[Cryptography] Separating concerns

Faré fahree at gmail.com
Wed Aug 28 14:04:34 EDT 2013 

On Wed, Aug 28, 2013 at 4:15 PM, Phill <hallam at gmail.com> wrote:
> My target audience, like Perry's is people who simply can't cope with anything more complex than an email address. For me secure mail has to look feel and smell exactly the same as current mail. The only difference being that sometime the secure mailer will say 'I can't contact that person securely right now because…'
>
I agree with Perry and Phill that email experience should be
essentially undisturbed in the normal case, though it's OK to add an
additional authorization step.

One thing that irks me, though, is the problem of the robust, secure
terminal: if everything is encrypted, how does one survive the
loss/theft/destruction of a computer or harddrive? I'm no ignoramus,
yet I have, several times, lost data I cared about due to hardware
failure or theft combined with improper backup. How is a total newbie
to do?

Most newbies rely on things surviving despite their lack of explicit
caution. Currently, they do it by basically trusting Google or some
other company with their mail. Whichever way you do things to make
them responsible for keys will lead to either (1) failure because it's
technically too hard, and/or (2) automated attacks on the weak point
that handles things for them.

For instance, you have a program that automatically recovers keys from
the escrow modulo a few questions. Then, either few questions are too
hard and he actually looses the keys, or they are easy enough that the
attacker can find answers and recover the key.

Or, you have standardized key management and backup policies. Then the
attacker can look at the standardized location for the precious keys,
and modulo extraction of some master key, can automatically steal
everyone's wallet.

And then, to prevent automatic extraction of security data, you find
that you need not just an appropriate distributed infrastructure
(which is more painful to fund if you can't sell the data and require
an explicit transaction from the user), but also secure terminals —
which implies a secure OS, and hardware that you actually control,
rather than big corporations that bend over for big governments.

That's a lot of yak to shave to provide end-users (or even average
geeks) with seemless secure email.

—♯ƒ • François-René ÐVB Rideau •Reflection&Cybernethics• http://fare.tunes.org
Being generous is inborn; being altruistic is a learned perversity.
No resemblance —
— Robert Heinlein, "Time Enough For Love"

More information about the cryptography mailing list