ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Bruce Schneier's Proposal to dedicate November meeting to savingthe Internet from the NSA

2013-09-06 02:59:04
from [t.p.] [Permanent Link] 
----- Original Message -----
From: "Phillip Hallam-Baker" <hallam(_at_)gmail(_dot_)com>
To: "Andrew Sullivan" <ajs(_at_)anvilwalrusden(_dot_)com>
Cc: "IETF Discussion Mailing List" <ietf(_at_)ietf(_dot_)org>
Sent: Friday, September 06, 2013 4:56 AM

On Thu, Sep 5, 2013 at 11:32 PM, Andrew Sullivan

<ajs(_at_)anvilwalrusden(_dot_)com>wrote:



On Fri, Sep 06, 2013 at 03:28:28PM +1200, Brian E Carpenter wrote:


OK, that's actionable in the IETF, so can we see the I-D before
the cutoff?


Why is that discussion of this nailed to the cycle of IETF meetings?



It is not. I raised the challenge over a week ago in another forum.

Last

thing I would do is to give any institution veto power.


The design I think is practical is to eliminate all UI issues by

insisting

that encryption and decryption are transparent. Any email that can be

sent

encrypted is sent encrypted.


That sounds like the 'End User Fallacy number one' that I encounter all
the time in my work.  If only everything were encrypted, then we would
be completely safe.  Well, no (as you Phillip know well).  It depends on
the strength of the ciphers (you can get a little padlock on your screen
with SSL 2 which was the default in my local public access system until
recently).  It depends on the keys being secret (one enterprise system I
was enrolled on in 2003 will not let me change my password, ever - only
the system administrator has that power).  It depends on authentication
(I have a totally secure channel, unbreakable in the next 50 years, but
it is not to my bank but to a Far Eastern Power).  And so on.  Yet every
few weeks I hear the media saying, 'look for the padlock'.

I think that the obvious step to improving security is to get the world
at large possessing and using certificates, in the same way as the
governments of the world, not very long agao, persuaded us to use
passports.

Tom Petch



So that means that we have to have a key distribution infrastructure

such

that when you register a key it becomes available to anyone who might

need

to send you a message. We would also wish to apply the Certificate
Transparency approach to protect the Trusted Third Parties from being
coerced, infiltrated or compromised.

Packaging the implementation is not difficult, a set of proxies for

IMAP

and SUBMIT enhance and decrypt the messages.

The client side complexity is separated from the proxy using

Omnibroker.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA, Adam Novak
Next by Date:  Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA, Vinayak Hegde
Previous by Thread:  Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA, Phillip Hallam-Baker
Next by Thread:  Re: Bruce Schneier's Proposal to dedicate November meeting to savingthe Internet from the NSA, Pete Resnick
Indexes:  [Date] [Thread] [Top] [All Lists]