e2e all the way (Re: Another entry in the internet security hall of shame....)
Adam Back
adam at cypherspace.org
Fri Aug 26 13:59:47 EDT 2005
On Fri, Aug 26, 2005 at 11:41:42AM -0400, Steven M. Bellovin wrote:
> In message <20050826082432.GA1797 at bitchcake.off.net>, Adam Back writes:
> >Thats broken, just like the "WAP GAP" ... for security you want
> >end2end security, not a secure channel to an UTP (untrusted third
> >party)!
> >
>
> What is security? What are you trying to protect, and against whom?
Well I think security in IM, as in all comms security, means security
such that only my intended recipients can read the traffic. (aka e2e
security).
I don't think the fact that you personally don't care about the
confidentiality of your IM messages should argue for not doing it.
Fair enough you don't need it personally but it is still the correct
security model. Some people and businesses do need e2e security. (It
wasn't quite clear, you mention you advised jabber; if you advised
jabber to skip e2e security because its "too hard"... bad call I'd
say).
> Do I support e2e crypto? Of course I do! But the cost -- not the
> computational cost; the management cost -- is quite high; you need
> to get authentic public keys for all of your correspondents. That's
> beyond the ability of most people.
I don't think it is that hard to do e2e security. Skype does it.
Fully transparently.
Another option: I would prefer ssh style cached keys and warnings if
keys later change ("opportunistic encryption") to a secure channel to
the UTP (MITM as part of the protocol!).
Ssh-style is definitely not hard. I mean nothing is easier no doubt
than slapping an SSL tunnel over the server mediated IM protocol, but
if the security experts are arguing for the easy way out, what hope is
there. I'm more used to having to argue with application
functionality focussed people that they need to do it properly -- not
with crypto people.
I do think we have a duty in the crypto community to be advocates for
truly secure systems. We are building piecemeal the defacto privacy
landscape of the future; as everything moves to the internet. Take
another example... the dismal state of VOIP security. I saw similar
arguments on the p2p-hackers list a few days ago about security of p2p
voip: "who cares about voice privacy" etc.
Adam
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list