[147253] in cryptography@c2.net mail archive
Re: [Cryptography] PRISM-Proofing and PRISM-Hardening
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Sat Sep 21 18:19:40 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <CAMOP+b57EUj=3o4kU4vXyBk+o-d0bfF=CtVSZjO-w-zHOTo59w@mail.gmail.com>
Date: Thu, 19 Sep 2013 18:21:58 -0400
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Max Kington <mkington@webhanger.com>
Cc: "Salz, Rich" <rsalz@akamai.com>,
"cryptography@metzdowd.com" <cryptography@metzdowd.com>,
Bill Frantz <frantz@pwpconsult.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============4206879421515239197==
Content-Type: multipart/alternative; boundary=089e011774756d532a04e6c3fb35
--089e011774756d532a04e6c3fb35
Content-Type: text/plain; charset=ISO-8859-1
On Thu, Sep 19, 2013 at 5:11 PM, Max Kington <mkington@webhanger.com> wrote:
>
> On 19 Sep 2013 19:11, "Bill Frantz" <frantz@pwpconsult.com> wrote:
> >
> > On 9/19/13 at 5:26 AM, rsalz@akamai.com (Salz, Rich) wrote:
> >
> >>> I know I would be a lot more comfortable with a way to check the mail
> against a piece of paper I
> >>
> >> received directly from my bank.
> >>
> >> I would say this puts you in the sub 1% of the populace. Most people
> want to do things online because it is much easier and "gets rid of paper."
> Those are the systems we need to secure. Perhaps another way to look at
> it: how can we make out-of-band verification simpler?
> >
> >
> > Do you have any evidence to support this contention? Remember we're
> talking about money, not just social networks.
> >
> > I can support mine. ;-)
> >
> > If organizations like Consumers Union say that you should take that
> number from the bank paperwork you got when you signed up for an account,
> or signed up for online banking, or got with your monthly statement, or got
> as a special security mailing and enter it into your email client, I
> suspect a reasonable percentage of people would do it. It is, after all a
> one time operation.
>
> As with other themes though, one size does not fit all. The funny thing
> being that banks are actually extremely adept at doing out of band paper
> verification. Secure printing is born out of financial transactions,
> everything from cheques to cash to PIN notification.
>
> I think it was Phillip who said that other trust models need to be
> developed. I'm not as down on the Web of trust as others are but I strongly
> believe that there has to be an ordered set of priorities. Usability has to
> be right up there as a near-peer with overall system security. Otherwise as
> we've seen a real attack in this context is simply to dissuade people to
> use it and developers, especially of security oriented systems can do that
> of their own accord.
>
> If you want to get your systems users to help with out of band
> verification get them 'talking' to each other. Perry said that our social
> networks are great for keeping spam out of our mailboxes yet were busy
> trying to cut out the technology that's driven all of this.
>
> Out of band for your banking might mean security printing techniques and
> securing your email, phoning your friends.
>
Bear in mind that securing financial transactions is exactly what we
designed the WebPKI to do and it works very well at that.
Criminals circumvent the WebPKI rather than trying to defeat it. If they
did start breaking the WebPKI then we can change it and do something
different.
But financial transactions are easier than protecting the privacy of
political speech because it is only money that is at stake. The criminals
are not interested in spending $X to steal $0.5X. We can do other stuff to
raise the cost of attack if it turns out we need to do that.
So I think what we are going to want is more than one trust model depending
on the context and an email security scheme has to support several.
If we want this to be a global infrastructure we have 2.4 billion users to
support. If we spend $0.01 per user on support, that is $24 million. It is
likely to be a lot more than that per user.
Enabling commercial applications of the security infrastructure is
essential if we are to achieve deployment. If the commercial users of email
can make a profit from it then we have at least a chance to co-opt them to
encourage their customers to get securely connected.
One of the reasons the Web took off like it did in 1995 was that Microsoft
and AOL were both spending hundreds of millions of dollars advertising the
benefits to potential users. Bank America, PayPal etc are potential allies
here.
--
Website: http://hallambaker.com/
--089e011774756d532a04e6c3fb35
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On Thu, Sep 19, 2013 at 5:11 PM, Max Kington <span dir=3D"ltr"><=
<a href=3D"mailto:mkington@webhanger.com" target=3D"_blank">mkington@webhan=
ger.com</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div class=3D"im"><p dir=3D"ltr"><br>
On 19 Sep 2013 19:11, "Bill Frantz" <<a href=3D"mailto:frantz@=
pwpconsult.com" target=3D"_blank">frantz@pwpconsult.com</a>> wrote:<br>
><br>
> On 9/19/13 at 5:26 AM, <a href=3D"mailto:rsalz@akamai.com" target=3D"_=
blank">rsalz@akamai.com</a> (Salz, Rich) wrote:<br>
><br>
>>> I know I would be a lot more comfortable with a way to check t=
he mail against a piece of paper I<br>
>><br>
>> received directly from my bank.<br>
>><br>
>> I would say this puts you in the sub 1% of the populace. =A0Most p=
eople want to do things online because it is much easier and "gets rid=
of paper." =A0Those are the systems we need to secure. =A0Perhaps ano=
ther way to look at it: =A0how can we make out-of-band verification simpler=
?<br>
><br>
><br>
> Do you have any evidence to support this contention? Remember we'r=
e talking about money, not just social networks.<br>
><br>
> I can support mine. ;-)<br>
><br>
> If organizations like Consumers Union say that you should take that nu=
mber from the bank paperwork you got when you signed up for an account, or =
signed up for online banking, or got with your monthly statement, or got as=
a special security mailing and enter it into your email client, I suspect =
a reasonable percentage of people would do it. It is, after all a one time =
operation.</p>
</div><p dir=3D"ltr">As with other themes though, one size does not fit all=
. The funny thing being that banks are actually extremely adept at doing ou=
t of band paper verification. Secure printing is born out of financial tran=
sactions, everything from cheques to cash to PIN notification.</p>
<p dir=3D"ltr">I think it was Phillip who said that other trust models need=
to be developed. I'm not as down on the Web of trust as others are but=
I strongly believe that there has to be an ordered set of priorities. Usab=
ility has to be right up there as a near-peer with overall system security.=
Otherwise as we've seen a real attack in this context is simply to dis=
suade people to use it and developers, especially of security oriented syst=
ems can do that of their own accord.</p>
<p dir=3D"ltr">If you want to get your systems users to help with out of ba=
nd verification get them 'talking' to each other. Perry said that o=
ur social networks are great for keeping spam out of our mailboxes yet were=
busy trying to cut out the technology that's driven all of this. </p>
<p dir=3D"ltr">Out of band for your banking might mean security printing te=
chniques and securing your email, phoning your friends.</p></blockquote><di=
v><br></div><div>Bear in mind that securing financial transactions is exact=
ly what we designed the WebPKI to do and it works very well at that.</div>
<div><br></div><div>Criminals circumvent the WebPKI rather than trying to d=
efeat it. If they did start breaking the WebPKI then we can change it and d=
o something different.</div><div><br></div><div><br></div><div>But financia=
l transactions are easier than protecting the privacy of political speech b=
ecause it is only money that is at stake. The criminals are not interested =
in spending $X to steal $0.5X. We can do other stuff to raise the cost of a=
ttack if it turns out we need to do that.</div>
<div><br></div><div>So I think what we are going to want is more than one t=
rust model depending on the context and an email security scheme has to sup=
port several.</div><div><br></div><div><br></div><div>If we want this to be=
a global infrastructure we have 2.4 billion users to support. If we spend =
$0.01 per user on support, that is $24 million. It is likely to be a lot mo=
re than that per user.</div>
<div><br></div><div>Enabling commercial applications of the security infras=
tructure is essential if we are to achieve deployment. If the commercial us=
ers of email can make a profit from it then we have at least a chance to co=
-opt them to encourage their customers to get securely connected.</div>
</div><div><br></div><div>One of the reasons the Web took off like it did i=
n 1995 was that Microsoft and AOL were both spending hundreds of millions o=
f dollars advertising the benefits to potential users. Bank America, PayPal=
etc are potential allies here.</div>
<div><br></div><div><br></div><div><br></div><div><br></div>-- <br>Website:=
<a href=3D"http://hallambaker.com/">http://hallambaker.com/</a><br>
</div></div>
--089e011774756d532a04e6c3fb35--
--===============4206879421515239197==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============4206879421515239197==--
