[Cryptography] PRISM-Proofing and PRISM-Hardening

[John Kelsey]

On Sep 19, 2013, at 5:21 PM, Phillip Hallam-Baker <hallam at gmail.com> wrote:

>  Criminals circumvent the WebPKI rather than trying to defeat it. If they did start breaking the WebPKI then we can change it and do something different.

If criminals circumvent the PKI to steal credit card numbers, this shows up as fraud and is noticed without any need for a Snowden.  Eavesdropping doesn't show up in such an obvious way.  

> But financial transactions are easier than protecting the privacy of political speech because it is only money that is at stake. The criminals are not interested in spending $X to steal $0.5X. We can do other stuff to raise the cost of attack if it turns out we need to do that.

Also, criminals find it harder to spend a few million up front before they get the first payoff.  Nor can they appeal to patriotism or compel compliance via the law.  

> If we want this to be a global infrastructure we have 2.4 billion users to support. If we spend $0.01 per user on support, that is $24 million. It is likely to be a lot more than that per user.

It has to pay for itself ultimately, at least as well as email does. 

--John