Re: [Cryptography] Specification: Prism Proof Email

[Bill Frantz]

On 9/20/13 at 11:59 AM, hal...@gmail.com (Phillip Hallam-Baker) wrote:


As someone who has seen the documents said to me this week, given a choice
between A and B, the NSA does both. We have to do the same. Rather than
have a pointless argument about whether Web 'o Trust or PKIX is the way to
go, let everyone do both. Let people get a certificate from a CA and then
get it endorsed by their peers: belt and braces.


This approach certainly meets my requirements. As a UI 
designer/user I want it to JFW (Just ... Work) invisibly under 
the covers. As a boarder-line paranoid, I want a indicator of 
which methods passed. :-)


Let's add to the list of methods the SSH method of, "The same 
key used the last time".


I assume users of the CA method would register with the CA in 
some maner which would probably cost money. (How the CA 
separates me from Bill Frantz, the professional photographer in 
Illinois is not going to be cheap.) I understand there is still 
a trademark dispute between the US beer Budwiser and the German 
beer of the same name.


In the WoT case, having your key fingerprint written on a QR 
code is a neat hack. Put it on the back of your business card[1].


I think CAs will be most useful for businesses while WoT will be 
most useful for individuals. Everyone will be more comfortable 
when the SSH test passes.


Cheers - Bill

[1] Back in days of yore, I needed to send some company private 
data to my home computer. I didn't have the fingerprint of my 
key at work, but I did have Carl Ellison's business card with 
the fingerprint of his key. He had signed my key which was 
available on a key server, so I had good enough reason to trust 
that the key was actually mine.


---
Bill Frantz| Since the IBM Selectric, keyboards have gotten
408-356-8506   | steadily worse. Now we have touchscreen keyboards.
www.pwpconsult.com | Can we make something even worse?

___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

[Cryptography] Specification: Prism Proof Email

[Phillip Hallam-Baker]

We need an email security infrastructure and recent events demonstrate that
the infrastructure we develop needs to be proof against PRISM-class attacks.

By PRISM-class I mean an attack that attempts pervasive surveillance with
budgets in excess of $100 million rather than the PRISM program in
particular.

Neither OpenPGP nor S/MIME is capable of providing protection against this
class of attack because they are not widely enough used. We can only hope
for these to be useful if at least 5% of Internet users start sending mail
securely.

But while the legacy protocols are not sufficient, 95% of the existing work
is fine and does not need to be repeated although there may be some details
of execution that can be improved.

The part that is going to need new research is in the area of trust models.
As someone who has seen the documents said to me this week, given a choice
between A and B, the NSA does both. We have to do the same. Rather than
have a pointless argument about whether Web 'o Trust or PKIX is the way to
go, let everyone do both. Let people get a certificate from a CA and then
get it endorsed by their peers: belt and braces.

The idea in this draft is to split up the problem space so that people who
know email clients can write code to support any of the research ideas that
might be proposed and any of the research ideas can be used with any of the
mail clients that have been enabled.


The draft is to be found at:

http://www.ietf.org/id/draft-hallambaker-prismproof-dep-00.txt

-- 
Website: http://hallambaker.com/
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography