On Tue, May 22, 2018 at 02:19:37AM +0100, Mark Rousell wrote: > On 21/05/2018 13:34, Ben McGinnes wrote: > >> I agree with most of the article and largely with the need to break >> compatibility to an ancient flawed design. Particularly since we >> still have a means of accessing those ancient formats if we have to in >> the form of the GPG 1.4 branch. The ancient archives are as safe as >> they've ever been (for whatever definition of "safe" is being implied >> by the user/archivist). > > Indeed, this satisfies my archive retrieval concerns.
Mine too, it's why I keep a copy of 1.4 installed at all. It's been a while since I've needed to access something encrypted to the first key I ever made way back in 1995, but I know there are archives which might require it and possibly even some which have not already been migrated to a newer key and encryption method. That's okay, though and it doesn't need current dev practices to retain those functions since there is a means of still opening that door, even if I'm no longer using DOS and thus PGP 2.3a for DOS is no longer available. No doubt the worst issue would be sanitizing such an old file of carriage returns or something like that. Depending on what it was, though there may even be WordPerfect 5.1 files buried in those archives and IIRC LibreOffice dropped support for those files a while back. I suspect that sort of issue is more likely to be a cause of angst for people needing to access old data than whether they need to run GPG 1.4.x manually to decrypt it first. >> There is, however, one aspect of this issue that you touched on >> lightly, but didn't really delve into and which is at the centre of >> my, mostly unvoiced (until this email), criticism of the Efail team. >> That being the *incredibly* unhelpful and likely actively harmful >> recommendation to remove encryption and decryption functionality from >> vulnerable MUAs. >> >> To say, “we have this edge case scenario that really needs an active >> targeted attack on a case by case basis, so everyone should just stop >> integrating encryption” is the kind of thing that can get people >> killed. > > This has been commented on by a few people on this list, myself > included: [1] It gets mentioned here periodically, usually in conjunction with discussions of differing threat models. The EFF even have a great big section on their SSD site about conducting your own risk or threat assessment and that these things will be different for people in different circumstances. Then they decided to ignore their own advice in its entirety. > To my mind, it reeks of slanted propaganda for Signal, and there > does seem to be a lot of it around at the moment. Hmm, maybe, but I'm not entirely certain that's instigated by Signal or Whisper Systems. No doubt they're enjoying it, but I think there's another reason for that. > Signal has security benefits but it's not (yet?) a replacement for > encrypted email, It's completely incapable of replacing either email or OpenPGP. Here are two things I do regularly or constantly which Signal is fundamentally incapable of: 1. Running my own server which enables me to set certain types of controls or filters on my own server and not shared with any third party (including Moxie). 2. Encrypt files which are not intended to be sent to anyone and never were intended to be so. The same is true of certain files which are digitally signed and archived in a way which lets me prove when they were written later (it's a copyright thing and set to specifically circumvent a particular niche of morons that are unrelated to the issue at hand). Mostly, however, I mean things like keeping a journal and making damn sure that it won't be used against me. Signal can't do any of that. At all. It also can't provide a genuine means of establishing a pseudonymous identity unless you live in a country that lets you buy lots of cheap "burner" phones and/or SIMs. Maybe that is easy in the USA, maybe even elsewhere too. It's pretty much impossible in Australia. So if there were something I needed to raise somewhere pseudonymously, say via Tor and some web forum, what does the EFF suggest I use? Signal? How? > whereas a number of commentators seem to treat it as if all email, > encrypted or not, should be deprecated in favour of Signal. This is > not sensible or good advice without considering individual use cases > (regardless of Efail). Absolutely! I'm guessing that none of these commentators have ever actually personally faced a threat which threatened their lives, especially as part of some kind of minority, where the threat is both targeted and impersonal simultaneously. There are still millions of people in the world facing torture or even death just because of something they were born with (even something which may not be apparent until they reach a certain point after birth). In fact one minority I'm aware of is still so greatly at risk that there's only one country in the world which provides legislative protection for them. All the others permit and, in some cases even encourage or promote, some rather nasty practices (and I've seen some of the evidence presented to the UN's human rights reviews, including photographic). This group is *not* the same community I referred to in my previous message (the one you replied to, not the second one to Rob) There is almost certainly some overlap, though, since there will be members of this minority in that other community just based on statistical prevalence. > Well said. Thanks. >> So in my opinion it's not the merits or lack thereof in the >> demonstrated attacks they released that have the gravest >> consequence here, it's that the number one recommended mitigation >> technique is to remove cryptographic functions from MUAs. > > Without wanting to sound like a conspiracy geek, removing encryption > from email would, of course, benefit Signal and its takeup. I don't think it's necessarily for Signal, but Signal was created by someone who shares that view and, more often than not, for much the same type of reason. I think the majority of those people who adhere to that view are geeks of a certain age, approx. 40s to 50s, who came to the crypto world back during the first Crypto Wars. As much as they loved the idea of PGP, one of two things happened: either they couldn't understand it will enough to get it to work properly or, the more common story, they couldn't get others to use it due to the difficulties in doing so at that time. In their minds OpenPGP usage is "difficult to use" or "not worth the effort" because in their minds it is still their recollection of the experience back then. They've given up on it and they've dug their heels in so much they now react almost aggressively against anyone still seeking to use the thing. It's porojection and it says more about them than anything. How can I be sure, well obviously my reference to my first key indicates I was getting my intro to things around the middle of that era. The two biggest problems back then by my recollection was the lack of accessible documentation explaining the concepts without requiring a mathematics degree and practical setup guides. Over time the latter became more prevalent and eventually some good examples of the former arrived. Those coupled with the *vast* improvements to software over the intervening years means that the difficulties of the '90s are not as great as they were. There is still some effort required and people do need to think about what sort of security they need, but that just leads into the other aspect of this: it was never about the degree of difficulty, it was about the motivation to use the thing. If someone feels a genuine threat to themselves or their loved ones and OpenPGP usage is the key to ensuring that threat is kept at bay, you just watch how fast and dedicated they become. I've seen some rather surprising examples of precisely that over the years too and it's really at the core of that old argument. We can advocate about something we find fascinating until we're blue in the face, but for someone else to use it, they have to be motivated enough to want to. Signal is so simple that it's almost impossible to fuck it up (except when it resends an unencrypted SMS to someone not on the network hundreds of times without the sender knowing that's what happened and wondering why their friend or whoever is pissed off at the walls of repetitive messages), but it achieves this by moving all the options and decisions to the developers and the servers. Anyway, I think the pro-Signal commentariat is pro-Signal not because of some concerted effort to build Whisper Systems into the One True Centre of Cryptography (complete with secret handshake and, maybe, a "No Homers" policy), but because their personal experience of difficulty 20+ years ago convinced them that the solution was that everything must be so simple as to be unnoticable. Then Moxie came along, someone whose story includes a free admission that he feels the same way and he wrote this thing that's simple to use. This seems like validation of their belief and so they latch onto it with a near religious fervour. None of this is really that new in IT-land, but in this particular field it has the potential to have very bad consequences for people who are more worried about things that could get them killed or tortured or beaten or whatever than something that may have just been a bit frustrating or even embarassing. Those commentators still need to learn that it's not about them, nor is it about us; it's about the people who need it, when they need it to not get beaten, raped and/or tortured to death ... or whatever other nastiness they're trying to avoid. Besides, I'm pretty sure I can out-do the lot of them for embarrassing fuck-ups with PGP during the '90s. I once sent an encrypted email to Phil Zimmermann which was supposed to just be a "thanks for the nifty software, this so cool" message and I got a reply asking why I'd sent an encrypted empty message. Yeah, really, and of course I was mortified! I did, however, stick with it and (eventually) learned. A long time later I was able to contribute in more useful ways particularly from about three years ago onward (and this year is definitely adding to that opportunity). I even still cringed at the thought of sending Phil Zimmermann that empty message for quite a while. Now I barely think about it at all and, when I do, it's just a little amusing. I doubt Phil would even remember it at all. So what made me stop cringing at the thought of it? I couldn't give you a precise moment or thing, but it was either learning far more about the topic and being able to pass some of that along or it was experiencing some things that were far worse than mere embarassment. Maybe a little of both. The commentariat to which you referred, however, apparently still haven't learned to move beyond their own embarassment or their own problems. Which would be fine if it only affected themselves, but they're making sure it doesn't and preaching it to others; including some with concerns a bit more significant than whether they do something stupid. They seem to be more interested in the security of their ego and pride, perhaps reputation, over the actual consequences which others may pay if they follow the wrong advice for their situation. So again the real issue is not that they're pro-Signal, that's really more symptomatic. The real problem is that for whatever reason, though I strongly suspect the majority will be as I described above, they've developed a hatred for one particular piece of technology, in this case OpenPGP. Now they push any other option, currently Signal in many cases (no doubt WhatsApp would've been a contender, but lost points when bought by FarceBook) in all cases because they're more interested in hating the thing they hate than in providing relevant advice or recommendations that are geared towards helping people analyse their own threat model and implement the best tools to meet that threat. There's a really easy way to prove this too. I dare any of the Signal addresses all crypto needs" people to go to Mexico and provide info to that country or conduct citizen journalism and investigative reporting specifically on the cartels and corruption. Using Signal and a Mexican phone number. I mean if Signal is the answer, that should be enough to prevent discovery and execution, right? As for my advice on the Mexican scenario: do not do that unless you want to be executed! Last I checked Mexico had a nationalised telecommunications carrier, so the cartels only need to bribe or threaten one engineer and that's that. So once a relevant Signal contact is established, well, that's enough information to take to the national carrier with an Uzi and a demand for cooperation. You really think the telco tech or customer service rep is going to take a bullet for a customer and would anyone expect them to? Of course not and they shouldn't have to either. Whereas being able to maintain a pseudonymous identity online with the ability to verify that pseudonymous person is the same individual, but without revealing their real location can be done with other tools and for the Mexican scenario could even be done with their own domain (but with a light weight enough implementation to remain on the move). No doubt many people on this list will have already thought of a few options to handle various aspects of that kind of problem, with a few different configurations depending on specifics lacking in this hypothetical. No need to really delve into them, the point is that there are a few ways to do it with differing degrees of using different technologies depending on more detailed specifics of what needs to be done. So the solutions vary according to the needs of the person who will use it, not simply pushing Signal as some kind of mythical cryptographic Soma on everyone for every purpose. The best security advice is, and always has been, the advice which meets the needs of the person requesting it after having analysed that person's situation and that of the community or communities they're in. It will never be a one-size-fits-all magic pill or glib answer, not even Signal. Not even OpenPGP either; as it doesn't actually provide a transport method, just the structures for use with one and thus does not provide a means of guaranteeing anonymity or pseudonymity entirely on its own. In conjunction with other things it can be made to do so, of course, but that's the point. All right, there you go, if there is one part of the problems here which actually originates with Signal then there it is: conflating the protection method with the transport protocol. Signal as a solution can only ever be used with Signal the network, it can't be adapted to alternative transport protocols too readily, whereas OpenPGP can be and has been to varying extents. That, however, was a deliberate design choice made by Moxie as part of his approach of dumbing everything down to try it make it impossible for it to be too hard to use by most people and so Whisper Systems view that as a feature. Arguably it is indeed a feature, but it's the feature which should have been recognised by its supporters as being potentially dangerous for some types of threats and not the reason to pronounce it the solution to everything. So I think it's still fair to say the greatest problem is with the commentators and the real reasons motivating the nature of their commentary rather than what Signal is; and what it is is just fine if you're in a relatively privileged class in the western world who doesn't need to deal with anything requiring anonymity or pseudonymity. For everyone else, however, it may have some uses under some circumstances, but the degree to which it will do so will vary considerably and in quite a number of cases will either be very limited or will be a direct threat (or contribute to direct threats). As for the problem of the motivations of the commentators, regardless of whether or not my theory regarding experiences during the Crypto Wars is accurate or not, the real issue there is that they're letting their personal gripes override the specific situations others have to face and they don't seem to care if someone else dies as long as they get to push their agenda. I'm going to have to assume by this point two things: 1. that if they're that far into their own little world there's nothing that will convince them that maybe that's not so cool; and 2. that no one else here will be overly surprised if I (and perhaps others) disregard any degree of ethics or credibility of anyone who is so committed to a particular absolutist stance that they'll risk the lives of others (but never their own) on the righteousness of their cause. No doubt they won't care about either of those things either; or, more likely, they'll simply disregard everything postedto this list. This is something I will gladly accept if they will at the very least start giving a damn about the concerns of others facing much more heinous threats than the rest of us and needing real support from those of us involved in any aspect of the information security world, not just glib and unthinking answers which do more for a personal agenda than the person under threat. Regards, Ben P.S. I considered not sending this due to length and, possibly, responses to my disparagement of those who may value their own personal agenda over the needs of the end users seeking guidance. A subsequent conversation with someone linked to the originally referenced community had indeed disregarded OpenPGP due solely to the advice of old geeks saying it's too hard, don't even consider it (before the current thing). So the attitude of the commentariat is definitely a problem simply because they persist in pushing their old experience on a new audience as gospel instead of leaving the selection to a proper risk assessment and the needs of those people.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users