On Sep 7, 2013, at 11:16 PM, Marcus D. Leech wrote:
> Jeff Schiller pointed out a little while ago that the crypto-engineering
> community have largely failed to make end-to-end encryption easy to use.
> There are reasons for that, some technical, some political, but it is
> absolutely true that end-to-end encryption, for those cases where "end to
> end" is the obvious and natural model, has not significantly materialized on
> the Internet. Relatively speaking, a handful of crypto-nerds use end-to-end
> schemes for e-mail and chat clients, and so on, but the vast majority of the
> Internet user-space? Not so much.
I agree, but the situation is complicated. Consider chat. If it's one-to-one,
end-to-end encryption is pretty simple and could be made simple to use; but
people also want to chat rooms, which are a much more complicated key
management problem - unless you let the server do the encryption. Do you
enable it only for one-to-one conversations? Provide different interfaces for
one-to-one and chat room discussions?
Even for one-to-one discussions, these days, people want transparent movement
across their hardware. If I'm in a chat session on my laptop and leave the
house, I'd like to be able to continue on my phone. How do I hand off the
conversation - and the keys? (What this actually shows is the complexity of
defining "the endpoint". From the protocol's point of view, the endpoint is
first my laptop, then my phone. From the user's point of view, the endpoint is
the user! How do we reconcile these points of view? Or does the difference
go away if we assume the endpoint is always the phone, since it's always with
me anyway?)
The same kinds of questions arise for other communications modalities, but are
often more complex. One-to-one voice? Sure, we could easily end-to-end
encrypt that. But these days everyone expects to do conference calls.
Handling those is quite a bit more complex.
There does appear to be some consumer interest here. Apple found it worthwhile
to advertise that iMessage - which is used in a completely transparent way, you
don't even have to opt in for it to replace SMS for iOS to iOS messages - is
end-to-end encrypted. (And, it appears that it *is* end-to-end encrypted - but
unfortunately key establishment protocols leave Apple with the keys - which
allows them to provide useful services, like making your chat logs visible on
brand new hardware, but also leaves holes of course.) Silent Circle, among
others, makes their living off of selling end-to-end encrypted chat sessions,
but they've got a tiny, tiny fraction of the customer base Apple has.
I think you first need to decide *exactly* what services you're going to
provide in a secure fashion, and then what customers are willing to do without
(multi-party support, easy movement to new devices, backwards compatibility
perhaps) before you can begin to design something new with any chance of
success.
-- Jerry
-- Jerry
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
