[Cryptography] October 28th is now National Cryptography Day

Tom Mitchell mitch at niftyegg.com
Sat Nov 19 04:05:08 EST 2016


On Mon, Nov 14, 2016 at 6:30 AM, Phillip Hallam-Baker <hallam at gmail.com>
wrote:
>
> On Sun, Nov 13, 2016 at 7:39 PM, ianG <iang at iang.org> wrote:
>
>> On 12/11/2016 15:18, Phillip Hallam-Baker wrote:
>>
>>> If Hilary had encrypted her email, she would almost certainly be
>>> president elect.
>>>
>>>
> ‚ÄčThere can be an international cryptography day as well. Preferably in the
> summer.
>

Summer and International... golly...
You just excluded the north or southern hemisphere  ;-)

For me the take away is that there is no system for email
that is sufficiently secure today that is user friendly
and  accessible from common tools like a phone, notebook,
chromebook or common desktop/side computer.

A critical path problem for archives is that the archive is also a treasure
trove
and the messages must be readable by many which argues with cryptography.

It is technically easy for two of us to exchange messages with
strong encryption but adding more recipients becomes a tangle.
Audit and archive is the third and fourth reader that breaks things.

The archival requirement for mail in this case appears to mandate
that the message store/archive be in the clear or locked with
an archive key.   The key management over time seems difficult.

Anyone that communicates with a famous person securely
will need a dedicated key pair for that person to deliver on a legal
request.  Famous  can reach back in time so I need to have a
public/private key pair for each of  1000+ individuals in my contact
list and also their public key used to communicate with me.
Or the valid legal request for a key for all messages to a named individual
would unlock all messages to the 999+ unnamed individuals.

Transport security to and from a trusted device and a server seems
possible.   Printing and screen capture from a remote device is
a real problem.   Again a central server would have to manage
all the keys over time.  The managing team of that central server
could have a Snowden so the larger the server the larger the treasure trove.

To me there are mixed agenda.   Some like the media want access
via a freedom of information request or full transparency.   This requires
that a broker
be in a position to inspect, classify, redact, reclassify or deny
distribution
of the document.    Others wish to audit security... and track
all communications to detect disclosure real-time and in history.
Meta data -- yes that is also critical.
One bit of meta data is not an issue but the entire flow of meta data
would have a high classification as the deception of "Operation Fortitude"
of WW2 demonstrated.














-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161119/617f8427/attachment.html>


More information about the cryptography mailing list