On 13/07/11 9:25 AM, Marsh Ray wrote:
On 07/12/2011 04:24 PM, Zooko O'Whielacronx wrote:
On Tue, Jul 12, 2011 at 11:10 AM, Hill, Brad<bh...@paypal-inc.com>
wrote:
I have found that when H3 meets deployment and use, the reality
too often becomes: "Something's gotta give." We haven't yet found
a way to hide enough of the complexity of security to make it
free, and this inevitably causes conflicts with goals like
adoption.
This is an excellent objection. I think this shows that most crypto
systems have bad usability in their key management (SSL, PGP). People
don't use such systems if they can help it, and when they do they
often use them wrong.
But the entire purpose of securing a system is to deny access to the
protected resource.
And that's why it doesn't work; we end up denying access to the
protected resource.
Security is just another function of business, it's not special. The
purpose of security is to improve the profitability of the resource.
Protecting it is one tool to serve security & profits, and
re-engineering it so it doesn't need any protection is another tool...
There are many such tools :)
In the case of systems susceptible to potential
phishing attacks, we even require that the user themselves be the one to
decline access to the system!
Everyone here knows about the inherent security-functionality tradeoff.
I think it's such a law of nature that any control must present at least
some cost to the legitimate user in order to provide any effective
security. However, we can sometimes greatly optimize this tradeoff and
provide the best tools for admins to manage the system's point on it.
Not at all. I view this as hubris from those struggling to make
security work from a technical pov, from within the box. Once you start
to learn the business and the human interactions, you are looking
outside your techie box. From the business, you discover many
interesting things that allow you to transfer the info needed to make
the security look free.
A couple of examples: Skype works because people transfer their
introductions first over other channels, "hey, my handle is bobbob", and
then secondly over the packet network. It works because it uses the
humans to do what they do naturally.
2nd. When I built a secure payment system, I was able to construct a
complete end-to-end public infrastructure without central points of
trust (like with CAs). And I was able to do it completely. The reasons
is that the start of the conversation was always a. from person to
person, and b. concerning a financial instrument. So the financial
instrument was turned into a contract with embedded crypto keys. Alice
hands Bob the contract, and his softwate then bootstraps to fully
secured comms.
Hoping to find security "for free" somewhere is akin to looking for free
energy. The search may be greatly educational or produce very useful
related discoveries, but at the end of the day the laws of
thermodynamics are likely to remain satisfied.
:)
Those looking for no-cost or extremely low-cost security either don't
place a high value on the protected resource or, given the options they
have imagined them, that they may profit more by the system being in the
less secure state. Sometimes they haven't factored all the options into
their cost-benefit analysis. Sometimes it never occurs to them that the
cost of a security failure can be much much greater than the nominal
value of the thing being protected (ask Sony).
No, it's much simpler than that: denying someone security because they
don't push the right buttons is stilly denying them security. The
summed benefit of internet security protocols typically goes up with the
number of users, not with the reduction of flaws. The techie view has
it backwards.
...
So even if you're a web site just selling advertising and your users'
personal information, security is a feature that attracts and retains
users, specifically those who value their _own_ stuff. (Hint hint: this
is the kind with money to spend with your advertisers.) Smart people
value their own time most of all and would find it a major pain to have
to put everything back in order after some kind of compromise.
This is a curiousity to me; has anyone actually figured out how to find
a marketplace full of security conscious users? Was there ever such a
product where vendors successfully relied upon the users' good security
sense?
...
I hope there was a coherent point in all of that somewhere :-) I know
I'm preaching to the choir but Brad seemed to be asking for arguments of
this sort.
:)
iang
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
