Herbivore

| News |

Herbivore: transparent public-key encryption

1. Introduction

Herbivore is an initiative to encourage more people to use encrypted email. Many people are concerned about potential infringements of privacy due to using insecure email, but don't routinely use strong encryption because it is a hassle to set up and use. Furthermore, if I want to send secure email to you, then both of us must use encryption software.

Herbivore aims to reduce this hassle, making strong encryption almost totally effort-free for the user.

2. The Problem

Using GnuPG (or equivalent such as PGP) to encrypt your email is useful, if done routinely. If done selectively it is less useful, as an adversary can use traffic analysis to find who you want secret correspondence with. (Here I am considering especially an adversary such as a government with desires to monitor all email - if Herbivore can beat an adversary with such large resources, it will likely provide excellent protection against a weaker adversary).

3. Proposed solution

To make sending encrypted email easier, by getting the email client (Often know as mail user agent or MUA) to do the hard work. Define a standard in email headers for encryption; the purpose of this standard is to allow encrypted emails to be send almost completely automatically if the MUAs at each end support the standard. MUA's that support Herbivore are known as ``Herbivore-aware'' or ``Herbivore-compliant''.

Here's an example, to illustrate how Herbivore will work:

Alice and Bob both use herbivore-compliant MUAs. Alice sends a message to Bob (it's the first time they've emailed each other). The message is sent as plain text, but the herbivore subsystem inserts some extra headers, which say that Alice's MUA is herbivore-aware, and what Alice's public key is.

Bob's MUA reads the email. The Herbivore subsystem in the MUA notes that Alice's email is from a Herbivore-aware client, and remembers Alice's public key.

Bob decides to reply to Alice's message. He composes his reply as normal, and presses SEND. The Herbivore subsystem in Bob's MUA automatically encrypts the email with Alice's public key, before sending it to her.

When Alice's MUA receives the message, it is automatically decoded (using Alice's private key). Alice then sees on her screen the message that Bob sent her.

Compliant MUAs will, by default (overridable by the user) generate a public/private key pair and transmit the public key.

When a compliant MUA sees an incoming email with the headers it makes a note of it. When the user sends an email to that email address, the MUA can encrypt it with the reciever's public key, so that only the receiver can read it.

Compliant MUAs will have a system for checking that the key and fingerprint that are recieved from incoming email are the real keys of the sender, and not altered as part of a man-in-the-middle attack. But the system would default to doing everything automatically (and perhaps telling the user, via a dialog box, what is going on).

As well as defining the headers, a project to implement this scheme would include adding the relevant functionality to one or more of the popular open-source MUAs. Makers of closed source MUAs would be invited to use the protocol too.

4. Further Reading

About Herbivore:

News about Herbivore and Herbrip.
The specification for Herbivore-compliant email messages (Out of date - the specification hasn't kept up with Herbrip releases).
Herbrip - the Herbivore Reference Implemenation in Python.
Some enhancements, pitfalls and other issues associated with Herbivore. These will have to be addressed.
Frequently Asked Questions (and their answers) about Herbivore.
Herbrip's page on Freshmeat - Freshmeat has a facility to send you an email notifying you of new Herbrip releases.

Some other software projects:

Camram aims to cut down spam. Other anti-spam systems include Vipul's Razor and TMDA. The architecture of these systems is very similar to Herbrip's.
GnuPG is a package for encryping email. It's an open source / free software workalike of the PGP program.
Freenet is an encrypted peer-to-peer file sharing system.
The Circle is a peer-to-peer file sharing system that also has a chat client.
Stes is an experiment to encrypt files on a hard disk. Stes will decrypt to different plain texts depending on which key is used.

Standards and other links:

A study on the ease-of-use of PGP 5.0 (or rather the lack of it) concluded that it was ``not sufficiently usable to provide effective security for most users''. Hence the need for something easier.
RFC 2822 defines the format of email, and supercedes RFC 822.
S/MIME is a standard for encrypted email.

By Philip Hunt, philh@comuno.freeserve.co.uk - your comments are welcome.
Last altered: 8 Feb 2002.