← Back to team overview

ubuntu-phone team mailing list archive

Re: [feature request/question] Encrypted email/sms support?

 

Ok, I know very little about SIM cards. If they can't be cloned
realistically, then that's fine as an authentication measure I suppose. It
would also probably be wise to renegotiate the key at regular intervals, if
someone is actually interested in security.


On Thu, Jul 18, 2013 at 1:26 PM, Rasmus Eneman <Rasmus@xxxxxxxxx> wrote:

> >If you're going to handle key creation and exchange invisibly, what use
> is GPG?
> Because we would want that infrastructure for the email anyways.
>
>
> >I'd rather handle email encryption on my own, because if my phone died,
> I'd lose my private key and could no longer read my email (which I wouldn't
> be able to read outside of my phone >anyway.)  I think email is a use case
> which needs more investigation.
> Of course you should be able to do that to, but if you haven't added your
> own key that should
> be one there anyways.
> Their should be an option to sync your private key with Ubuntu One (this
> would also sync to Thunderbird on the desktop)
> This is however trading security for connivance so it should be off by
> default.
>
> >And if you do lose your phone, how do you renegotiate the key exchange
> with your friends' phones? what if your phone is just an impersonator that
> doesn't have the key and wants in anyways?
> We trust the phone number as SIM cards isn't clone-able. If the key for
> the same phone number changes and we still have that phone number in our
> address book that new key is secure.
> If not we should notice the user, explain why this could happen and ask
> him or her if the new key is trusted.
>
> >The question becomes "do we trust Ubuntu One to keep our private key
> secure?"
> Not by default I would say no. But we should have that as an option to
> automatically restore
> your key when you change device and to sync it to your desktop.
>
>
> 2013/7/18 Josh Leverette <coder543@xxxxxxxxx>
>
>> asymmetric encryption of some kind would probably be preferred. Possibly
>> using quantum computer proof asymmetric encryption. (look at Wikipedia, I'm
>> on my phone at the moment, or I would provide a link.)
>>
>> As far as email goes, that is notably more complex than SMS to handle.
>> The question becomes "do we trust Ubuntu One to keep our private key
>> secure?" if so, the solution is obvious, but if not, then we don't have an
>> easy solution. And if you do lose your phone, how do you renegotiate the
>> key exchange with your friends' phones? what if your phone is just an
>> impersonator that doesn't have the key and wants in anyways?
>>
>> Sincerely,
>> Josh
>> On Jul 18, 2013 1:08 PM, "Nathan Haines" <nhaines@xxxxxxxxxx> wrote:
>>
>>> On 07/18/2013 11:04 AM, Rasmus Eneman wrote:
>>>
>>>> The implementation I suggest in two parts.
>>>>
>>>> Quick messaging (SMS like):
>>>> Create an XMPP service bound to Ubuntu One account, all messages should
>>>> be encrypted with GPG.
>>>> Automatic key creation and exchange, totally invisible for the user,
>>>>
>>>
>>> If you're going to handle key creation and exchange invisibly, what use
>>> is GPG?  Why not use SSL or OTR?  I think IMs should be transparently
>>> encrypted whenever possible.
>>>
>>> I'd rather handle email encryption on my own, because if my phone died,
>>> I'd lose my private key and could no longer read my email (which I wouldn't
>>> be able to read outside of my phone anyway.)  I think email is a use case
>>> which needs more investigation.
>>>
>>> Regards,
>>> Nathan
>>>
>>> --
>>> Nathan Haines
>>> Ubuntu - http://www.ubuntu.com/
>>>
>>> --
>>> Mailing list: https://launchpad.net/~ubuntu-**phone<https://launchpad.net/~ubuntu-phone>
>>> Post to     : ubuntu-phone@lists.launchpad.**net<ubuntu-phone@xxxxxxxxxxxxxxxxxxx>
>>> Unsubscribe : https://launchpad.net/~ubuntu-**phone<https://launchpad.net/~ubuntu-phone>
>>> More help   : https://help.launchpad.net/**ListHelp<https://help.launchpad.net/ListHelp>
>>>
>>
>> --
>> Mailing list: https://launchpad.net/~ubuntu-phone
>> Post to     : ubuntu-phone@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~ubuntu-phone
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>
>
> --
> Rasmus Eneman
>



-- 
Sincerely,
    Josh

References