On 2021-11-08 16:53, Karl Auer wrote: > As soon as you do this, people from all over the country suddenly start > wanting One Big Centralised Impregnable Identity Database, so be careful what > you wish for. > > If I may make so bold, any system should have these characteristics (banks > used as a canonical example only): > > 1: Client keys are generated by the client - not any centralised body. If a > centralised and trusted body were to distribute a nice simple tool for > generating keys that would be good. The client supplies their keys in an > authenticated transaction, such as at a bank branch, or while logged in to > their Internet banking website. Note: The website does not generate the keys!
Absolutely, Karl, I think that's critical because centralised management is bound to be subverted by governments, the profit motive, malicious agents, and technological incompetence. What may be most needed at this point is public education, the ready availability of reliable software tools (especially in email & VoIP clients) and some industry standardisation. It has to be said that most sensitive browser traffic is probably reasonably secure by now, and of necessity. Even Bill Clinton wanted to institute a "key escrow" scheme of some sort if I remember correctly, but that idea was promptly demolished by financial institutions with a vested interest in privacy. Security is a pretty hot topic at the moment, as Linkers would be well aware. VoIP (and even FAX) traffic is easy to secure, especially for knowledgable ATA users, but email seems more difficult because email recipients generally wouldn't know what to do if they receive a signed or encrypted message. Many ordinary email users are probably suspicious of anything unusual lurking in their inbox anyway after recent media attention, and would bin it immediately. (ATA: analogue telephone adapter.) Cisco signs each ATA device in hardware so SysAdmins can be sure they're uploading the correct configuration and/or firmware update. OpenSuSE Linux (in Leap 15.3 ?) has instituted a program which requires all software to be signed so the O/S can check the authenticity & integrity of each program before ~each~ execution, which should make malware more difficult. This distribution runs on an impressive list of platforms too, including the IBM Z and LinuxONE (s390x) systems as well as all the traditional Intel, Apple, etc. boxes. Why isn't the ACS more active? I resigned about a century ago I think... > 2: The client is responsible for the safety of their private key. There are a > dozens of suitable well-tested wallets to store such things in. [and] > And I've just realised that you said "keyring" and that I may not know > exactly what you mean :-) But in the Grand Tradition Of The Internet, missing > your point is in no way going to stop me posting this :-) (:-)... Just to make sure anyone reading this is on the same page, an end-user requires at least two key-pairs on their "keyring", one for encryption and one for signing & authentication. I wonder whether the Commonwealth & State Governments, the banks, and other organisations may get in on the act too, and what that will all mean? Suppose Joe Blow wants to email his Solicitor without having the opposition eavesdrop, and the Solicitor needs to be quite sure the message came from Joe. (I've heard hair-raising stories of FAXes sent to the other side's legal team by mistake!) In order to achieve this, Joe must use the Solicitor's public key for encryption and his own private key for authentication. The Solicitor then does the reverse to read Joe's email. So far, so good. All public keys could be stored on a list of well-known servers, which is already standard practice, and we can assume legal offices have expert IT&C assistance, so how should Joe's email client access his private keys? There are a few solutions, and most key "bundles" (keypairs belonging to a given entity, such as Joe) require a passphrase to be entered. I wonder where the legal eagles will define contributory negligence? We can't ask Joe to understand IT&C security and cryptography!! I agree with your other points, and this is probably enough from me, it's longer than I'd thought. >> So is our Wide Brown Government going to blunder into the 21st century with >> FAX as the most secure option open to private citizens? > > Hey, don't diss fax! Believe me, I'm not, in fact FAX may stick around for a while. Cisco ATAs have two POTS ports, and a number of parameters for support of local FAX standards. So I presume all one needs is a FAX utility to drive the ATA? Regards! David L. _______________________________________________ Link mailing list [email protected] https://mailman.anu.edu.au/mailman/listinfo/link
