[147260] in cryptography@c2.net mail archive
Re: [Cryptography] PRISM-Proofing and PRISM-Hardening
daemon@ATHENA.MIT.EDU (John Kelsey)
Sun Sep 22 13:39:37 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <CAMm+Lwh9+Nkf9Ct9niv7XUPXD7tv-62odhBfaL3goj9kQ1Rrgw@mail.gmail.com>
From: John Kelsey <crypto.jmk@gmail.com>
Date: Sun, 22 Sep 2013 09:50:38 -0500
To: Phillip Hallam-Baker <hallam@gmail.com>
Cc: "Salz, Rich" <rsalz@akamai.com>, Max Kington <mkington@webhanger.com>,
"cryptography@metzdowd.com" <cryptography@metzdowd.com>,
Bill Frantz <frantz@pwpconsult.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Sep 19, 2013, at 5:21 PM, Phillip Hallam-Baker <hallam@gmail.com> wrote:
> Criminals circumvent the WebPKI rather than trying to defeat it. If they did start breaking the WebPKI then we can change it and do something different.
If criminals circumvent the PKI to steal credit card numbers, this shows up as fraud and is noticed without any need for a Snowden. Eavesdropping doesn't show up in such an obvious way.
> But financial transactions are easier than protecting the privacy of political speech because it is only money that is at stake. The criminals are not interested in spending $X to steal $0.5X. We can do other stuff to raise the cost of attack if it turns out we need to do that.
Also, criminals find it harder to spend a few million up front before they get the first payoff. Nor can they appeal to patriotism or compel compliance via the law.
> If we want this to be a global infrastructure we have 2.4 billion users to support. If we spend $0.01 per user on support, that is $24 million. It is likely to be a lot more than that per user.
It has to pay for itself ultimately, at least as well as email does.
--John
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
