[146464] in cryptography@c2.net mail archive
Re: [Cryptography] Separating concerns
daemon@ATHENA.MIT.EDU (Jerry Leichter)
Thu Aug 29 15:22:19 2013
X-Original-To: cryptography@metzdowd.com
From: Jerry Leichter <leichter@lrw.com>
In-Reply-To: <CAN7nBXdXjG3Haw49DJ=hp+HdROE7R7soNK_Cj=hX4RYhZv7mLA@mail.gmail.com>
Date: Thu, 29 Aug 2013 07:15:59 -0400
To: =?iso-8859-1?Q?Far=E9?= <fahree@gmail.com>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>,
Phill <hallam@gmail.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Aug 28, 2013, at 2:04 PM, Far=E9 wrote:
>> My target audience, like Perry's is people who simply can't cope with an=
ything more complex than an email address. For me secure mail has to look f=
eel and smell exactly the same as current mail. The only difference being t=
hat sometime the secure mailer will say 'I can't contact that person secure=
ly right now because=85'
>> =
> I agree with Perry and Phill that email experience should be
> essentially undisturbed in the normal case, though it's OK to add an
> additional authorization step.
> =
> One thing that irks me, though, is the problem of the robust, secure
> terminal: if everything is encrypted, how does one survive the
> loss/theft/destruction of a computer or harddrive? I'm no ignoramus,
> yet I have, several times, lost data I cared about due to hardware
> failure or theft combined with improper backup. How is a total newbie
> to do?
This is a broader problem, actually. If you've ever had to take care of so=
meone's estate, you'll know that one of the problems is contacting all the =
banks, other financial institutions, service providers, and other such part=
ies they dealt with in life. My experience dealing with my father's estate=
- a fairly simple one - was that having the *paper* statements was the ess=
ential starting point. (Even so, finding his safe deposit box - I had the =
unlabeled keys - could have been a real pain if my sister didn't remember w=
hich bank it was at.) Had he been getting email statements, just finding h=
is mail accounts - and getting access to them - could have been a major und=
ertaking. Which is one reason I refuse to sign up for email statements ...=
just send me the paper, thank you. (This is getting harder all the time. =
I expect to start getting charged for paper statements any time now.)
Today at least, my executor, in principle, work with the mail provider to g=
et access. But for truly secure mail, my keys presumably die with me, and =
it's all gone.
You don't even have to consider the ultimate loss situation. If I'm tempor=
arily disabled and can't provide my keys - how can someone take care of my =
bills for me?
We can't design a system that can handle every variation and eventuality, b=
ut if we're going to design one that we intend to be broadly used, we have =
to include a way to handle the perfectly predictable, if unpleasant to thin=
k about, aspects of day to day life. Absolute security *creates* new probl=
ems as it solves old ones. There may well be aspects to my life I *don't* =
want revealed after I'm gone. But there are many things I *do* want to be =
easily revealed; my heirs will have enough to do to clean up after me and m=
ove on as it is.
So, yes, we have to make sure we have backup mechanisms - as well as key es=
crow systems, much as the term "key escrow" was tainted by the Clipper expe=
rience.
-- Jerry
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
