On Sun, 24 Sep 2000 [EMAIL PROTECTED] wrote:
>AbsoluteFuture.com of Bellvue, Wash., has dubbed its service "SafeMessage,"
>describing it as a "direct messaging" service that transmits messages from party to
>party without the use of a central server.
>
>This distinction is significant because email, which always passes through mail
>servers, leaves a trace copy of itself that can be subpoenaed, read or otherwise
>accessed by unauthorized readers.
>
>Besides bypassing a central server, the messages are heavily encrypted and are
>programmed to be automatically erased after a period of time designated by the
>sender. The encryption not only prevents outsiders from reading the message, but also
>limits the message recipient's ability to forward, cut and paste, or print the
>message.
>
WRONG! If data can be displayed by the recipient's computer, then it
can be captured. Wanna bet somebody can't hang a screen-copying utility
on their keystroke interrupt and capture the information that way?
While this kind of stunt (actually just leaving those functions
out of the GUI) may give people "warm fuzzies", it does not
materially add to security, because fundamentally, the user has
physical access to his/her own machine and can do whatever he/she
wants to on it.
And while it's probably good to notice that servers can get
compromised and bypass them, does anyone here think routers can't
be compromised? Let's face it, if the bits go from you to the
other person over the Internet, there are always going to be
lots of places where someone with fingers in the network can get
a copy of them. Keeping a copy is not normal behavior for routers,
but if someone wants to log traffic at a router they own, they
certainly can.
>Rival products include HushMail, ZixMail, Disappearing Inc. and Authentica.
As the owner of Disappearing Inc. I can tell you right now that we
do not yet have a product in this space and do not have one under
development at the current time. We have completed a feasibility
study, in the context of a larger product encompassing a lot of
different protocols, and that is all. A product, *IF* we decide
to go ahead with one, is still over two years out.
>
>Unlike AbsoluteFuture, however, these services use ordinary email delivery systems
>that are prone to online eavesdropping and may leave trace copies behind in the
>computers used to carry them. AbsoluteFuture believes it has found a solution to this
>problem by harnessing technology known as peer-to-peer networking, which connects
>personal computers directly, without the need for a central server to route file
>transfers.
>
It seems odd to see Disappearing Inc's product described in this way
since we don't have one.
>To use SafeMessage, a person signs on to the program with an ID and password,
>similarly to an email client. When typing the recipient, the person sends the contact
>to AbsoluteFuture's server, which locates the recipient online and allows the sender
>to send the message directly to the recipient.
>
And also provides a central monitoring point that allows SafeMessage
to maintain logs of who mailed who and when, and to do a complete
traffic analysis of all messages sent with this system. Isn't that
special?
>The message is encrypted before it leaves the sender's computer, and the decoder key
>is destroyed. If the recipient is not online, the sender must send the message to
>AbsoluteFuture's server, which will hold the message until the recipient logs on or
>the message times out.
And we know, of course, that when the message times out or is delivered,
it's erased from the AbsoluteFuture server. We know it because ... well,
actually, we don't. Unless we extend greater fundamental trust to the
AbsoluteFuture server than to the servers we bypass by using it. There
is no protocol for making sure that something is erased. Now, they are
probably erasing. But we can't verify it, any more than we can verify
erasing in any cypherpunk remailer. And they have their heads up far
enough to attract attention, and they have investors to answer to so
they can't just shut down if compromised the way cypherpunk remailers do.
So there could be a carnivore already in place on their system for all
we know, and they wouldn't be allowed to talk about it.
>"In one sense this is slightly less secure because we're looking after it," Graham
>said. "But we don't have the key to get at it. Even if there was a court order for
>the message, it is highly encrypted. We'd say, 'OK, go ahead try to open it.'"
>
Right. While this system provides a route outside the normally monitored
routes for traffic, it is not a route that can't be monitored. While it
provides a server other than those normally subpeona'd, it is not a server
that can't be subpeona'd. The only hard security this system can offer,
therefore, is the encryption.
So, if the product can be exported or downloaded from a website, I
would have to suspect since it's made in the US that somewhere in the
headers or trailers, the message bears a block that contains most of
the key (all but the last 40 bits) encrypted in a form the NSA (and
whomever else has their key) can read. -- This is the same thing that
happened to Netscape after v4.07 for example, and Internet Explorer
after v4. If it can't be exported, that would be a good sign.
Aside from that, I don't know the particulars of the encryption they
use - they claim to use a product cipher, but so far I haven't seen
what the components of the product cipher are, what the key lengths
are, how they do key management, etc etc etc.
Ray Dillinger
Disappearing Inc
