On Apr 14, 2016, at 14:01 , Philip Whitehouse <[email protected]> wrote: > 1. Google may have made the choice to disable it in Gmail, for the same > reason we are. In any case it's definitely the reason that it's failing.
Regarding the reason - I agree. Though I do find it strange. > 2. It's certainly an option to add it. Maybe in the improved error dialog we > show, much like accepting self signed certificates. An improved error dialog - yes please, absolutely. An option to disable that enforcement - probably yes (of course keeping it enabled by default). Punishing normal users and forcing them to use other less convenient clients (such as Gmail app from Google) because the developer doesn’t like big vendor’s boneheaded server configuration does not seem right to me. Yes, in this particular case the “vendor argument” does not apply. But unfortunately it applies in most every other case. > 3. To an extent but I do think you blow off the perception issue too easily. > Positive appearance of security prevents people fixing it - being forced to > pick 'unencrypted' tells you something. Yes - it tells me that the developer of the software in question probably is a fanatic. <half-smile only - in reality it is not funny> It’s not good when the developer believes that the only acceptable solutions are iron gates, or empty doorways (to make sure the home owner understands that a large gaping hole in the wall ain’t an iron gate). Because those flimsy doors with toy locks that any serious attacker can force open, don’t serve any purpose in his (developer’s) view. > I want to support secure software in a way that encourages people getting > their providers to provide secure systems. So I want it to be easy to be > secure and a conscious choice to be insecure. First, there is no “secure” or “insecure” - only “secure (or insecure) against what”. What are the assumptions? Secure against a casual eavesdropper? Against a hacker (with what capabilities)? Against an organized crime effort? Against BND? What’s the value of the protected information vs. the expenses required to extract it? Since most of the email is provided free by giants such as Google, Microsoft, Apple, Comcast, Verizon, etc. - I find the notion (in general) that people can “get their providers to provide secure systems” simply ridiculous, to put it mildly. In my experience (and I’ve only been active in this field for 25 years) getting “provider” to “provide” something that, e.g., would be more secure is 100% hopeless. I remember my own dialogs several years ago with my broadband provider about enabling SSL on their email server (it was plain http). To keep this story short and civil - they refused to do so. Those giants deploy security mechanisms they think would serve their purposes, which may or may not be aligned with yours (or mine). If you think they would listen to your demands and adjust accordingly - without being insulting, my experience proves different. > I'm aiming for a certain level of inconvenience to help the user basically. If software implementation prevents the user from connecting to the email server he uses, how does it help him? In your world perhaps that user can call the owner of that server (for example, Google) and say “your server does not allow the kind of security my software wants - so fix it or I’m taking my free email elsewhere”. In my world that approach didn’t seem to work. > There's also the ciphers he could change for example. Possibly. But that requires some knowledge of the field - and some familiarity with the software in question. > Broken crypto becomes no crypto once any attacker can trivially examine it > with a tool widely available. It's not standard user level to view > unencrypted traffic anyway - you have to sniff WiFi data or put yourself in > the server path. So once it's as easy to decrypt as to intercept it really is > the same thing. First, it is not as easy to decrypt (even SSLv3, which we all agree is hopelessly broken and shouldn’t be used unless the only other alternative is plaintext) as it is to sniff. Second, it is not only WiFi - it’s broadband (in some cases at least), aided by misconfigured providers (again, try to convince providers to fix their stuff - and let me know when you get frustrated enough to see my point). Third, in any case, forcing the adversary to do more work is better than not to, especially if that doesn’t cost you anything. > In this specific case he is his own provider so I felt it was worth making > the point. In this specific case you’re 100% correct. The problem I see is that people are trying to make this point “globally”, and usually it is not applicable. Not many of us are our own providers. -- Mobile Mouse [email protected] -- Mobile Mouse [email protected] -- -- You received this message because you are subscribed to the K-9 Mail Users List. To post to this group, send email to [email protected] To unsubscribe, email [email protected] To report an issue with K-9 Mail, visit http://code.google.com/p/k9mail/issues/list For more options, visit this group at http://groups.google.com/group/k-9-mail --- You received this message because you are subscribed to the Google Groups "K-9 Mail" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: Message signed with OpenPGP using GPGMail
