On Thu, Dec 8, 2016 at 9:09 AM, holger krekel <hol...@merlinux.eu> wrote:
> On Thu, Dec 08, 2016 at 08:10 -0500, Phillip Hallam-Baker wrote: > > There are two sets of problems identified relating to signed emails. > > CIA: Confidentiality, Integrity, Availability. > > > > The first, most important consideration in virtually every system is to > > protect the availability of the data. The second most important is > > integrity. Confidentiality is the least important concern. > > > > A bank that is hacked and customer bank details are disclosed is in > trouble > > but a bank that is hacked and has money stolen is in worse trouble and a > > bank who loses its account data and cannot recover it from backups is a > > ex-bank. > > > > All documents should be signed but only confidential documents need to be > > or should be encrypted. > > Humans are not banks ... i am not sure this analogy is very helpful. > People who are targetted and easily imprisoned say in Turkey or Egypt > certainly care a lot about confidential communications and might be able > to assert authenticity by other means than digital signatures. > Arguments from dissident use cases are rarely made by people with experience of serving their needs. The authorities don't usually care about the content of communications. If Alice is a dissident and they know she has talked to Bob then its twenty years in the gulag for Bob regardless of what the messages say. So traffic analysis is a very high concern. But you also need authentication because that is the way that the authorities attack networks. If I can get a person accepted into an online jihaddi forum, I can quickly own that group. Confidentiality is certainly a big concern. And that is one reason I refuse to have direct conversations with any dissidents, I am far too visible for them to risk talking to me. The best, most certain way to prevent breach of confidential information is not to have any. But availability is still king and integrity is still queen. What those people are risking their lives to do is to get the information out. That is an availability concern. If you have a system that provides for Integrity, you don't need confidentiality because you don't need to publish information that puts lives at risk in any form. If you know that a document was written by one of the Federalist papers authors, you don't need to know who that is to take notice of it. > I currently agree with RFC7435 "Opportunistic Security" [*] which > values encryption higher than authentication if it helps to defend against > passive attackers. Conversely, if preventing active attacks makes a > system more complex so that its adoption goes down and most people are > thus not even safe against passive attacks we have failed. > I think you have the argument mistaken there. RFC7435 is talking about preventing mass surveillance. And that is a confidentiality problem. OpenPGP is not designed to prevent mass surveillance, and there are few tools less suited to that task than OpenPGP and S/MIME. Other than sending an email to the NSA saying 'look at me', I can't think of anything more likely to label you as a risk than sending encrypted messages in an unencrypted transport. Back in the 1990s when OpenPGP and S/MIME were designed, crypto was expensive. It took seconds to perform operations. Even with Raspberry Pi class devices, crypto is essentially free since the CPU can encrypt faster than the ethernet port can shovel bits. Back in the 1990s it was transport layer security OR message layer. Today it is both. Opportunistic encryption is certainly useful at the message layer and it is practically free. But that doesn't mean authentication is more useful. And RFC7435 is not an argument against authentication.
_______________________________________________ Messaging mailing list Messaging@moderncrypto.org https://moderncrypto.org/mailman/listinfo/messaging
