First of all, thank you for your efforts to spread transport encryption to make the internet more secure. I know you are probably very busy fixing last minute problems before the launch. Nevertheless I would appreciate comments on the following proposal.
Project Proposal: Let’s Encrypt Email
The goal of Let’s Encrypt Email is to establish a distributed infrastructure for easy-to-use end-to-end email encryption that is compatible with existing clients and offers a turn-key solution for the average user. In order to reach that goal I propose to use a hybrid scheme of S/MIME and PGP encryption that is backwards compatible with standard S/MIME email encryption, and some additional protocols and conventions that increase ease of use.
In recent weeks we have seen some email providers adding support for PGP encryption in their web mail interfaces (for example German providers GMX and Web.de and an announcement from Yahoo). Unfortunately at least the German providers establish some kind of walled garden: they only solve the problem of initial trust between their own users; they make importing public keys from users of other providers unnecessarily cumbersome; and they make it difficult to use an existing key.
I think we can only reach broad acceptance and use of email end-to-end encryption if we provide a solution that works, no matter whether writing emails to the same or a different email provider. Even more I think that the solution should compatible to almost any email client or browser out of the box.
Hybrid Use of S/MIME and PGP
While the PGP seems more popular among experienced users, the PGP envelope format is unfortunately not understood out of the box by the vast majority of email clients. That leads to strange text in the email body (the famous BEGIN PGP SIGNED MESSAGE) or unknown attachments that irritate inexperienced users because they fear viruses. S/MIME is implemented in most email clients and also used in enterprise environments, but users need access to a certificate authority and more experienced users fear that there might be rogue CAs that sign malicious keys so that their communication with people they know over a few hops might be intercepted. In addition the X.509 certificate format is not very flexible, because it does not allow multiple signatures on one certificate and there is no widely adopted infrastructure to retrieve certificates for the initial contact, like PGP key servers.
I propose to use a hybrid scheme combined from S/MIME and PGP that is fully backwards compatible with S/MIME:
- The user generates a normal PGP key (with a Features flag indicating that the client supports Let’s Encrypt Email) or imports an existing one.
- The same public keys from the PGP keys are sent to Let’s Encrypt to be wrapped in a X.509 certificate and signed by the Let’s Encrypt CA (or another compatible CA). The certificate contains a non-critical v3 extension containing the PGP key ID and possibly a URL where the PGP key can be retrieved.
- The user sends mails using the S/MIME envelope format, including the X.509 certificates derived from her PGP key.
- Other users validate the signature from the S/MIME envelope using the included certificates.
- If the email client of the receiver supports Let’s Encrypt Email, it retrieves the PGP key indicated in the X.509 certificate and builds a PGP trust chain. If the trust chain can be established, the email client indicates this additional verification to the user (similar to extended validation certificates in web browsers).
- S/MIME-only email clients can just use the collected X.509 certificates for encryption. There is no possibility to send encrypted emails to receivers from whom the sender did not previously get an email that included her certificates (which is the status quo).
- Email clients that support Let’s Encrypt Email or PGP can retrieve the PGP key of the receiver from a PGP key server or a similar well-known mechanism if it is unknown. If the PGP key indicates that the receiver supports Let’s Encrypt Email and the sender also does and there is no trust path, it will additionally fetch the corresponding X.509 certificates from a well-known location and verify that it is signed by a trusted CA. The email is encrypted using a PGP envelope.
For compatibility with PGP-only tools we could try to work on support for the S/MIME envelope signatures in the standard GnuPG tool suite and library and other widely used PGP software such as Mailvelope.
- Initial trust for unknown public keys via the X.509 PKI. That leads to a lower barrier of entry, while at the same time providing for some authentication of the public key which is a major improvement over just trusting unauthenticated keys (that’s what inexperienced users usually resort to otherwise)
- Web of trust authentication for additional trust
- Backward compatibility
Problems/Opportunities for improvement:
- The additional step when sending an encrypted email of getting the X.509 certificates for the PGP key if Let’s Encrypt Email is supported is necessary to establish initial trust. It could be avoided if the CA would also sign the PGP key but the problem is that the CA then would have to sign the complete identity and therefore be able to verify the users full name, it can’t just sign only the email address part of it as far as I am aware.
- There are PGP keys uploaded to key servers which the supposed owners do not have control over. If we try to encrypt whenever possible we might often run into situations where the receiver can’t decrypt the email, which harms the user experience dramatically. So we should only encrypt when a trust path can be established, push for encryption subkeys with a relatively short expiration time span and strongly advise users to backup their keys (at least some token to revoke them).
Access from Multiple Clients
Nowadays it is normal to access the email account from multiple email clients and different devices. Many users use web mail interfaces and in some regions often even access them using public computers such as in internet cafés or public libraries. So we need to share the key material in such a way that encrypted emails can be read on multiple clients and the primary key can be shared only among trusted devices.
To reduce complexity and maximise interoperability I propose that Let’s Encrypt Email clients use a Storage API implemented by the email provider with Let’s Encrypt as a fall-back provider, similar to Persona. In that storage they share multiple cryptographic containers containing the key material: one container for the primary key and additional containers for sets of subkeys that are shared by similarly trusted devices. The secret for the cryptographic container limited to trusted devices should in addition to a password chosen by the user also contain a part that is randomly generated and stored on the devices. A new device is marked as trusted by transferring the random secret to the device (via QR-Code, similar machine readable offline channels, or manually).
- Can use existing credentials
- Distributed architecture
- Need to roll out a new technology to email providers to take advantage of the distributed architecture and existing credentials
- Too many eggs in one basket: if the email account gets hacked, the attacker might also have access to the encrypted container with the keys
Advanced users may get additional security if their email client supports storing the keys in a cryptographic hardware device such as a smartcard or USB token (like the USB armory).
- Totally under the control of the user
- Added complexity of the system limits usability (drivers, limitations of the device, detection in browsers, etc.)
- No access without the device
Other storage modes such as using IMAP or existing cloud storage providers to store the cryptographic containers would be possible but they all add some layer of complexity or raise compatibility issues. Therefore I propose to limit it to the above choices with the Let’s Encrypt Email Storage API support being mandatory to reach maximum interoperability.
S/MIME doesn’t solve the key distribution problem. Therefore the most often used method is to send an unencrypted request to communicate privately, which is replied to by a human with a signed message containing the public key of the respondent. This is cumbersome, increases the entry barrier and increases the latency of communication. For company-internal communication LDAP servers can be queried for the certificates but that is no option for external or personal communication because these LDAP servers are often not publicly accessible.
For Let’s Encrypt Email I propose to use the distributed storage API also used for the key storage to store and retrieve certificates. So for every email provider there would be a well-known URL that tells where the certificate for a particular email address can be retrieved. And if the email provider doesn’t provide such a URL, then it falls back to Let’s Encrypt.
- Until email providers widely implement the storage API, Let’s Encrypt will hold a lot of data and therefore be an interesting target for attacks
- The existence of a certificate can be used by spammers to validate email addresses. Possible solution: always reply with a certificate; if the email address does not exist, generate a certificate on the fly (does not necessarily need to be a valid one, we want to only slow down the spammer).
Email Address Verification
In order to issue a certificate to an email address/public key combination, the Let’s Encrypt CA would first have to verify that the user controls that email address. The usual approach would be to send a verification email with a token that is then send back to the CA to verify the identity, which should be enough for trust on first use and would give a low barrier for the initial set up. The down side is obviously that anyone who can intercept or access emails for that email address can verify that email address as his own.
To make attacks harder, the verification could use Persona instead of or in addition to the verification email. One problem is that Persona’s default password reset process only falls back to a verification email too. But if the email provider has better restrictions in place (two factor authentication, attack detection systems, etc.) then it has higher security properties than the verification email. Especially organisations and users who run their own mail server can implement their own, more restrictive policies.
To avoid taking over email addresses that have existing keys issued for them, we should check PGP key servers, the well-known URLs for public key retrieval and certificate transparency for existing certificates. If an existing certificate is found we could send a verification email that also contains a negative verification link to deny the issuance request. If the positive verification link is followed and the negative verification link is not followed then we could grant the request after some waiting period (one or two weeks).
When we push for widespread email encryption, we will most likely have to deal with ordinary users who will be more likely to loose access to their private key. Either because they have no backup or because they lost their password. The backup part is partly handled by the storage API, but if the device secret is lost, then it might still happen. The lost password is more problematic and not easily solvable as we can’t just reset the password used to encrypt the cryptographic container. One solution is to encourage users to print out the full secret for the encrypted container and store it some place safe. But even then we have to expect that some users do not follow the advice. In that situation the user can just generate a new set of keys, the process for email address verification with existing keys would also handle the case when access to the private key is lost and the old key would be revoked.
If you like the proposal, then I would be happy to work with you to realise such a system. If you have suggestions on how to improve, I would be happy to know.