On 26/11/13 03:03 AM, coderman wrote:
On Mon, Nov 25, 2013 at 1:51 PM, Stephen Farrell
<stephen.farr...@cs.tcd.ie> wrote:
...
Personally, I'm not at all confident that we can do something
that provides end-to-end security, can be deployed at full
Internet scale and is compatible with today's email protocols.
But if others are more optimistic then I'm all for 'em trying
to figure it out and would be delighted to be proven wrong.
this would make an interesting bet! i too believe this to be
impossible given the constraints.
a more suspicious individual might even consider these efforts to be a
ruse by intelligence agencies to further the use of insecure (email)
systems with "fig leaf" protections added on top while metadata and
usability failures continue unabated...
IMHO the TLAs bet big on pushing the CA/PKI solution in the 1990s. I've
not seen any hard evidence of it, but there is enough anecdotal evidence
to conclude it. Some for different reasons, for example the DoD was
very keen on COTS which we can see as benign enough, in and of itself.
In terms of mass surveillance and espionage, the PKI is a slam dunk.
CVPs (centralised vulnerability partners), many of whom are national
champions or nationally regulated, browsers hiding the CAs, lock-in via
clients, open sharing of certificates. This is an "open internet"
solution that only an attacker could truly love.
That's not to say there is no value in it for us. Just that we'll end
up with strange bedfellows, and we may not be happy who the real winners
are. E.g., supporting HTTPS everywhere carries big risks if it is
forced through without opportunistic encryption, or other escape valves
for society.
So I'd suggest caution to both sides of this debate. And careful
cost-benefit analysis and careful risk analysis. History has not been
kind to open internet crypto projects.
iang
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
