ietf
[Top] [All Lists]

Re: IESG meeting thoughts

2016-05-17 12:11:15
On Tue, May 17, 2016 at 12:58 PM, Michael Richardson 
<mcr+ietf(_at_)sandelman(_dot_)ca>
wrote:


Phillip Hallam-Baker <phill(_at_)hallambaker(_dot_)com> wrote:
    > Right now I am working on technology that makes end-to-end security
practical
    > and usable.

This is awesome; I'm hoping that microsoft, apple and google will pay
attention and collaborate.  In the 1990s, I think that one reason we wound
up
where we did was because the work was being done by academics and later by
dot-com startups.  Who has the resources to collaborate with you?


Right now the problem seems to be that everyone wants to play to be the
only king of the castle like they did with instant messaging when it was
the hot thing.

A personal PKI isn't going to give people personal autonomy and freedom if
it binds them to only one provider with purposefully high switching costs.
Nor is it going to have an effective network effect if you can only
communicate with people in the same network as you.


I am busy working on reference code and specs. I should have a significant
system to show in Berlin. It is all open source, MIT license and on GitHub,




    > Using off the shelf mail applications with the Mathematical Mesh
    > is actually easier than using them without. But there are some
features I
    > have added to meet real end user needs that we would never have
considered in
    > the 1990s. In particular a key backup and recovery option that is
turned on
    > by default.

    > Why do real users need key recovery? Well without the ability to
recover a
    > lost key, a protocol that encrypts stored data becomes worse than
ransomware.
    > There isn't even the option of paying a criminal to get your data
back.

That's very true.
I have been wondering, in the context of Apple's improvement to device
security, how the untimely death of a person will be dealt with.


These are serious problems that have to be planned for. Right now I have
code to do Shamir keysharing to escrow the long term escrow keys. But if
people want to use this as a life long personal security infrastructure,
they need to be able to identify some papers as being so personal that they
die with them and others that become public on their death. For example
where I buried Aunt Agatha's jewelry is something I want to make public.
Where I buried Aunt Agatha, is not.



    > Another critical security technology that we managed to allow
ourselves to be
    > persuaded was 'evil' is trustworthy computing. As a result the WebPKI

It wasn't trustworthy, because they refused peer review.
We couldn't even get Intel to reveal pre-whitened random numbers!
(correct me they ever fixed that...)


Well, see my recent work on multi-party key generation. When we make the
move to DH based crypto puzzles with Elliptic Curve and beyond, I have
schemes that allow you to make use of the security hardening properties of
onboard crypto without revealing all of the private key to that system.
<Prev in Thread] Current Thread [Next in Thread>