DO PORTOSegurança em Sistemas Informáticos 2009/2010Lindomar Bandeira RochaLindomar Bandeira Rocha

Inline Encoding ( clearsigning ) Older choice Good for basic email messages

PGP/MIME More modern choice Attachment-based

2OpenPGP : Principle, utilization and limitations for secure electronic mail systems

Occurs directly within the body of the email message.

OpenPGP signature at the end of the message.

Encrypted message replaces the original message body completely.


Inline- encrypted message opened without using OpenPGP program:


DISADVANTAGES :DISADVANTAGES :

Non- English caracter sets;

Attachments; Binary

documents; Mail servers can

corrupt clearsigned messages.

Non- English caracter sets;

Attachments; Binary

documents; Mail servers can

corrupt clearsigned messages.

ADVANTAGES:ADVANTAGES:

Read by any mail client.

Read by any mail client.


Attachment-based: Encrypted message send as attachment; Signed message and signatures send as

attachment; Attachments are encrypted and

attached.


DISADVANTAGES:DISADVANTAGES:

Not supported by all mail Clients

Not supported by all mail Clients


Mail servers never modifies attachments;

Mail clients treat attachments as separated objects;

Simple to encrypt different character sets or binary files.

Mail servers never modifies attachments;

Mail clients treat attachments as separated objects;

Simple to encrypt different character sets or binary files.

OpenPGP : Principle, utilization and limitations for secure electronic mail systems 7

Proxies sits between your email client and your

mail server. Plug – Ins

integrates with your email client.



Configure signing, encryption, and decryption in the proxy;

Won’t get an “encrypt and sign” button or menu option;

Have to open the proxy program and say “Encrypt all messages now” or “Encrypt messages to this email address.”

Configure signing, encryption, and decryption in the proxy;

Won’t get an “encrypt and sign” button or menu option;

Have to open the proxy program and say “Encrypt all messages now” or “Encrypt messages to this email address.”


Works with any mail client;

Works with any mail client;



Each mail client plug-in is unique;

Each behaves slightly differently ;

Has a different interface.

Each mail client plug-in is unique;

Each behaves slightly differently ;

Has a different interface.


Provides “sign” and “encrypt” buttons directly within the client;

Is written to look like it’s part of the mail client program.

Provides “sign” and “encrypt” buttons directly within the client;

Is written to look like it’s part of the mail client program.


When you send someone encrypted email, the reader must use the recipient’s private key to read it. However, because you don’t have the recipient’s private key, you can’t read the mail that you sent, even though you created it!


Email are not protected on your hard drive.

Save all your Email on an encrypted disk partition.

Another popular option is to also “Encrypt to self”.


Expand my Web of Trust

Trace the Web of Trust to that person

Use the key but limit my trust of the sender


PGP pathfinder trace the path through the Web of Trust

between any two OpenPGP keys use the keyid for the two keys involved Based on WOTSAP, Python program

designed to trace relashionships between keys


OpenPGP does not encrypt subject lines in email. Email messages sent with PGP should

have innocuous subjects (or perhaps no subject at all)

Mail client might default to storing unencrypted versions of the OpenPGP emails that you send.


Documents

Principle, utilization and limitations for secure electronic mail systems FACULDADE DE ENGENHARIA DA UNIVERSIDADE DO PORTO Segurança em Sistemas Informáticos