Robert,
quick reply, my net is closing down, so I might
have made some mistakes here ....
>> Robert Relyea wrote:
>
> They haven't pushed because the encryption genie is a out of the bag.
Well. There is even reason to disagree with that :)
I'd say they haven't pushed because they've realised that if
they ease off a bit, there will be less of a morally inspired
community building free crypto. At least, that's the effect
we noticed after 2000, and it's also what the spooks wrote
up as a policy tool in some article ("Foreign Affairs" mag
I think).
But, this is not a real disagreement, all these reasons have
their place.
> BTW sorry if I tend to rant on this it's because "partial security" is a
> pet peeve of mine.
Rant on! You've walked into a pet peeve of mine -
denying any security to those who can't afford your
fully secure systems. One of us must be wrong :)
> It's more dangerous than no security because it invites
> people to 'trust' connections more than they should.
Ah, the old "false sense of security" chestnut. Guess
what secures against these things:
* credit card loss in internet transactions
* connecting to the wrong server
* MITM attack on a connection to the server?
Nothing. The first falls when the box gets hacked
(was it 12000 or 13000 Linux boxes each month? 4000
Microsoft boxes?)
The second is the subject of phishing (about 10 emails
in my box in the last 24 hours), and the third falls
due to users clicking through the warnings on an SSL
connection (very rare though, I've only ever seen one
attacker use a cert a single time, and then they
stopped, silly really).
The first two are totally routine. All of these defeat
the security model of the browser. All of these rely
on what?
The false sense of security generated by the HTTPS / CA model.
Which is what we are battling against right here and now.
> 40-bit encryption is
> another area. 40-bit encryption only tags messages as 'interesting to look
> at'.
40 bit is good enough to protect my porn browsing
from my teenage son (whether I have these is not at
issue ;) Or, my soon-to-be-ex-spouse's discussions
with her divorce support mail group... or the lawyers
or the doctors or the teenagers or the neighbours on
the common cable or next door's 802.11b ... the list
goes on and on.
(Authenticated or not!) Yes, I am proposing that
we make 40 bit and/or unauthenticated crypto available
to all sorts of people. I happen to think it is way
way better than nothing. Which is what most of them
use now, because the whole cert thing is thrust upon
them.
> What you are proposing is another form of the 40-bit encryption
> problem. We *CAN* build secure systems. We *SHOULD* build secure systems.
BTW, just so you understand, NOBODY is suggesting that
we don't. Nobody is suggesting that these be made more
unavailable. Nor that they be more expensive.
We are just suggesting that *we* techies, who don't
have any clue as to what users are doing, stop making
illformed value judgments on how we can protect them.
Give them the options. They don't have to use them.
Not everyone on this planet is facing an imminent
attack by National Technical Means... Contrary to
the myths perpetuated in some crypto books, some
people have kid sisters.
> We *SHOULD NEVER* build systems that are only partially secure, but broken
> in fundamental ways.
Um. They did. I'm pissed. Unfortunately, it has taken
a long time, and a lot of research and investigation to
work out why and how they did. There are a lot of writings
on this, it's terribly long and involved and boring, but,
hey, archeology wasn't built in a day. If you are interested,
join us on the dig.
> Also, the scenario you just blithely threw out is one
> that I care deeply about getting right.
Care about it some more! No person who is trusting
their life to systems is going to accept that HTTPS is
trustworthy because some US cert isssuer happened to
be audited by some US auditor. It's a totally
meaningless security statement.
(Although, I really like the effect of running the
MITM by picking up a rogue cert from *another* CA
altogether... so that means that any one government
can happily spy on everyone from another country, if
they can get control of their own CAs! That's so ...
cool!)
Even Verisign will tell you that - they don't accept
much in the way of liability for a good reason! They
know the model only works if no-one challenges it in
a serious way. (Paper supplied on request...)
iang
PS: The people who get into life saving seriously are
http://www.cryptorights.org/
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
