Analyzing Email Security: Tasks
With RSA over, its back to thinking about security usability and in particular email security usability. When I wrote the dotCrime Manifesto, I began by saying that there is more to security than just cryptography. Then I described a proposal for making email more usable that was essentially pure cryptography, albeit cryptography that was much better hidden than in the past.
The value of applying the task based analysis is that it has exposed a number of security issues that have absolutely nothing to do with cryptography and lead to far more real world problems than actual cryptanalytic attacks do today.
One thing I discovered when working on the task analysis is that it is pretty hard to do by thinking about it. I remain skeptical as to the value of small-n studies in the evaluation of the design itself, but I do think that they are likely to prove useful in building up the set of tasks.
So here are the tasks that I performed with email yesterday:
- Sent a mail message to a company employee.
- Read a company email about an organization issue.
- Replied to a mail message purportedly sent by a company employee.
- Replied to the company employees only on a message sent to company employees and a partner.
- Replied to a query from a customer that had been forwarded to be.
I suspect that these are pretty typical. But as I will discuss in the next installment, the current email clients do not give me sufficient information to complete these tasks securely without the user engaging in an unreasonable degree of effort.
