There seems to be an implicit assumption where if one can not have one "perfect" solution to security, then the alternative is to use none at all. Since perfection is hard to achieve, this approach results in no encryption in many or most real-life cases. This is something I think FreedomBox could address so that communication between FreedomBoxes are guaranteed to at least use best effort in regards to security.
This might sound a bit much like policy and very litte about exact details on How To implement it, and it's not completely unintended. When I look to find examples on communication security schemes, I take a look at the browser. Security in the browser currently means that you either have a 100% secure chain of certificates (in the view of the browser), or it will be clear text for you. Added is an override function with red blinking lights that allows a user to solemnly swear that they trust a site. This does not mean the browser has bad security implementations, but rather symptomatic of a view that takes security as an all-or-nothing approach. FreedomBox could do better. Beside just trying to bring some attention to this, I would like to add a suggestion. It would be nice if the FreedomBox tried to apply the best security it can do to any communication that gets sent through it. That means depending on what it has available, be it a key ring, a social network with relationship driven privacy or something else; it could make a decision on what the best solution to security is for each separate connection going through the box. If it doesn't have anything better available, then opportunistic encryption could be one of the lowest security solutions before anything falls back on clear text. It could also apply different schemes depending on the application layer. Mail could be handled differently than say IM messages simply because latency might be of less importance. A list should be made of services that FreedomBox will offer, and their respective possibilities for security, and which services or circumstances that can be adapted to use opportunistic encryption, etc. What do you think? /Björn Påhlsson _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
