[Cryptography] Email and IM are ideal candidates for mix networks
Ray Dillinger
bear at sonic.net
Mon Aug 26 14:01:43 EDT 2013
On 08/25/2013 08:32 PM, Jerry Leichter wrote:
> Where
> mail servers have gotten into trouble is when they've tried to provide
> additional services - e.g., virus scanners, which then try to look
> inside of complex formats like zip files. This is exactly the kind
> of thing you want to avoid - another part of the "mission creep" that
> we tend to see in anything that runs on a general-purpose computer.
Absolutely agreed; the most reliable things are the least complex.
> That's 20th century thinking: The computer is expensive, keep
> it busy. Twenty first century thinking should be: The computer
> is cheap - leave it alone to do its job securely.
My thinking is more like: The computer has a multitasking OS. Whatever
else it needs to be doing will be in another process. So you lose nothing
if you keep each process simple. Or if it's a single-purpose box intended
to provide security; don't dilute its purpose. Keep it simple enough that
even installations of it in the wild, after unknown handling and in all
possible configurations, can be unambiguously, easily, and exhaustively
tested so you know they're doing exactly what they should be and no more.
> Realistically, it will be impossible to get little appliances like
> this patched on a regular basis - how many people patch their WiFi
> routers today? - so better to design on the assumption there won't
> be any patches.
Also agreed; online patches are the number one distribution vector of
malware that such a device would need to be worried about. Firstly
because whoever can issue such a patch is a central point of control/
failure and can be coerced. So send it out with an absolutely sealed
kernel.
Bear
More information about the cryptography
mailing list