if ( knowledge ) {

A place for thought, progress, and dissent.

Monday, July 17, 2006

Sign Up?

Hash: SHA1

My email box is constantly plagued by spam, phishing, and other random junk. Banks, PayPal, and other merchants have spent a lot of time educating the public on how to recognize "spoofed" emails, and not believe (or click) everything they get in their inbox.

Wouldn't it be great if I could know that email came from PayPal?

We have the tools--we have for years. Public Key Encryption (PGP, GPG, and the like), in addition to allowing for top-notch privacy also can allow for nearly-perfect sender identification.

With Encryption, I can send an email to a colleague and know that only he can open it (at Collective Idea, we do this as a matter of habit--even if we're just sending a funny link). The other side, Signing, allows for me to send an email to anyone and have them *know* that I am the only person who could possibly have sent it.

To know that the sender is who they say they are, I do need to have PGP installed, and be smart about accepting keys. If I do both of these things, I have a greater level of assurance. If I don't, I see a message that looks exactly like this one.

I'm starting to think that all web applications should sign emails without exception. Do I care if my account notice from Bascamp is real? Probably not, but I would like to know I can. I'd also like to see PGP more widely used... this could help, if only in a small way.

I'm considering adding signed messages to some apps I'm working on. Is it worth it? Would people respond well, or get confused?

Version: GnuPG v1.4.3 (Darwin)



At 9:01 PM, Anonymous Brandon Keepers said...

Dan, I think this is a good idea and something that needs to be explored! Public key encryption is a great technology but seems to be used by only a tiny minority of people.

Imagine how useful it could be if apps started building in support for it. You could almost use it as an authentication mechanism. An example that comes to mind is for something like basecamp. It's annoying that when I receive an email for a message posted in basecamp, I can't just hit reply. I have to go log in and post the message. What if I could just hit reply, and (since I uploaded my public key when I created my account) my signature on the email message allows basecamp to verify that the message is from me.

One of the challenges with having apps sign messages is that you will either have to use a private key without a passphrase, or store the passphrase for the key in the app, both of which decrease the security of it.

At 10:43 PM, Blogger Daniel said...

You raise good points about security, but even if you had a "company" email account with PGP (support@example.com), you'd have a similar problem.


Post a Comment

<< Home