On Sun, Sep 18, 2011 at 5:55 AM, M.R. <[email protected]> wrote: > On 18/09/11 09:12, Jeffrey Walton wrote: >> >> If you can secure the system from the government... > >> > I can't possibly be the only one here that takes the > following to be axiomatic: > > +++ > A communication security system, which depends on a corporate > entity playing a role of a ~trusted-third-party~, can not be > made secure against a government in whose jurisdiction that > trusted-third-party operates. > +++ Agreed, but I would like to point out that neither Google nor DigiNotar are Iranian legal entities (or I don't believe so).
And as Marsh pointed out, some of these folks are more than willing to sell you out. > On the other hand, a perfectly adequate low-level retail > transaction security system can best be achieved by using a > trusted-third-party, SSL-like system. All in all, agreed. For what its worth, I don't use credit/debit cards, but if I did I would would not be concerned about purchasing a book from Barnes and Noble online. > It follows then that we are not looking at replacing the SSL > system with something better, but at keeping the current > SSL - perhaps with some incremental improvements - for the > retail transactions, and designing a new system, from the > ground up, based on some a-priory, contemporary and well > documented threat model. For me, its not so much about updating threat models for the 21st century, fixing SSL, throwing out PKI, or predicting 22 century threats. But perhaps my arguments (or perceived threats and subsequent remediations) speak volumes to the contrary. The one thing I cannot palette: [many] folks in Iran had a preexisting relationship with Google. For an Iranian to read his/her email via Gmail only required two parties - the person who wants to do the reading and the Gmail service. Why was a third party involved? > This new system should address > those applications which have spilled outside of the > (implied?) threat model on which the SSL design was based. > That new threat model must not fail to explicitly state just > who are the attackers are and what their capabilities and > motivations must be considered. It seems to me that not much has changed since Whitfield Diffie was bothered that a SysAdmin had to comply with court orders requesting passwords and user files. We've just managed to complicate the system requirements, the systems and implementations, and the legal liability. (Case in point: three parties are used/required to securely read an email rather than two). Jeff _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
