On 10/10/13 20:12, Michael Rogers wrote: > On 10/10/13 09:29, Guido Witmond wrote: >>> It looks like you've worked around the UX issues by inserting an >>> EC-aware proxy between the client and server. Who would be >>> responsible for deploying such proxies? > >> That proxy lives in the end user's computers. Right now, the user >> needs to install the proxy. I hope to get time and funding to make >> it a Firefox plug in. I hope that when it proofs useful browsers >> will adopt it. > > I hope you manage to persuade browsers to support it, because it seems > like it will be difficult to get sites to adopt EA until their users > can reliably expect it to be supported on every machine they use.
Browser support would be a big breakthrough. > (Sorry for referring to EA as EC in my last email!) It's not a trademark or so. As long as it's clear from the context I'm fine with it. :-) > My family and friends outside the tech community are quite casual > about logging into their accounts from friends' machines, work > machines, internet cafes, etc. It's all very well for us to say that's > a bad idea, but we can't deny it's convenient to be able to log in > from anywhere with nothing but a password. If the computers and browsers were designed to protect the users against many risks, it would not be a problem. However, most browsers are designed by companies that don't deliver that promise. We are slowly getting there with things like sandboxing, partitioning. See qubes-os.org and Genode.org. There is also the cryptostick, a usb/smartcard combo. The first generation can hold only 3 keys. When we have one that can hold a few hundred, it makes it easier. People can carry them along. As each certificate/key only fits one site, the amount of damage is limited to the sites that any malware can reach. And there are ways to obfuscate the name of the site where that key fits. A hash of the sitename, with a simple password as index to the keys. > I can definitely see the benefits of EA for users who have a few > personal devices that are synced and not shared with other users, and > who value the security of using their own devices more than the > convenience of being able to log in from anywhere. That describes me, > but it doesn't describe most of the people I know. It's a thing that we, system architects/crypto-plumbers need to address. To give a (always flawed) analogy: People expect a Volvo in terms of security when they read the brochure but all they get is a T-Ford. It requires a lot of care to keep it safe and going. I don't blame the people for having these expectations. We need to make it happen. > Perhaps you could think of a killer app for EA that appeals to people > whose habits match the way EA works? One feature is the ease of signing up at web sites. Just click. No more hassles with email address, links to click, waiting for that message to come through the spam filter, grey-lists. Immediate login. That could be a good feature for web shops. No more hassle with making accounts. A single click for customers to create an account, and you have a secure channel for a credit card transaction. As shop, offer a public RSS-feed with promotions instead of an email list. Make an encrypted RSS-feed and you have a personalised channel. Now make it tempting for customers to sign up and you get to see what each customer is interested in. If you send to much, your customers can unsubscribe by deleting the feed in their browser, knowing that you cannot reach them anymore. When they come back, you know it to if they use the same account. Otherwise, learn to be less agressive. Treat your customers as kings, and they appreciate it. Another (not a killer)-feature (for users) is that they are in control of the account. When they delete the private key, their account is closed. No one else can come later and claim the account. Unless they copied the private key beforehand. A benefit for site operators is that there is no personal data lying around in case of a breach of the server. Some european politicians already propose heavy fines (500.000 euros) for leaking personal details. Even if your customer was so stupid to re-use their gmail password for your little shop, you get the blame for leaking it. A smaller benefit, all traffic between you and your customer is encrypted so there can be no spying by people that want to plaster their advertisement onto your shop. What Phorm in the UK tried to do. This is all possible just by having a local CA that signs client certificates and a user agent that uses that. I hope you this list offers anything to kill for? Regards, Guido.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
