[Cryptography] PRISM-Proofing and PRISM-Hardening

[Bill Frantz]

On 9/18/13 at 6:08 AM, hallam at gmail.com (Phillip Hallam-Baker) wrote:

>If I am trying to work out if an email was really sent by my bank then I
>want a CA type security model because less than 0.1% of customers are ever
>going to understand a PGP type web of trust for that particular purpose.
>But its the bank sending the mail, not an individual at the bank.

I know I would be a lot more comfortable with a way to check the 
mail against a piece of paper I received directly from my bank 
(the PGP model). I would have no problem in entering a magic 
authentication string (the key fingerprint) into my mail agent 
to authenticate my bank. The security of my money is of more 
that trivial importance.

Second would be having my mail agent tell me that the mail came 
from the same place as the previous piece of email I received 
(the SSH model). This model would work for most of my friends 
where MitM is unlikely. In the cases where MitM worries became 
important, I could then check fingerprints.

The CA model lets a powerful attacker subvert the CA at any time 
ignoring both out of band and same-as-the-last-time 
authentications. I'm OK with CAs for credit card transactions. 
There's a $50 limit on my risk from fraud.

Cheers - Bill

-----------------------------------------------------------------------
Bill Frantz        | Truth and love must prevail  | Periwinkle
(408)356-8506      | over lies and hate.          | 16345 
Englewood Ave
www.pwpconsult.com |               - Vaclav Havel | Los Gatos, 
CA 95032