Re: Call for a Jasmine Revolution in the IETF: Privacy, Integrity,

Phillip Hallam-Baker wrote:
> Another mistake was the absolutist insistence on end to end security models
> despite abundant evidence that people could not make use of them. Military
> communications use end-to-end where possible but they have the luxury of
> specialist trained cipher clerks and coms operators.
I don't think this is correct.

The end-to-end security model is actually the only one that did work,
provided that it could be used in an ad-hoc fashion PGP, SSH, WPA/WPA2
-- i.e. without any need to involve any third party, pay fees and go
through a very bureaucratic setup process and end up with a severely
constrained, lifetime-limited result.


Things that failed badly are those that are severly usability-impaired
for ad-hoc usage (such as TLS) or completely locked against ad-hoc usage
(such as S/MIME), simply because the technology completely ignored
how security works for humans in real life: it starts ad-hoc with a
leap-of-faith on initial encounter and trust develops over time
through memorizing experience of previous encounters.

The original SSH approach is really the most natural fit, and it just
worked out-of-the box for Linux installations (I realize I haven't
been installing Linux Distros for a couple of years ...)  Did this
change in the meantime?



A devastatingly large number of Web-Servers and WebShops has been
misapplying SSL/TLS.  And it takes Foolproof point-and-click exploits
such as Firesheep to make businesses move slighlty towards better
security from the irresponsible state they've been holding for
years in full awareness of their own negligence. 


-Martin
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf