Email is […] one of the most vulnerable to attack.
Unsecured email messages are rather like sending a postcard written in pencil - they can be intercepted, read or edited by anyone along the way.
To avoid this, every message sent should be encrypted and signed using a digital certificate.[/b] " you write in http://www.secure-email.comodo.com/overview.html
Now, as we, friends, even businesses are writing tons of mails every day and minute, I am asking myself:
Is the security issue really as great as you write ?
To underline my thoughts: Until now, I have not heard from any friends or relatives that they suffered great losses or experienced problems by NOT encrypting mails.
On the contrary, one program less to install, and possibly easier to read for the receiver…
So, to ask very provocative:
Which numbers prove that we shoud use encryption ?
Why should we use it if we can live well without it, as we did until now ?
(Please excuse my seemingly aggressive tone, but this is the main question)
There has been no shortage of incidents, including court cases that revolve around the privacy and security of email. Each of these events always cause me to think about an old proverb, “an ounce of prevention is worth a pound of cure.”
In an analytical and business sense we assess risk by evaluating the threat and its potential impact, probability, and cost to repair (if it can be repaired) or replace (if it can be replaced) the protected item versus the cost to prevent all of this in the first place.
While the Insurance industry is certainly adept with this formula to assign risks and premiums, prevention remains the shrewdest path to protecting anything of value.
Now let’s translate this to unsecured email that is widely recognized as being highly vulnerable and targeted for injecting and causing a growing number of security threats. Further, as most email and network service providers backup their systems, email content remains accessible long after the originator and recipient have completed their exchange, or would have thought their messages were deleted.
Despite unsecured email’s acknowledged vulnerability, as well as the added lack of privacy, we could begin to question the value of the content to be protected. One one might argue that some email is not worth the protection but we all really need to keep in mind that there are added benefits to the use of secure email.
Consistent use prevents the originator from forgetting to turn it on when they do, and they will, send private or sensitive information about themselves or their finances. One breach would far outweigh the cost of secure email…especially when Comodo provides it free.
Consistent use of digital signatures also allows recipients to always know when to trust
the message as coming from you. Digital signatures and encryption reduce SPAM and Spoofing…having someone steal your email identity to send lot’s of fraudulent email in your name doesn’t require access to your email account.
So, I would accept the proverb as wise, and use secure email to prevent what would cost far more to recover…my name, my finances and my friends.
Doesn’t “anyone along the way” actually mean “anyone who hacks your ISPs mail server or your computer successfully”? Most ISPs now or soon will use SSL links between the mail client and mail server, and wireless WPA2-AES links between the computer and router are common except for some public mobile users. So if your ISP or your computer is vulnerable, your email is vulnerable unless it is encrypted. But encryption can be a big PITA, especially when you worry about things like key distribution, so most users follow the credo of the companies I deal with and only encrypt it if it would cause significant damage if revealed. I no longer use things like PGP, simply because the content of my emails is not that significant if revealed, and financial transactions are already protected by SSL browsing. For sending company private/proprietary or FOUO encryption is often used but AFAIK is still not required by most companies or the USG-the mail servers and computers are reasonably well protected. Haven’t heard of anyone breaking into the gmail servers clandestinely lately, but could happen I suppose. And most of our Computers are protected by CIS if we are reading about it here, so shouldn’t happen there. So tell us a little more about the interception threat model you are considering, since there must be something missing. I don’t see at all how not encrypting is almost as good as making them public, especially with the enormous traffic volume.
Authentication and non-repudiation are a bit different, especially for the business user, but that is another discussion and seems like a hard sell to the consumer and to the internet community that needs to support it if you want more than group integrity.
Melih, I am not trying to denigrate the product. Certainly seems much simpler than a public key system, but don’t all of the users still need to install additional software on their computers to deal with it, so that it is really only useful for your “group”. And the businesses where it might be even more useful don’t use it anyway? Individuals could use a bit more information to assess the value for their situation. BTW, If one sends email to a distribution list, do they all get different session keys?
yes all get different sessions keys.
Not sure you realise but CSE solves one of the long standing problems of PKI when used for email communication: ability to send an encrypted email to somoene who does not have a certificate. And still does so using PKI.
In general I completely agree. It is always better to prevent “a desease” than to cure it.
First of all, let me say that I find it impressive and a good reason for seriousity if companies like comodo defend their ideas in such an open forum. Especially as I know, it is always difficult to persuade the public of a “new” idea, even if it is very good …
However, some questions remain to me:
1. Lets say more and more people use CSE. As I understand Comodo as the “third party” authority gives out all the public and private certificates.
a.) What if somebody hacks into the Comodo servers: If he gained access to all the certificates, many people using CSE certificates would be at high risk, right ?
b.) Lets say there is a really bad guy working for Comodo by chance. He could gain or have access to all the certificates, and then use them to intercept and read all the “securely” encrypted and signed emails, right !?
So it is as if we would give the key to our homes and privacy also to a “third party”,… especially if we have some things we want to know secure …
2. How is it possible, that CSE is for free for private persons ? I mean, ok, it is an excellent publicity for the company if many people switch using it (especially if it is a good product) , but still, where is the catch ? (Sorry for my scepticism…)
3. Is it really THAT easy to read an email we send to a friend or client ? I have never heard of any emails becoming “public” as you say (especially if the Client-MailServer connection is SSL), or are my eyes just blind and my ears deaf !?
a)No. Private keys are generated by the end users. The public key part of the key pair is digitally signed by Comodo. At no stage does Comodo have access to private key of the end users. So breaking into our servers will not give them access to end user private keys.
b) same as above. We do not have access to private key. Hence noone can read these messages.
Lets be honest, which end user will pay for email encryption? Yep… not many. So how can we secure everything? by making it free for them. Because we are not going to make money from end users anyway, we are not losing much but gaining great brand awareness and good will. Enterprises are the ones we charge for.
Think thru how many where your email travels from and who has access to these devices (your wireless device, wireless device you connect to a coffee shop, a teenager who works at ISP who is reading people’s emails for fun and sharing it with his friends and so on).
Some understanding about digital certificates might help;
How a Certificate Is Issued
Key Generation: The individual requesting certification (the applicant, not the CA) generates key pairs of public and private keys.
Matching of Policy Information: The applicant packages the additional information necessary for the CA to issue the certificate (such as proof of identity, tax ID number, e-mail address, and so on). The precise definition of this information is up to the CA.
Sending of Public Keys and Information: The applicant sends the public keys and information (often encrypted using the CA’s public key) to the CA.
Verification of Information: The CA applies whatever policy rules it requires in order to verify that the applicant should receive a certificate.
Certificate Creation: The CA creates a digital document with the appropriate information (public keys, expiration date, and other data) and signs it using the CA’s private key.
Sending/Posting of Certificate: The CA may send the certificate to the applicant, or post it publicly as appropriate.
The certificate is loaded onto an individual’s computer.
So in respect to your questions
The private key that’s used to create each S/MIME certificate is not sent to the CA and so there’s nothing to hack that would endanger certificate owners.
CSE and S/MIME certificates are free to consumers because Comodo’s mission is to create a trusted internet that also benefits our business customers.
It is REALLY that easy as not all client-server connections are SSL enabled, inter-network transfers may not be SSL enabled, and not all servers and network switches where email resides are secured. (e.g. SSL only encrypts the transport and not the contents)
Do you look at every SMTP header to know the path of every message? Some of these can have a dozen or more intermediary hops. And, are you sure that it was really originated by who you think? A digital signature would…
Comodo Secure Email is about prevention, so you don’t need to be cured. (:KWL)
Thank you, I start understanding.
Have you heard about gp4win http://www.gpg4win.org/ , using the open source PGP Methods… Which benefits are there using CSE instead ? Many people say (and their argumantation is good !!) that security critical software should be “open source” , like gpg4win so everybody can checkthe program code !!!
Especially interesting is this one:
“The private key that’s used to create each S/MIME certificate is not sent to the CA and so there’s nothing to hack that would endanger certificate owners.”
This of course is good. But wait a second, is the private key not assigned by the CA being the primary hierarchical institution ? Then the key is there as well, isnt it !?
Another issue:
then[…]
This means that still in that scenario the message gets to be “sent” to your Servers…hence a potential attack site for hackers as many people might be using and reading many of their these e mails on your servers…
Authentication. It takes anyone with a google searchengine and a 5 minute instruction to find out how to send emails which look exactly as if they came from somebody elses email account - unless you examine the mail header and can actually understand it you won’t be the wiser.
I doubt that the ordinary email user actually knows what an email header is and what to look for.
So signing an email electronically will ensure that the recipient can rest assured that they communicate with the right person and that their email has not been tampered with.
Encryption. If you care not to have your family secrets beeing read by anyone but the intended recipient - encrypt your emails. Period.
You don’t have to be paranoid to use at least the electronic signature function. You can read about identity theft everyday - stealing your email address both to spam you and to abuse it otherwise is day-to-day business “out there”.
I will not argue with anyone questioning the neccessity to use either of the above functions - either they use it or they don’t. I will not leave the door to my house unlocked, if others don’t care, that’s fine with me.
This is both a reply and an additional question. First, as to how easy it is to “forge” an e-mail. I have done so without doing a web search to find instructions. It took me about 2 minutes to figure out how and another five minutes of experimenting to do it. In my case, I was talking with a hardheaded friend who did not believe he needed a secure e-mail certificate. I sent him a message from himself admitting to heinous and fictitious behavior and then asked him how it would go over at work if I, as a disgruntled coworker or former coworker, had sent it to the workplace. He installed CSE the next day. It is so easy a grade school student of no particular talent can do it.
Second, most ISPs check outgoing e-mail addresses only to ensure that the domain portion (the xxxx.xxx part after the @ sign) is a valid domain. Almost no domains provide verification that the part in front of the @ is real although there is a standard to provide automated query and response on the subject. Because customers of public ISPs often have more than one e-mail address, they simply pass any e-mail with a valid domain out through SMTP. The delivery end, the POP server, only cares if there is a valid address to deliver to and could care less if the sender is valid. What checking goes on is to discourage spam and so as long as you do not send extremely large volumes they are very unlikely to notice forged e-mail.
Third, SSL only provides security between two computers. That could be between two servers or between a server and a client. In the e-mail world that becomes between your client called a Mail User Agent (MUA) and either the Simple Mail Transfer Protocol (SMTP) server for outgoing mail or the Post Office Protocol (POP) server for incoming mail. It does nothing across the network unless all the Internet servers ALL moved to SSL for all communications. Not likely to happen anytime soon. So your ISP moving to SSL for its servers only provides security for e-mail between people who use the same servers. Forgeries can come from outside regardless of what the sender information says. Do you know which way the e-mail came? No.
Fourth, how dangerous is it? From today’s New York Times: http://www.nytimes.com/2008/12/06/technology/internet/06security.html?th&emc=th This article discusses the growing threat but notice that e-mail is the most used method of initially getting into an end user computer. CSE is not a total solution but is a significant step in the right direction.
Now my question for the CSE experts. I initially got my secure e-mail certificate from the Comodo website and not through CSE . I have not used CSE to get a certificate. Getting the certificate the “old fashioned way” without CSE, Comodo obviously generated both public and private keys which I then downloaded. From the posting here, I take it that one of the features of CSE is that the key generation is local to my machine and Comodo in a manner similar to OpenPGP, as the Certificate Authority (CA), never sees the private key but merely signs and stores the public key and associated information. Is this correct? If so, it addresses the most common concern with the normal S/MIME implementation of X.509 certificates by CAs. (:CLP)
Hi ! I’m not a Comodo employee, but I can answer that one if you permit. No, Comodo did NOT generate any keys, YOUR computer did - the browser in that case. Is it so complicated to understand that the same question is posed over and over, and correct explanations (such as were given by Melih above) overlooked ?
What the CA does (Comodo or otherwise) is sign your “certificate” submitted to them by the browser. In the process their software only “sees” the public, i.e., non secret, part. The secret never leaves your computer in the process (assuming you are not running malicious software - trojan horses - )