[146453] in cryptography@c2.net mail archive
Re: [Cryptography] Separating concerns
daemon@ATHENA.MIT.EDU (Phill)
Wed Aug 28 14:37:49 2013
X-Original-To: cryptography@metzdowd.com
From: Phill <hallam@gmail.com>
In-Reply-To: <CAN7nBXdXjG3Haw49DJ=hp+HdROE7R7soNK_Cj=hX4RYhZv7mLA@mail.gmail.com>
Date: Wed, 28 Aug 2013 14:31:05 -0400
To: =?windows-1252?Q?Far=E9?= <fahree@gmail.com>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Aug 28, 2013, at 2:04 PM, Far=E9 <fahree@gmail.com> wrote:
> On Wed, Aug 28, 2013 at 4:15 PM, Phill <hallam@gmail.com> wrote:
>> My target audience, like Perry's is people who simply can't cope with an=
ything more complex than an email address. For me secure mail has to look f=
eel and smell exactly the same as current mail. The only difference being t=
hat sometime the secure mailer will say 'I can't contact that person secure=
ly right now because=85'
>> =
> I agree with Perry and Phill that email experience should be
> essentially undisturbed in the normal case, though it's OK to add an
> additional authorization step.
> =
> One thing that irks me, though, is the problem of the robust, secure
> terminal: if everything is encrypted, how does one survive the
> loss/theft/destruction of a computer or harddrive? I'm no ignoramus,
> yet I have, several times, lost data I cared about due to hardware
> failure or theft combined with improper backup. How is a total newbie
> to do?
You have to have key backup to address that security goal. And that will ne=
cessarily mean that you increase your coercion risk. And which security goa=
l you choose to satisfy is likely to depend on your situation.
One solution would be to back up your private key and put the shares in one=
or more bank safes. But then you are vulnerable to a coercion attack on yo=
ur bank. Which you can address by putting the shares in a tamper evident ba=
g but only if you go to the bank regularly to audit it.
One of the features of this problem is that if you make absolute security a=
requirement you are going to go absolutely potty trying to solve every ele=
ment. Fortunately we can still do a lot of good by providing a system that =
prevents wholesale abuses.
I am not a crypto-absolutist. I don't particularly want to be giving crypto=
to terrorists. When I was 18 I woke up to hear that the IRA had attempted =
to murder my cousin. =
However I don't want to be giving intercept power to Putin who murders peop=
le with poisoned teapots on the streets of London either. And I certainly d=
on't trust the NSA and GCHQ with the wholesale intercept capability reveale=
d by Snowden.
> Most newbies rely on things surviving despite their lack of explicit
> caution. Currently, they do it by basically trusting Google or some
> other company with their mail. Whichever way you do things to make
> them responsible for keys will lead to either (1) failure because it's
> technically too hard, and/or (2) automated attacks on the weak point
> that handles things for them.
And for a company it is almost certain that 'secure against intercept by an=
y government other than the US' is an acceptable solution.
> That's a lot of yak to shave to provide end-users (or even average
> geeks) with seemless secure email.
I am currently working on a podcast history of the web to publicize my expe=
rt witness practice. Which had me looking at the reason Tim Berners Lee suc=
ceeded where Ted failed. The thing that distinguished their efforts was not=
the problems they solved. Ted had 120% of the Web ten years before Tim sta=
rted.
The difference was that Tim realized that some of the problems were very ha=
rd and could be punted on for a first draft. Then after the Web took off it=
built out infrastructure that made it possible for others to fill in the g=
aps. So Ted had search built in. Tim had a hole which was filled by others.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
