ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] OpenPGP private certification

2015-04-10 12:25:08
from [ianG] [Permanent Link] 
On 8/04/2015 14:33 pm, Christoph Anton Mitterer wrote:

On Wed, 2015-04-08 at 09:23 -0400, Phillip Hallam-Baker wrote:

Crypto is not an iPhone.

Mine is.

Believing that you're secure with a proprietary driven system, from a
company which is known to have worked with mass surveillance
organisation (and if it's just because they were forced so by law), is
naive - at best.
No, it's security modelling. It all depends on what the business model is, which defines the threats that one has to deal with. There are plenty of people out there that don't care about the mass surveillance and there are plenty of people in here who do care about it. The reason that people out there don't care about mass surveillance is because they (a) don't see the harm or (b) have bigger harms to worry about. 

Sometimes valid reasons, sometimes not.
We have to remember that the old CIA was something that was taught to us back in the 1990s out of military models. E.g., it made sense to consider the MITM as a big commsec threat when our only experience was MITMs in aggressive military actions -- armies against armies. But the Internet was different, we had different threat actors, different values under protection, and different incentives.
There are probably more people out there that don't want authentication than do, or more precisely they want nymity. Canonically, recall all the people (eg) Manning who were caught over the net, and had recorded chat sessions used as evidence against. Having unattributable, untraceable content is actually a goal for many.
And things like twitter show how confidentiality isn't really the thing, but they still put everything over the HTTPS so that at least the passive surveillance is turned into active surveillance.
etc etc. Your enemy may be the NSA. But for most people most of the time, it's others: aggressive ex-spouses, parents who spy, business partners stealing money, teenagers getting into trouble with photos, etc etc. 




iang
ps; And to echo Phil, my crypto is iPhone too - end-to-end secure payments systems. 'cept, Java only runs on Android ;) 

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] OpenPGP private certification [was: Re: Manifesto - who is the new OpenPGP for?], ianG
Next by Date:  Re: [openpgp] 4880bis: Update S2K, Benjamin Kaduk
Previous by Thread:  Re: [openpgp] OpenPGP private certification, Christoph Anton Mitterer
Next by Thread:  Re: [openpgp] OpenPGP private certification, Werner Koch
Indexes:  [Date] [Thread] [Top] [All Lists]