Closed
Bug 17623
Opened 25 years ago
Closed 22 years ago
Symmetric key email encryption
Categories
(MailNews Core :: Security, enhancement, P3)
MailNews Core
Security
Tracking
(Not tracked)
VERIFIED
WONTFIX
People
(Reporter: ron.ralston, Assigned: KaiE)
Details
(Keywords: helpwanted)
The current email encryption mechanism and the proposed 5.0 mechanism are too complex for most people to use. Using public key encryption, digital signatures, and whatnot is gross overkill for the security concerns of most of us. This high level security requires too much up-front preparation and coordination between the mail sender, recipient, and even third parties. I don't need unbreakable encryption, I just need something that makes it difficult for a casual sneak to read my email. I propose that selecting the security option in a composition window (or in email preferences) present "normal security" and "high security" options. The high security option is the current and proposed security. The normal security option is something very simple to use: prompt for a key (maybe 5 to 16 or so characters) and then use that key to cipher/scramble/encrypt the message and attachments. The outgoing message would be tagged (maybe also in the "subject" line) to indicate that it's in code. Upon receipt of such a message, the email package in the browser might detect the tag and prompt the reader to enter the key. When the correct key is entered, the body of the message is presented in readable form. It should remain stored in encrypted form. Selecting the "save to disk" option after clicking on an attachment should have the added option of being saved encrypted or decrypted. If my friend replies to this message, it should default to being encrypted (no action need be taken to encrypt) using the same key. Security should be simple to use. I want to be able to call my friend on the phone and tell him that the key is his oldest childs first name (or something equally memorble). I don't want to have to go through the key holder and digital signature hassle -- and neither do most people who send email. Fancy encryption is not the issue here, most users don't intend to keep the FBI or NSA from reading their mail. They want to keep some snoop who has access to their server or their PC from reading their mail.
Updated•25 years ago
|
Assignee: jefft → nobody
Status: ASSIGNED → NEW
Summary: simpler email encryption → [HELP WANTED] Simpler email encryption
Whiteboard: [HELP WANTED]
Comment 1•25 years ago
|
||
Add to [help wanted] list
Updated•25 years ago
|
Keywords: helpwanted
Updated•25 years ago
|
Summary: [HELP WANTED] Simpler email encryption → Simpler email encryption
Whiteboard: [HELP WANTED]
Target Milestone: M18
Bulk moving all MailNews Security bugs to new Security: General component. The previous Security component for MailNews will be deleted.
Component: Security → Security: General
Updated•24 years ago
|
Summary: Simpler email encryption → Symmetric key email encryption
Comment 3•22 years ago
|
||
Ron: are you aware how easy to break such encryption scheme is? The moment it is widely used, you'll get dedicated Mozilla mail descramblers that would break 8 characters key in a matter of hours on old (Cel 300 MHz) equipment. I think that such feature would give a false sense of security and would do more harm that good.
Comment 4•22 years ago
|
||
However, I agree that such feature would be useful, If users chose adequate length passwords (the passwords should be hashed before being used as a symmetric key by PSM). BTW, maybe it's safe to mark this bug as a dupe of bug 35308?
Comment 5•22 years ago
|
||
I vote for a wontfix resolution.
Assignee: nobody → kaie
QA Contact: lchiang → junruh
Comment 6•22 years ago
|
||
Me too.
Comment 7•22 years ago
|
||
Wontfix.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → WONTFIX
Updated•20 years ago
|
Product: MailNews → Core
Updated•16 years ago
|
Product: Core → MailNews Core
You need to log in
before you can comment on or make changes to this bug.
Description
•