Phillip Hallam-Baker <phill(_at_)hallambaker(_dot_)com> wrote:
> Right now I am working on technology that makes end-to-end security
practical
> and usable.
This is awesome; I'm hoping that microsoft, apple and google will pay
attention and collaborate. In the 1990s, I think that one reason we wound up
where we did was because the work was being done by academics and later by
dot-com startups. Who has the resources to collaborate with you?
> Using off the shelf mail applications with the Mathematical Mesh
> is actually easier than using them without. But there are some features I
> have added to meet real end user needs that we would never have
considered in
> the 1990s. In particular a key backup and recovery option that is turned
on
> by default.
> Why do real users need key recovery? Well without the ability to recover a
> lost key, a protocol that encrypts stored data becomes worse than
ransomware.
> There isn't even the option of paying a criminal to get your data back.
That's very true.
I have been wondering, in the context of Apple's improvement to device
security, how the untimely death of a person will be dealt with.
> Another critical security technology that we managed to allow ourselves
to be
> persuaded was 'evil' is trustworthy computing. As a result the WebPKI
It wasn't trustworthy, because they refused peer review.
We couldn't even get Intel to reveal pre-whitened random numbers!
(correct me they ever fixed that...)
> code signing infrastructures use private keys that are stored on the
machine
> itself, in many cases in plaintext but with security through obscurity at
> best. But we have the technology that would allow us to bind those private
> keys to servers in such a way that they can be used but not extracted
without
> physical access to the machine itself and a significant degree of
technical
> effort.
The cryptech.is effort needs more resources I think.
> What is popular and commonly agreed in computing isn't always the right
> thing. Security is allowing our users to control risk, not defeating the
> political objectives of Louis Freeh or the RIAA.
Agreed.
--
Michael Richardson <mcr+IETF(_at_)sandelman(_dot_)ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature