May 17, 2004


by peterb

On the confusingly named Google Blog -- the one not run by Google -- Aaron Schwartz opines that gmail's security isn't strong enough:

...[Gmail] should use public-key encryption. (This part will be a bit technical.) When you create a Gmail account, your computer creates a keypair. The public key is sent to Google. The private key is encrypted with a password you choose, and the encrypted version is sent to Google. (Important: Google never gets your password.) When an email is received for your account, the server encrypts it with your public key before saving it. When you log into read it, you download your encrypted key, decrypt it with your password, and then your computer decrypts your mail with the resulting key as it's downloaded. (Already, all your mail goes through Gmail's JavaScript client to get processed and turned into HTML, so this won't be too hard to add on the client-side.) In this way, your mail is never stored in a way Google has access to.

This is a really bad idea. SSL -- which gmail provides -- is a no-brainer, but this is a bad idea.

Really, you're saying "You will need your private key on your computer in order to read mail," (since you can't public-key authenticate without your private key) which is a shorter way of saying "you'll need to carry your private key around with you, either on a disk or a smartcard or some similar device," which is a shorter way of saying "since no one wants to do this, really, I want an implementation of gmail that makes it a pain in the ass to access my account from more than one computer" which is a longer way of saying "I want a version of gmail that no one will want to use."

Second, the whole point of gmail is that Google has access to your mail. I say this not as an ominous "I hate Google" statement -- I actually have a gmail account -- but as a statement of fact. Apart from Google's desire to sell you ads, one of the things that makes gmail useful is that you get to have Google index your mail to make things easily searchable. If what you're storing on gmail is encrypted, it's not searchable anymore. So encrypting the mail on Google would destroy another aspect of the product.

Thirdly, I think you're missing the bigger issue, which is that even if we did everything you suggested -- PKI, SSL, super-hyper-secret encryption from the NSA -- random people on the internet would still be able to read your mail, because eventually it would have to be transferred to or from the recipient on the other end, which would be going over SMTP in the clear. Of course, you can talk about using public key encryption end-to-end, a la PGP, but basically the market has spoken: normal people hate the public key encryption alternatives they've been given, because they make email effectively unusable.So in summary, I think Google did exactly the right thing by punting on this problem for now. In today's internet, email between two untrusted parties who aren't both willing to use the same pain in the ass public key software ain't secure. That's the reality.

The real solution, in my opinion, is for PKI to be deployed in the core (pretend for a moment that (a) there is a such a thing as "the core" and (b) that changing SMTP to support PKI and then getting it deployed there was actually reasonably possible, which it isn't) and then for mail clients (web mail, IMAP, or others) to use SSL to access their mail stores. This would reduce the window of vulnerability from "anyone with access to a machine on any network my packets go through" to "untrustworthy administrators and/or compromised machines that my mail is actually stored on." That's a pretty significant reduction in threat. Since I now work on filesystems and don't go to IETF anymore, for all I know there's a working group on this topic that has already decided that my strawman idea is unworkable and stupid. I'll look into this and try to circle back to the topic soon.

Additional Resources

Posted by peterb at May 17, 2004 11:23 AM | Bookmark This

In my opinion, you underestimate the power of end-to-end public key encryption. It is true that most people hate using PGP and would rather choose to leave their emails in the clear than try learning it. But that is a ‘interface’ problem and not a public key encryption problem. In other words, people would readily try using end-to-end encryption if only it were made easier.

Take for example Keygloo. While this is a new product and yet to gain popularity, it is in general used by normal people to encrypt emails be it from email clients or web mails like Gmail, Yahoo, Hotmail and others. Keygloo simply associates the public key with a 10 digit number called the ‘Keygloo Number’ which is all that is needed to exchange keys. Thus the key exchange can happen by word of mouth, business cards, or simply a phone call. The emails get encrypted end-to-end in the truest sense since the email is encrypted from the moment it is composed through the rest of its lifetime( both in transmission and storage).

This model offers more flexibility in the sense that once the product is installed and a key pair generated (or a Keygloo number obtained), the same number can be used for encryption in multiple mail systems. This reduces the complexity involved in PKI deployed in the core and also brings to zero any intrusion arising from untrustworthy administrators.

Posted by Vivek at September 9, 2005 09:30 AM

Well, peterb, I think you didn't really understand what Aaron Schwartz was saying...

He said that you would ONLY need your password (just like you need it now), and you would DOWNLOAD you private key from GMail (or rather the encrypted version of you private key, and the client would decrypt it using your password as a key), so you wouldn't need anything else with you.

I agree with you in the second part (the part about advertising and searching), however, I consider Aaron's idea great in case of non-public webmail.


Posted by Tom at September 23, 2005 11:32 AM

Please help support Tea Leaves by visiting our sponsors.

November October September August July June May April March February January

December November October September August July June May April March February January

December November October September August July June May April March February January