[Cryptography] GNU's "anonymous-but-taxable electronic payments system" Heh.

Ray Dillinger bear at sonic.net
Thu Jun 9 13:34:29 EDT 2016 


On 06/07/2016 09:14 AM, Phillip Hallam-Baker wrote:

> 
> This is something that I see as a trend in modern crypto that is worth
> reminding people of.
> 
> Back in the 1980s, we faced some really difficult deployment challenges:
> 
> 1) Machines were slow. Even RSA1024 was slow enough to have a serious
> impact on your application.
> 
> 2) Network connectivity was the exception. Applications had to be written
> so that someone could dial into their ISP, upload their outgoing mail and
> download their incoming and disconnect without any user interaction.
> 
> 3) Some idiots thought that ASN.1 was actually useful.
> 
> None of these restrictions apply to the vast bulk of machines and network
> users today. Yes there are parts of rural Montana and remote parts of
> Nigeria where connectivity is still 'batch mode'. But those folk are not
> going to be early adopters for anything. Yes there are more 8 bit CPUs
> being produced this year than at any time in the past. But those devices
> never supported IP and never will.
> 
> It is very easy for people to look at the legacy crypto applications and
> assume that those represent timeless design truths. They don't. Those
> systems were designed around constraints that no longer exist.

Honestly, it would be better if software designers hadn't taken that
"ubiquitous network connectivity" thing to heart.  There is nothing
better for security and privacy (and in many cases functionality!)
than avoiding unnecessary connections.

Example 1:  GPS does not require a network connection.  It is an
application for a passive radio receiver.  But, when I used a GPS
on my phone, it loaded the network every damn time downloading the
map.  Not just checking for map updates, but downloading the whole
damn map.  Every time.  And if it didn't get network connectivity
it wouldn't use the map it had downloaded last time, it just failed.
Maybe people don't want their location monitored in real time,
would enjoy a GPS application that doesn't waste bandwidth, or are
somewhere out in the boonies with GPS reception but no cell towers.
This is one of several reasons I no longer use smart phones.

Example 2:  Help does not require a network connection.  When I
go to a conference, it's often about code and I sometimes want to
write or review code.  But it's always got a hotel Wi-Fi, and I
don't usually want to bother to try to be secure on a hotel wi-fi,
so I don't hook up the network.  The immediate result is that none
of the applications help systems work.  And there's not even an
option to download a snapshot of the current help database for
offline use.  Maybe people don't want what software they're using
and what they're doing with it monitored.  Maybe they're someplace
where they don't trust the network.  Incidentally none of these
help systems are encrypted, so MITM and content monitoring is
direct and simple.

Example 3:  Document preparation softare that wants to save a
copy every fifteen seconds and wants to save it over the network.
It becomes completely unusable (because you can't turn this "feature"
off) if not network-connected because it pops up an annoying dialog
every fifteen seconds that you have to click away.  And maybe I
didn't want people monitoring what software I was using for document
prep or what I was writing.

Example 4:  Device backup and sync systems that are completely
incapable of using local media.  Maybe I don't want people at your
data center pawing through all my contacts, emails, appointments,
applications, and documents.  Or maybe I want to sync my devices
while I'm at a &#)*(&% hotel, coffee shop, or other place where the
wifi is insecure, or even while visiting my brother who lives
where there is no cell service.  I'm fine with using a USB stick
to do sync, thanks.  Why can't I?

In general, any software which is incomplete or non-functional
in the absence of a network connection, ought to be software that
is utterly useless in the absence of information from a remote
location that becomes irrelevant within one minute.  Otherwise,
just check for updates - or better yet, check configuration for
how often to check for updates.  I'm happy checking for help
and map updates once a month, and if I turn off real-time traffic
flow monitoring, I shouldn't be bothered about the absence of
network connections.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160609/144c6d3f/attachment.sig>

More information about the cryptography mailing list