[Cryptography] Separating concerns

Jerry Leichter leichter at lrw.com
Thu Aug 29 07:15:59 EDT 2013 

On Aug 28, 2013, at 2:04 PM, Faré wrote:
>> My target audience, like Perry's is people who simply can't cope with anything more complex than an email address. For me secure mail has to look feel and smell exactly the same as current mail. The only difference being that sometime the secure mailer will say 'I can't contact that person securely right now because…'
>> 
> I agree with Perry and Phill that email experience should be
> essentially undisturbed in the normal case, though it's OK to add an
> additional authorization step.
> 
> One thing that irks me, though, is the problem of the robust, secure
> terminal: if everything is encrypted, how does one survive the
> loss/theft/destruction of a computer or harddrive? I'm no ignoramus,
> yet I have, several times, lost data I cared about due to hardware
> failure or theft combined with improper backup. How is a total newbie
> to do?
This is a broader problem, actually.  If you've ever had to take care of someone's estate, you'll know that one of the problems is contacting all the banks, other financial institutions, service providers, and other such parties they dealt with in life.  My experience dealing with my father's estate - a fairly simple one - was that having the *paper* statements was the essential starting point.  (Even so, finding his safe deposit box - I had the unlabeled keys - could have been a real pain if my sister didn't remember which bank it was at.)  Had he been getting email statements, just finding his mail accounts - and getting access to them - could have been a major undertaking.  Which is one reason I refuse to sign up for email statements ... just send me the paper, thank you.  (This is getting harder all the time.  I expect to start getting charged for paper statements any time now.)

Today at least, my executor, in principle, work with the mail provider to get access.  But for truly secure mail, my keys presumably die with me, and it's all gone.

You don't even have to consider the ultimate loss situation.  If I'm temporarily disabled and can't provide my keys - how can someone take care of my bills for me?

We can't design a system that can handle every variation and eventuality, but if we're going to design one that we intend to be broadly used, we have to include a way to handle the perfectly predictable, if unpleasant to think about, aspects of day to day life.  Absolute security *creates* new problems as it solves old ones.  There may well be aspects to my life I *don't* want revealed after I'm gone.  But there are many things I *do* want to be easily revealed; my heirs will have enough to do to clean up after me and move on as it is.

So, yes, we have to make sure we have backup mechanisms - as well as key escrow systems, much as the term "key escrow" was tainted by the Clipper experience.

                                                        -- Jerry

More information about the cryptography mailing list