[148446] in cryptography@c2.net mail archive
Re: [Cryptography] Size of the PGP userbase?
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Fri Dec 13 17:06:18 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <94FCDA4C-005A-433F-AED0-03F18D6CE481@callas.org>
Date: Fri, 13 Dec 2013 15:56:47 -0500
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Jon Callas <jon@callas.org>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============0843694975453601096==
Content-Type: multipart/alternative; boundary=047d7b5d57105bf51a04ed70b399
--047d7b5d57105bf51a04ed70b399
Content-Type: text/plain; charset=ISO-8859-1
On Fri, Dec 13, 2013 at 2:19 PM, Jon Callas <jon@callas.org> wrote:
> On Dec 12, 2013, at 7:19 PM, Phillip Hallam-Baker <hallam@gmail.com>
> wrote:
>
> > What has changed here is Snowdonia has arrived.
> >
> > This may not be the most relevant response to Snowden but it is the
> crypto deployment that gives the end user the most security for the least
> effort.
>
> Please don't think I am trying to discourage you. You're doing something
> fantastic here. I'm only trying to give some hints based on my own
> successes and failures.
>
Understood. Unlike the DANE WG I prefer to know the problems.
The thing that does irritate me is when I am five words into my explanation
before they come out with 'won't work, SPAM!' which is stupid at so many
levels, not least the idea that I haven't thought of spam as a problem.
One of the reasons I use gmail is that it is one of the few platforms that
can cope with my spam load. I receive more spam that gets through my
filters than most people get mail. I don't know how much is rejected
outright but when I was at VeriSign I was getting a quarter of the mail
sent to the company because of the spam.
E2E email does not prevent spam filtering, it only affects one technique
and one that is not very effective at that. Content filtering is not a good
spam reduction technique but it does kill viruses. There are several
approaches that can be used. One of them is to only accept E2E encrypted
mail from people who are known and trusted and give everyone else the key
for the spam/virus filter.
Another would be to modify the S/MIME protocol so that a mail gateway can
add in a header with 'prohibited content types' (or acceptable ones). then
modify the protocol slightly so that only clients that understand the
restriction can decrypt.
> The major reason email security has failed is that crypto is easy, user
> experience is hard. The developments have focused on the crypto, and only
> then on the UX. Even the best ones fall down on the most important parts of
> UX, the initial experience.
>
> Every place I have succeeded, it's because we started with the UX and made
> the crypto work. The places where we let the crypto trump the UX, we failed.
>
Amen.
The model I am taking here is that
1) The user never has to make any more effort to perform a task securely
2) The apparent model of how the system works is a useful approximation to
the actual way it works.
So a strong email address is not actually the encryption key or even a hash
of the encryption key. It is the hash of the signing key of the personal
master key (aka CA) which signs the encryption key. But it looks close
enough to being the thing you encrypt to for the user to think they
understand how it works.
The nuts on your car wheels don't actually hold the wheel to the car
either. They hold the rim to the hub. The hub is held on by one little nut.
> Snowdonia is giving a spur to lots of people to finally get off their
> asses and do something. However, if they think to themselves, "Well, the
> NSA isn't after *me*..." then we're back where we were.
>
The NSA is after you and me but probably not Joe Bloggs.
But the Russian mafia is after Boggs, or at least his money. And because of
that his electricity utility won't send him his bill in email, it has to go
to a web site where he keeps an account and is required to remember a
piddly username and password he uses once a year. And it is all a waste of
time security wise because the reset on the username password is his email.
I think that my strong email addresses will help corporate mail users move
a lot of their customer communications from the Web to mail. So rather than
sending a message to the user to tell them to go to the web site to find
out something the company wants to tell them, they can just tell them
straight out.
--
Website: http://hallambaker.com/
--047d7b5d57105bf51a04ed70b399
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On Fri, Dec 13, 2013 at 2:19 PM, Jon Callas <span dir=3D"ltr"><<=
a href=3D"mailto:jon@callas.org" target=3D"_blank">jon@callas.org</a>></=
span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div class=3D"im">On Dec 12, 2013, at 7:19 P=
M, Phillip Hallam-Baker <<a href=3D"mailto:hallam@gmail.com">hallam@gmai=
l.com</a>> wrote:<br>
<br>
> What has changed here is Snowdonia has arrived.<br>
><br>
> This may not be the most relevant response to Snowden but it is the cr=
ypto deployment that gives the end user the most security for the least eff=
ort.<br>
<br>
</div>Please don't think I am trying to discourage you. You're doin=
g something fantastic here. I'm only trying to give some hints based on=
my own successes and failures.<br></blockquote><div><br></div><div>Underst=
ood. Unlike the DANE WG I prefer to know the problems.</div>
<div><br></div><div>The thing that does irritate me is when I am five words=
into my explanation before they come out with 'won't work, SPAM!&#=
39; which is stupid at so many levels, not least the idea that I haven'=
t thought of spam as a problem.=A0</div>
<div><br></div><div>One of the reasons I use gmail is that it is one of the=
few platforms that can cope with my spam load. I receive more spam that ge=
ts through my filters than most people get mail. I don't know how much =
is rejected outright but when I was at VeriSign I was getting a quarter of =
the mail sent to the company because of the spam.</div>
<div><br></div><div>E2E email does not prevent spam filtering, it only affe=
cts one technique and one that is not very effective at that. Content filte=
ring is not a good spam reduction technique but it does kill viruses. There=
are several approaches that can be used. One of them is to only accept E2E=
encrypted mail from people who are known and trusted and give everyone els=
e the key for the spam/virus filter.</div>
<div><br></div><div>Another would be to modify the S/MIME protocol so that =
a mail gateway can add in a header with 'prohibited content types' =
(or acceptable ones). then modify the protocol slightly so that only client=
s that understand the restriction can decrypt.</div>
<div><br></div><div>=A0</div><blockquote class=3D"gmail_quote" style=3D"mar=
gin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
The major reason email security has failed is that crypto is easy, user exp=
erience is hard. The developments have focused on the crypto, and only then=
on the UX. Even the best ones fall down on the most important parts of UX,=
the initial experience.<br>
<br>
Every place I have succeeded, it's because we started with the UX and m=
ade the crypto work. The places where we let the crypto trump the UX, we fa=
iled.<br></blockquote><div><br></div><div>Amen.</div><div><br></div><div>
The model I am taking here is that=A0</div><div><br></div><div>1) The user =
never has to make any more effort to perform a task securely</div><div><br>=
</div><div>2) The apparent model of how the system works is a useful approx=
imation to the actual way it works.</div>
<div><br></div><div>So a strong email address is not actually the encryptio=
n key or even a hash of the =A0encryption key. It is the hash of the signin=
g key of the personal master key (aka CA) which signs the encryption key. B=
ut it looks close enough to being the thing you encrypt to for the user to =
think they understand how it works.</div>
<div><br></div><div>The nuts on your car wheels don't actually hold the=
wheel to the car either. They hold the rim to the hub. The hub is held on =
by one little nut.</div><div>=A0</div><div>=A0</div><blockquote class=3D"gm=
ail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-le=
ft:1ex">
Snowdonia is giving a spur to lots of people to finally get off their asses=
and do something. However, if they think to themselves, "Well, the NS=
A isn't after *me*..." then we're back where we were.<br>
</blockquote><div><br></div><div>The NSA is after you and me but probably n=
ot Joe Bloggs.=A0</div></div><br clear=3D"all"><div>But the Russian mafia i=
s after Boggs, or at least his money. And because of that his electricity u=
tility won't send him his bill in email, it has to go to a web site whe=
re he keeps an account and is required to remember a piddly username and pa=
ssword he uses once a year. And it is all a waste of time security wise bec=
ause the reset on the username password is his email.</div>
<div><br></div><div><br></div><div>I think that my strong email addresses w=
ill help corporate mail users move a lot of their customer communications f=
rom the Web to mail. So rather than sending a message to the user to tell t=
hem to go to the web site to find out something the company wants to tell t=
hem, they can just tell them straight out.</div>
<div><br></div><div><br></div><div><br></div><div><br></div>-- <br>Website:=
<a href=3D"http://hallambaker.com/">http://hallambaker.com/</a><br>
</div></div>
--047d7b5d57105bf51a04ed70b399--
--===============0843694975453601096==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============0843694975453601096==--
