On Thu, 2007-04-12 at 09:46 -0600, Peter Saint-Andre wrote: > What's going on here? In part, I think there is a certain elitism. > Security isn't easy, and if you're not willing to put *some* level of > thought into what you're doing, then you don't deserve to enjoy the > benefits of end-to-end encryption. With something like OTR, you need to > check the fingerprints of your chat partners (just as, for example, you > do in using ssh -- though how many geeks even validate fingerprints the > first time they connect to a new host via ssh?). With ESessions you will > need to check either fingerprints or use Short Authentication Strings > (SAS). With XTLS you'd have to do something similar as well.
End-to-end security No single point of trust Ease of use Pick two. If we're willing to introduce a trusted third party (or a federated network of trusted third parties) to mediate authentications, then we can eventually, some day, have an e2e security protocol which is comprehensible to mainstream users. For example, if the root and TLD DNS zones are ever signed, we could find a way to stuff user certificate fingerprints into DNS records and use those to verify user identities. (That might not be very practical because users don't typically have easy ways of publishing DNS entries, but ignore that problem; it's just an example.) I think there's a reluctance to go that route, though, because although the traffic may be encrypted end-to-end, the trust relationships are not. Verisign or MIT could impersonate me by signing DNS records a forged fingerprint. None of the alternatives to a central or hierarchical authentication are very usable. The currently known (to me) alternatives are: 1. The SSH model: Make a leap of faith the first time you converse with someone, and throw up a red flag when that person's security token changes. But people lose and recreate their security tokens all the time for legitimate reasons, so in addition to making an ill-founded initial leap of faith, most users find they have to become willing to take later leaps of faith on a regular basis. There is no real authentication here, and you just wind up burdening the average user with occasional red flags that they can't comprehend. 2. The PGP model: Meet in person and exchange security tokens. Since you can't meet everyone you talk to in person (and if you do, do you really know they are who they say they are?), extend those trust relationships using a "web of trust". If there is a single path from you to someone you want to talk to, anyone along that path could be forging the other user's identity. If there are multiple independent paths, you have more assurance since several people would have to collude to forge the other user's identity--but good luck making this decision understandable to a random user. Does this make ESessions a waste of time? I'd say no; just because we can't combine great usability with great end-to-end trust doesn't mean we shouldn't try to come as close as possible.
