Ian Grigg wrote:
Mozilla's mission is not to save political dissidents on exactly the same terms as they would save grandma's credit card. They are different and incompatible missions. If you confuse them, you will fail in one or the other of the missions (right now, it's the dissident who dies, and grandma doesn't get robbed).
So, you are proposing to ignore the dissident threat model? The consequence would be to go on as we had, but you seem to be arguing against that.
In short, yes. The problem is to construct a security system that does the greatest good for the benefit of as many as we can determine. Now, skipping for now, how we measure or determine that greatest good, it does seem that any generic browser manufacturer is going to be closer to the goal when thinking about grandma and her finance, rather than the dissident and his life.
A more analytical answer would construct the number of each class of users (a million grandmas and a thousand dissidents) and assign values to their losses. E.g., $200 per grandma and $2m per dissident. And then multiply it out to decide what we are deciding to cover. Then, balance that with the cost of constructing the solutions. (Unfortunately, this is a slam dunk, as you cannot protect the dissident, he is subject to too many attacks outside the control of the browser distributor that there isn't much point in including him specifically.)
Another factor is that there are organisations (cryptorights.org is one I know) that exist to serve the small, high work factor market of the dissident. Those guys know security as it is really done - to save lives - rather than the sort of vanilla security model that browsing implies, one flavour for all people.
(For example, unlike all the net cryptographers I have ever spoken to, the cryptorights guys have actual experience of active attacks like MITMs.)
Encryption provides a measure of protection, with one weakness (MITM).
If there's no man in the middle, why encryption?
Because there is the eavesdropper. The MITM is a more sophisticated form of attack - it involves an active component; it has both the ability to inject packets, and the side- effect of leaving tracks. That raises the costs significantly, and reduces the attack commensurately.
Not so the eavesdropper. They only listen to the packets, and the net is not "quantum" in that it cannot detect these copies. Simple encryption without authentication defeats the simple eavesdropper completely, and forces her (Eve) to move to MITMing. Which, in the process, eliminates most people's interest because they only do things that are costless.
There are no statistics on MITM, ergo (and we have a fair degree of confidence in this) it isn't happening to any great extent, such that it's worthwhile worrying about it.
No. There are good reasons to believe that the NSA processes *all* Internet traffic it can get its hands on or used to and still tries to. Encrypted traffic is way harder than cleartext, but we're talking about just such a case how that could be circumvented.
No, the NSA is an eavesdropper, in general. It does not do MITMing, again, in general. The NSA is (as far as we know) defeated completely by unauthenticated crypto techniques such as self- signed certs, ADH, and shared secret encryption.
Until it decides to take special action against a particular target, any of a half dozen basic crypto techniques will give complete privacy. As the cost of the NSA taking special action against a target is quite large - in effort terms and in risk terms - and as the coverage is only one target each time, this is done infrequently.
Now, examine the numbers. The NSA (and partners *) scoop up the traffic of a 100 million or so people (all who do international calls, much of the net, etc etc).
These people could be protected - completely - by ADH or self-signed. The NSA could possibly attack a thousand people directly (with MITMs, or other techniques). These people would not be protected by ADH/SS.
So, the policy is to protect the thousand, and not protect the 100 million. And pay for it. Mind you, this analysis only pertains if the NSA is the threat. If you are someone who doesn't care if the NSA & friends read your traffic, then it doesn't apply.
> And as for publicity: NSA = No Such Agency ;-)
They are at the moment advertising in the open market for jobs, so they are quite open these days.
iang
* What we are talking about falls under the rubric of Echelon, which is a system within the UKUSA partnership to scoop up as many forms of the open channels as possible: phone, net, etc. The UKUSA partnership includes the UK, US, AU, CA, NZ countries. _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
