Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Security / reliability of cryptoheaven ?

D J Capelis djcapelis at cs.ucsc.edu
Wed Oct 3 05:41:29 PDT 2012


On Tue, Oct 2, 2012 at 8:41 PM, Maxim Kammerer <mk at dee.su> wrote:

> On Wed, Oct 3, 2012 at 3:52 AM, Brian Conley <brianc at smallworldnews.tv>
> wrote:
> > I am immediately suspicious of any service advertising simple easy
> encrypted
> > email
>
> Why? The notion that easy encrypted email is hard is a myth, perhaps
> resulting from people being trapped inside the concept of using PGP
> and its non-scalable “web of trust”. Liberté Linux implements cables
> communication [1], which provides just that — easy encrypted email.
> The catch is that there is no interoperability with SMTP, and there
> are no easy-to-remember usernames.
>

I like the part where you say the problem is easy and then point to a
solution with issues that make it anything but easy, tenable or workable.

I don't mean to be too snarky.  (Okay, I do.)

But saying that it's not a hard problem makes the real challenges that
remain less visible.  Throwing layers of encryption on e-mail is easy.
Verifying that it's being encrypted to the right person is *still* hard.
TOFU is often a great way to solve the problem good enough 90% of the way,
(honestly if it were up to me the ground level security guarantee we'd go
after is not that the person is the person you think they are, but merely
that the person you're talking to now is the same as the last time you
talked to someone with a specific ID.) but then dealing with the reality of
people using multiple device to use this stuff (and you can't just wish
that away) is the last 10% that's the next 90% where the solution quickly
becomes more murky.  And that's not even getting into platform inter-op
issues that drive so many people to want to do their crypto in a web
interface or on some other person's server.

Pretending it's an easy problem because technologies exist that aren't
usable ignore the real technology issues we haven't solved yet.

~DJ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20121003/189e499d/attachment.html>


More information about the liberationtech mailing list