On Mon, 2021-11-08 at 13:17 +1100, David wrote: > I'd like to canvass the Link Institute's views on the best source of > generally recognised, well authenticated, and cryptographically > secure keys for private citizens of this Wide Brown Land.
As soon as you do this, people from all over the country suddenly start wanting One Big Centralised Impregnable Identity Database, so be careful what you wish for. If I may make so bold, any system should have these characteristics (banks used as a canonical example only): 1: Client keys are generated by the client - not any centralised body. If a centralised and trusted body were to distribute a nice simple tool for generating keys that would be good. The client supplies their keys in an authenticated transaction, such as at a bank branch, or while logged in to their Internet banking website. Note: The website does not generate the keys! 2: The client is responsible for the safety of their private key. There are a dozens of suitable well-tested wallets to store such things in. 3: The client is responsible for encrypting things. Again - a nice simple tool for doing so from a trusted source would an be excellent thing. 4(a): The bank's public key is, well, public. People are advised to download it only ever from a trusted source. Things not encrypted with this key are simply rejected. Including if they are not encrypted at all. 4(b): Alternatively, the bank supplies a different public key to each and every customer. They can be sent sent securely using the customers' public keys, or downloaded from the Internet banking website. This limits the blast radius of a breached key to that one customer. 5: Encrypted things can now be sent hither and yon completely securely. 6: All client-side tools are FOSS. I.e., totally decentralised. A breach of any client's private key affects only that client. If 4(b) is implemented, even a breach of the bank's private key affects only one customer. AND the key itself absolutely identifies the customer concerned when investigating a breach. Obviously the store of keys is something that has to be protected, but that is just as true of a single private key as of a million. HOWEVER: With properly developed and controlled websites, people should be able to just upload and download stuff from the bank's website, secured via SSL and their Internet banking login. The bank just has to make sure that it does not actually STORE anything on the website. And I've just realised that you said "keyring" and that I may not know exactly what you mean :-) But in the Grand Tradition Of The Internet, missing your point is in no way going to stop me posting this :-) > So is our Wide Brown Government going to blunder into the 21st > century with FAX as the most secure option open to private citizens? Hey, don't diss fax! From https://biplane.com.au/blog/?p=530 "Fax is point-to-point. It’s difficult to intercept except at the endpoints, interception between the endpoints takes a lot of specialised knowledge, and no endpoint is a honeypot. The medium is not inherently copyable. Interception at the endpoint takes a significant amount of time and requires the physical presence of an attacker. Any attacker would be able to access relatively few records. Access would be expensive and slow with very high risk of discovery (unless the attacker was on staff in which case all communication methods would be equally compromised), while for the legitimate user the rate of access is easily sufficient. So fax is actually not a bad means of transferring private data as long as the fax machines are not located in public spaces." Like our electoral system, fax is "good enough". It is in fact largely because it's NOT easily copyable that people moved away from fax. They like their digitised documents to be more easily digestible. Regards, k. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer ([email protected]) http://www.biplane.com.au/kauer GPG fingerprint: 61A0 99A9 8823 3A75 871E 5D90 BADB B237 260C 9C58 Old fingerprint: 2561 E9EC D868 E73C 8AF1 49CF EE50 4B1D CCA1 5170 _______________________________________________ Link mailing list [email protected] https://mailman.anu.edu.au/mailman/listinfo/link
