[Cryptography] upgrade mechanisms and policies
ianG
iang at iang.org
Tue Apr 28 09:42:32 EDT 2015
On 19/04/2015 02:56 am, Jerry Leichter wrote:
> On Apr 16, 2015, at 5:59 PM, ianG <iang at iang.org> wrote:
>>> I mean, for instance. Do you think this email should be encrypted, or
>>> simply authentificated?
>> These emails should be un-auth, moderated and encrypted.
> This answer actually contradicts the rest of your point, which comes down to: You can't make sensible security choices without considering the entire system.
Indeed. I was speaking to what I think we want, not what I think we can
do easily.
> This is an open mailing list. Anyone can ask to join, and will receive all the messages. Given that ... encryption is pointless. The list itself acts as an oracle for any encryption done on the list!
Entirely. But it is a cryptography list. If there is anywhere that
should be able to do an encryption list it is here.
Actually the encrypted list is something that is often demanded of
groupware software, and it is a well-known hard problem. Normally this
is helped a bit by closing off the access to ones group, but this
doesn't help the fact that too many holders of the secrets is too
brittle. Forwarding, backups, local hacks and all that.
> As for authentication, for one thing, there are (at least) two possible kinds of authentication for messages here: Of the original author, and that the message actually came through the list forwarder. One can easily construct scenarios in which the presence or absence of either of these is desirable, and the two are independent of each other.
Indeed. But take the well-known case of SSL. The industry bends over
backwards to state that authentication of the server is the key benefit.
Yet, they fail to authenticate the server in phishing - a simple
bypass attack. And for most webservers, they couldn't care less about
their own authentication, what they care about is the client
authentication. SSL completely muffs client authentication, leaving the
users to come up with ad hoc password stuff.
(Yeah, now poeple will chime in and repeat the marketing about how it's
hard because of multiple devices and and and ... the point is, every
which way you look at the SSL story, it isn't about what the users need,
it's about what was easy to convince to be sold.)
> And even if authentication of the original author is desirable - that covers a huge piece of ground. Would you want to bind the identity of this message to my passport - one extreme - or merely to previous messages - on this list? In this response stream? Anywhere on the Internet? - sent with the same apparent identity?
Well no. I said un-auth. Specifically, my threat here is in an unknown
time and place in the future, during hot crypto wars II, my comments on
this list are taken as evidence that I'm an international arms dealer.
I don't want to be auth'd on this list.
> Simple point-to-point communication between parties who have some external way of identifying each other is the easy case. Everything else is harder - sometimes *much* harder.
Even simple point-to-point communication is hard, because of that
additional rider. And if we factor out email, which is practically
insecurable (handwavy opinion) there isn't another robust Internet p2p
communications mechanism that is open and distributed.
iang
More information about the cryptography
mailing list