On Wed, 13 Mar 2013 05:05:05 -0700 Gregory Maxwell <[email protected]> wrote: > In the hierarchy of risks out there the > number-one-forty-foot-tall-hoking-gorilla risk for users is that they > DO NOT USE ENCRYPTION AT ALL.
Of course, encryption can never work when it's not used :) > All of this has the consequence that when you make authentication or > anti-logging more invasive you produce a small benefit for the tiny > number of users who meet _all_ of these criteria: > > * will always use OTR, even it gets in their way > * won't get auth or logging right without the change > * are exposed to the kind of risks the change addresses (active > attackers / log capture) > * those risks don't moot the protection (log grabber also installs key > logger, active attacker intercepts webpages and gives them trojans) > > With the risk of discouraging the use of security technology for > _everyone_ (including those people). > > I think almost any reasonable estimate of the relative population and > risk sizes results in a conclusion that just about any discouragement > is not acceptable. I had a chat with a few people on that, and while I agree on the premise, I think in this case, the risk of people logging OTR conversations by accident or by negligence if actually far greater than scaring them. In fact, not logging OTR conversations is fairly transparent for the user, most users won't notice until some day they will look for an OTR conversation in their logs --probably not that often for lambda users. I agree that we should avoid scaring non-savvy users at (almost) all cost, but we are dealing with a serious mid-to-long term security issue here, and I think the benefit is non-negligible when you see how small the probability of actually resulting in an immediate dissuasion for any user are. This is also why I am all in favor of the possibility of easily switching to logging the conversation on more mainstream clients (like pidgin or Jitsi). I refused to do so on weechat because weechat and irssi don't exactly aim at easily-scared people. If they chose those clients, they are bound to accept a little smaller usability/security ratio :) But even then, if the "default to not logging' patch was refused, I'd probably have done exactly this as a reasonable compromise. I jsut dislike the idea of being responsible for dangerous behaviors... > > So instead I advocate that increased security take the form of > additional alerts and modes that savvier/higher-risk can opt into > without making basic cryptographic protection less attractive. For > example, don't require disabling logging for OTR— instead add a > no-logging mode where both parties, if running compliant software, do > not log. (if remote party is hostile this can't help in any case) Let > either user in a conversation trigger that mode, and if you turn it > back off your chat partner finds out about it. Allow peer partner > preferences "require logging off for this party", just like we have > for authentication. See my criticism on Greg Troxel's suggestion of adding such notifications in the OTR protocol itself. My main complain is we start trying to provide information on something we have no real control over, and this can easily become deceptive, and create false sense of security, with a little social engineering. > > But for heavens sake, please don't add yet another reason for people > to not use OTR at all. This is the last thing I want to do. But I am sincerely afraid of the consequences of a world where *everyone* encrypts his conversation only to log *everything* to disk in cleartext. By compromising ONE computer, you get information on EVERYONE this person has ever been in contact with, including every encrypted conversation. When facing an encrypted conversation, the attacker now knows that the only thing he needs is wait a little time, steal/seize the target's computer, and calmly read through every conversation he wouldn't ever have been able to spy on in the first place (things predating his passive surveillance, things gone through Tor and off their radar, etc). This is terrifying to me. -- Daniel ".koolfy" Faucon Tel: France : (+33)(0)658/993.700 PGP Fingerprint : 485E 7C63 8D29 F737 FEA2 8CD3 EA05 30E6 15BE 9FA5
signature.asc
Description: PGP signature
_______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
