[Cryptography] Usage models (was Re: In the face of "cooperative" end-points, PFS doesn't help)
Walter van Holst
walter.van.holst at xs4all.nl
Tue Sep 10 12:07:25 EDT 2013
On 08/09/2013 21:51, Perry E. Metzger wrote:
> On Sun, 8 Sep 2013 14:50:07 -0400 Jerry Leichter <leichter at lrw.com>
> wrote:
>> Even for one-to-one discussions, these days, people want
>> transparent movement across their hardware. If I'm in a chat
>> session on my laptop and leave the house, I'd like to be able to
>> continue on my phone. How do I hand off the conversation - and the
>> keys?
>
> I wrote about this a couple of weeks ago, see:
>
> http://www.metzdowd.com/pipermail/cryptography/2013-August/016872.html
Which is pretty spot-on and one of my biggest gripes about OTR. It just
doesn't mesh at all with user's expectations.
> In summary, it would appear that the most viable solution is to make
> the end-to-end encryption endpoint a piece of hardware the user owns
> (say the oft mentioned $50 Raspberry Pi class machine on their home
> net) and let the user interact with it over an encrypted connection
> (say running a normal protocol like Jabber client to server
> protocol over TLS, or IMAP over TLS, or https: and a web client.)
Sounds like another Freedom Box...
Anyway, if we consider each device an end-point to a group-chat that has
to be verified at least once by another end-point (and that is a
somewhat doable thing, e.g. the socialist millionaire's problem), what
about having end-points being able to vouch for other end-points?
For example if I introduce my smartphone to an already existing instant
messaging chat, I can vouch for it through my PC and if other end-points
already trust my PC, there is no reason not to trust my smartphone either.
If this is a dumb idea, feel free to point it out.
Regards,
Walter
More information about the cryptography
mailing list