[Cryptography] Size of the PGP userbase?

Phillip Hallam-Baker hallam at gmail.com
Fri Dec 13 15:56:47 EST 2013 

On Fri, Dec 13, 2013 at 2:19 PM, Jon Callas <jon at callas.org> wrote:

> On Dec 12, 2013, at 7:19 PM, Phillip Hallam-Baker <hallam at gmail.com>
> wrote:
>
> > What has changed here is Snowdonia has arrived.
> >
> > This may not be the most relevant response to Snowden but it is the
> crypto deployment that gives the end user the most security for the least
> effort.
>
> Please don't think I am trying to discourage you. You're doing something
> fantastic here. I'm only trying to give some hints based on my own
> successes and failures.
>

Understood. Unlike the DANE WG I prefer to know the problems.

The thing that does irritate me is when I am five words into my explanation
before they come out with 'won't work, SPAM!' which is stupid at so many
levels, not least the idea that I haven't thought of spam as a problem.

One of the reasons I use gmail is that it is one of the few platforms that
can cope with my spam load. I receive more spam that gets through my
filters than most people get mail. I don't know how much is rejected
outright but when I was at VeriSign I was getting a quarter of the mail
sent to the company because of the spam.

E2E email does not prevent spam filtering, it only affects one technique
and one that is not very effective at that. Content filtering is not a good
spam reduction technique but it does kill viruses. There are several
approaches that can be used. One of them is to only accept E2E encrypted
mail from people who are known and trusted and give everyone else the key
for the spam/virus filter.

Another would be to modify the S/MIME protocol so that a mail gateway can
add in a header with 'prohibited content types' (or acceptable ones). then
modify the protocol slightly so that only clients that understand the
restriction can decrypt.



> The major reason email security has failed is that crypto is easy, user
> experience is hard. The developments have focused on the crypto, and only
> then on the UX. Even the best ones fall down on the most important parts of
> UX, the initial experience.
>
> Every place I have succeeded, it's because we started with the UX and made
> the crypto work. The places where we let the crypto trump the UX, we failed.
>

Amen.

The model I am taking here is that

1) The user never has to make any more effort to perform a task securely

2) The apparent model of how the system works is a useful approximation to
the actual way it works.

So a strong email address is not actually the encryption key or even a hash
of the  encryption key. It is the hash of the signing key of the personal
master key (aka CA) which signs the encryption key. But it looks close
enough to being the thing you encrypt to for the user to think they
understand how it works.

The nuts on your car wheels don't actually hold the wheel to the car
either. They hold the rim to the hub. The hub is held on by one little nut.



> Snowdonia is giving a spur to lots of people to finally get off their
> asses and do something. However, if they think to themselves, "Well, the
> NSA isn't after *me*..." then we're back where we were.
>

The NSA is after you and me but probably not Joe Bloggs.

But the Russian mafia is after Boggs, or at least his money. And because of
that his electricity utility won't send him his bill in email, it has to go
to a web site where he keeps an account and is required to remember a
piddly username and password he uses once a year. And it is all a waste of
time security wise because the reset on the username password is his email.


I think that my strong email addresses will help corporate mail users move
a lot of their customer communications from the Web to mail. So rather than
sending a message to the user to tell them to go to the web site to find
out something the company wants to tell them, they can just tell them
straight out.




-- 
Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131213/b7955bf1/attachment.html>

More information about the cryptography mailing list