Reality check. That is assuming the "average person" or the providers of services to such persons, cares enough to do anything. If the past ten years have demonstrated anything, the average person and provider do not care. Indeed, conversely, they will be concerned about cost, performance, ease of use, and attractive feature sets.
Only the non-average will care in the following order: governments (mostly), companies communicating sensitive information, criminals and terrorists, and a few super-paranoid. The latest traitor-theft incident has principally accomplished: 1) a significant shift of resources by almost all the other governments to scale up their ability to do better pervasive surveillance, 2) the significant scaling of surveillance and analysis vendors to sell into the expanding government and commercial markets, 3) the shift of criminals and terrorists to more secure communication, and 4) a degree of largely self serving flailing around for exploitation purposes by politicians and lobbying groups. Perpass falls into the noise, except for generating new ideas for the above actors. It is called the law of unintended consequences. :-) -t On 2013-10-20 5:28 AM, Yoav Nir wrote:
So while I don't think we can make any particular protocol safe for a suspect, we can make it so that the average person feels safe enough to risk private communications as long as they believe they are "under the radar". Ideally, the steps to reach that goal would be enough to obscure the few who do use strong person-to-person authentication.
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
