[Cryptography] Usage models (was Re: In the face of "cooperative" end-points, PFS doesn't help)

Sun Sep 8 19:15:44 EDT 2013

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 9/8/13 1:51 PM, Perry E. Metzger wrote:
> On Sun, 8 Sep 2013 14:50:07 -0400 Jerry Leichter
> <leichter at lrw.com> wrote:
>> Even for one-to-one discussions, these days, people want 
>> transparent movement across their hardware.  If I'm in a chat 
>> session on my laptop and leave the house, I'd like to be able to 
>> continue on my phone.  How do I hand off the conversation - and
>> the keys?
> 
> I wrote about this a couple of weeks ago, see:
> 
> http://www.metzdowd.com/pipermail/cryptography/2013-August/016872.html
>
>  In summary, it would appear that the most viable solution is to
> make the end-to-end encryption endpoint a piece of hardware the
> user owns (say the oft mentioned $50 Raspberry Pi class machine on
> their home net) and let the user interact with it over an encrypted
> connection (say running a normal protocol like Jabber client to
> server protocol over TLS, or IMAP over TLS, or https: and a web
> client.)

Yes, that is a possibility. Personally I'm still mulling over whether
we'd want your little home device to be a Jabber server (typically
requiring a stable IP address or an FQDN), a standard Jabber client
connected to some other server (which might be a personal server at
your VPS or a small-scale server for friends and family), or something
outside of XMPP entirely that merely advertises its reachability via
some other protocol over Jabber (in its vCard or presence information).

> It is a compromise, but one that fits with the usage pattern
> almost everyone has gotten used to. It cannot be done with the
> existing cloud model, though -- the user needs to own the box or we
> can't simultaneously maintain current protocols (and thus current
> clients) and current usage patterns.

I very much agree.

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSLQUgAAoJEOoGpJErxa2p9NUP/3R2p37pupeFB3GV5NJt1sN9
kOO+P9TXO8Ra3WXeQcNcwe43tVfpKlJIbHa9tZbs5Mvl6F2TSqChTxZ2ftS178Ul
QAhX3SuztbPr7LUjROmmwLBVHr9k06LMVjSM4B5XFk3uGV+5IrTfpRkBLH7UB7vh
9mA21Zu/tGjUNPZBbHJIqXHhHMFTS4ewUznEwr4vT87xVkcG2yJ385IF/6Q22a1u
n6hWuLPcWwABROIXRhZ/wDafEKnchUGiAICiGpAjd6Ngrc3gzvsOGPjcIdFS9sO8
SWO1W+AJQi6HlcnMrmlmlRJL/pBkQbOvV97/VozOKmwdP7a6LZ+OcRkpyy4HrV2C
5KBvYrl66G/G6WaWF9juRbjSvQLhpJ6CkSJ0vwfttCfI2oTmAGo/+d/L1V6Pdmv5
RYWoON6wyHTOTmvmewEcjHGzTKgae+u4BcbzZND1vpaoN4Wo5eXWQ5NkAUzK1INY
NIz4kORhnHsGOfy8SCKV7WO6JQHFzFc7hZMZ8y0VkfozVK1N0IJRxPblWynI/wo6
xy3WtCWvAmCmDL0fm0SdVC3K85hJFD2kbPQWoqyKPq700PjE4/WJyL4/0Eu2cYa5
m9rB/vM5Cdkrv9LEJtZjQ7Ro0flV21P+rr2iZXVSXPVbzuj4K4oRGihcXwD9E/B7
+o+v/Ckzamfi1fpawnDk
=ICV8
-----END PGP SIGNATURE-----