Returning to our discussion of Encryption, we reach one of the most contested portions of modern Public-Key cryptography: Key Distribution. The advent of Public Key Cryptography went a long way in making reliable, distributed cryptosystems a reality, because now each member of the cryptosystem can have their own secret, instead of the old model where each group of communicators would maintain their own secret, which could obviously lead to a large number of shared secrets to be managed by one person. Due to the circular nature of the RSA algorithm, a user can keep their secret secret, and make the public portion of their key available to as many people as they choose.
The question, however, is how public is too public? The ultra-paranoid would argue that public keys should only be given to people you intend to communicate securely with. However, this attitude has several potential flaws. If you wish full control over your public key, you run in to all the same key distribution problems that old key management systems required, namely the need to establish a secure method of trading keys in order to communicate securely!
The alternative, which is fairly popular among many users, is the Public-Key server which serves as a collection of any and all public keys users choose to upload to it, freely available to anyone who wants to download it. Some people feel that making your public key publically available could allow your key to be broken, though a reasonably large key size, and a key expiring periodically makes this unlikely. The more pertinent issue, in my mind, is the social networking attacks that are possible against such a public system. By analyzing who has signed a person’s key, you can build a pretty good picture of that person’s known associates, which could be used by a scammer or attacker to determine ways to get at a mark. Of course, the popularity of social networking sites, even among people over 50 years old suggests that most people aren’t that concerned about Web of Trust-based attacks.
As a decent in between, I think it’s worth large enterprises to consider running their own keyservers, open only to people authorized to access the enterprise network. This should make the paranoids more comfortable, as they won’t have to worry about just anyone getting their hands on their encryption key, and everyone in the enterprise knows exactly where to find verified and trusted keys for their co-workers. By utilizing technologies to limit access to the key server based on network locality, the system is mostly free from the social networking based attacks referred to above, and more trust can be associated with the keys, due to the extra controls in place for who can place data on the server. With the success of server virtualization, the fiscal impact of running the server should be very low.
In the end, I think we may still need to do something to better integrate Encryption technology into modern computing. The problem is that it will need to be a largely population-led movement, as there are forces at work that don’t want your communications to be private. That want to stigmatize encryption as the realm of paranoids and terrorists. Maybe there is a touch of paranoia to it, but it’s more of a matter of education. People often mistakenly believe that communication they are having is secret, when really, it’s potentially open to the world. Business and Government often need to communicate confidential information to one another, but often fail to do so securely, simply because they fail to acknowledge the realities of secure communication until they have made a serious mistake potentially compromised confidential information.
It is the responsibility of all organizations to protect their data, particularly where it comes down to personal information of their employees, customers, and beneficiaries. I am of the opinion that high-grade encryption is the best way to accomplish this task. I also feel that we can do better than the 128-bit keys which are standard in the world of secure web communications today. I prefer PGP or GPG Keys to S/MIME Certificates, simply because they can be more easily used for more than just e-mail. However, the point of this, and the last several entries on Encryption, is that if you aren’t using it, you need to evaluate why you aren’t, and most likely, I think you’ll find a reason, at least in business, to do so.