Short Attention Span Theatre

Digital signatures and OE

Relatively soon I'll start digitally signing all my messages. I thought that some of those out there that use Outlook Express might ask some questions, so here the questions are followed by the answers (the following stolen shame­less­ly from Peter Harkins):

What is with the at­tach­ments you keep sending? They have no file formats and I can't open any of them. What am I doing wrong?

I've started getting this question fairly regularly, so I've written an ex­pla­na­tion. If you want the short version, just read the first paragraph. If you want to know the how and why, read the rest. It's easy reading and you'll learn how e-mail works, but there won't be a quiz on this material. Here's your copy & paste of the ex­pla­na­tion, (insert name here):

Short answer:

The at­tach­ments are digital signatures. E-mails can be spoofed or altered so I sign messages to evidence that I wrote the message and that it wasn't altered (de­lib­er­ate­ly or not) during delivery. It's also possible (if the other person also uses signatures) to encrypt e-mail so that a private con­ver­sa­tion is actually, you know, private -- an e-mail will pass through several systems before it reaches its des­ti­na­tion, and all of them could read it if they wanted.

Long answer continues:

This gets right at major problem with e-mail: when people think about e-mail, they think of sending letters. All the icons in e-mail programs reinforce this, so it's a reasonable assumption.

It's also totally wrong: e-mail is much more like a postcard, and not at all private. You give it to somebody who reads it and passes it onto somebody else. They read it and pass it on. After enough passing, it shows up in the re­cip­i­en­t's inbox.

Hopefully these people only read enough to pass it along, but they could read the whole thing, send out lots of copies or save copies. All these behaviors actually happen all the time for legitimate reasons (and aren't impeded by the tools I use): spam or virus scanners read all of your e-mails, mailing lists exist to replicate e-mail, and you probably want your ISP to save your e-mail until you come along to check your mail.

Anyone along the way (and you have no idea who they will be when the message leaves your hands) might be unable to deliver it and delete it. Hopefully they'll send you back an e-mail (which also may or may not arrive) and tell you what happened. You've almost certainly seen these - they're from "post­mas­ter" or "mailer-daemon" and have lots of geeky techspeak to make your eyes glaze over.

It's also possible for them to untracably change your message along the way. Virus scanners do this to remove infected at­tach­ments, which is a good thing. Yahoo tries to keep people from sending you javascript that'll log you out or change your password or something. If someone sends you e-mail with the word "mocha" (that's "m o c h a" for those of you on Yahoo) it'll come out as "espresso". Some companies, paranoid of sexual har­rass­ment claims, get really zealous about this kind of thing.

That this is all possible sounds really crazy until you learn that SMTP (Simple Mail Transfer Protocol) the protocol that dicates how sending e-mail works, dates back to 1981 (well, with that name, an important part is from 1973). It was a different Internet then -- there were far fewer high-speed links and computers weren't online all the time. Quite often it was a case of "you can't get there from here", so it made sense to pass your e-mail on to someone who would hang onto it long enough for the next guy to come online and pass it along. Some computers would only come online late at night when it was cheaper, so it wasn't uncommon for an e-mail to take a week or just disappear entirely.

Let's get back to the signature at­tach­ments. I'm not going to get into the math of it (and boy is there a lot of it) but each signature is generated, based on the message contents, from a private key only I have. I give out a public key that people can use to check signatures or encrypt e-mails to me. There's plugins for just about every e-mail client.

The reason these plugins aren't turned on by default is that most people don't want to deal with the com­pli­ca­tions it can introduce. There's one or two com­pli­cat­ed parts to the system and it means more to learn for users and more work for tech support. People also, wrongly, think something along the lines of "I don't need that, I have nothing to hide." They've got plenty to hide: the e-mail they get from their bank, the discussion of their personal life, their business dealings. If people use it only for the important stuff, just using it becomes suspicious and dis­trusf­tul and brings further scrutiny. It's important to use it regularly and expect others to do the same.

So that's why I sign my e-mails. It just makes all kinds of sense.

If you don't ever want to deal with them, that's tough. I'm not going to stop using privacy and security tools because it's an incredibly minor in­con­ve­nience to those who don't. I'm just as likely to carry around fistfulls of cash because a wallet or debit card is in­con­ve­nient or give up pants because zipping them up is so much added work. I'd have to be reckless to carry on my cor­re­spon­dence in pencil on postcards. I'll be happy to field any questions. As you may have guessed, this is something I think is really neat and important, so pardon my verbosity.

(Yes, for anyone who reads the whole thing, that "(insert name here)" is my idea of humor.)

Neil Gaiman on Talk of the Nation » « Groklaw
sast favicon