Re: Why the poor uptake of encrypted email? [Was: Re: Secrets and cell phones.]
-- We discovered, however, that most people do not want to manage their own secrets StealthMonger wrote: This may help to explain the poor uptake of encrypted email. There is very good uptake of skype and ssh, because those impose no or very little additional cost on the end user. Secret management is almost furtively sneaked in on the back of other tasks. It would be useful to know exactly what has been discovered. Can you provide references? It is informal knowledge. A field has references when it is a science, or attempting to become a science, or pretending to become a science. Security is not yet even an art. Cryptography is an art that dubiously pretends to science, but the weak point of course is interaction of humans with the cryptography, in which area we have not even the pretense of art. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Why the poor uptake of encrypted email? [Was: Re: Secrets and cell phones.]
On 8 Dec 2008, at 22:43, David G. Koontz wrote: JOHN GALT wrote: StealthMonger wrote: This may help to explain the poor uptake of encrypted email. It would be useful to know exactly what has been discovered. Can you provide references? The iconic Paper explaining this is Why Johnny Can't Encrypt available here: http://portal.acm.org/citation.cfm?id=1251435 Available from the Authors: http://gaudior.net/alma/johnny.pdf A later follow up (s/mime; more focus on the KDC): http://www.simson.net/clips/academic/2005.SOUPS.johnny2.pdf is IMHO more interesting - as it explores a more realistic hostile scenario, seems to pinpoint the core security issue better; and goes to some length to evaluate remedial steps. And it does show that a large swath of issues in PGP are indeed solvable/solved (now) Thanks, Dw - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Why the poor uptake of encrypted email? [Was: Re: Secrets and cell phones.]
James A. Donald [EMAIL PROTECTED] writes: Of course, the old cypherpunk dream is a system with end to end encryption, with individuals having the choice of holding their own secrets, rather than these secrets being managed by some not very trusted authority We discovered, however, that most people do not want to manage their own secrets This may help to explain the poor uptake of encrypted email. It would be useful to know exactly what has been discovered. Can you provide references? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Why the poor uptake of encrypted email? [Was: Re: Secrets and cell phones.]
StealthMonger wrote: This may help to explain the poor uptake of encrypted email. It would be useful to know exactly what has been discovered. Can you provide references? The iconic Paper explaining this is Why Johnny Can't Encrypt available here: http://portal.acm.org/citation.cfm?id=1251435 JOHN ;) Timestamp: Monday 08 Dec 2008, 16:13 --500 (Eastern Standard Time) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Why the poor uptake of encrypted email? [Was: Re: Secrets and cell phones.]
JOHN GALT wrote: StealthMonger wrote: This may help to explain the poor uptake of encrypted email. It would be useful to know exactly what has been discovered. Can you provide references? The iconic Paper explaining this is Why Johnny Can't Encrypt available here: http://portal.acm.org/citation.cfm?id=1251435 Available from the Authors: http://gaudior.net/alma/johnny.pdf http://www.cs.berkeley.edu/~tygar/papers/Why_Johnny_Cant_Encrypt/OReilly.pdf (For those of us not ACM members and not having Library or affliate access). There's also a power point presentation on the cognitive dissonance involved: http://www.nku.edu/~waldenj1/classes/2006/spring/csc593/presentations/Johnny.ppt And something done at Carnegie Mellon: http://cups.cs.cmu.edu/courses/ups-sp06/notes/060202LectureNotes.doc http://cups.cs.cmu.edu/courses/ups-sp06/slides/060202-user-tests2.ppt - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Secrets and cell phones.
A sim card contains a shared symmetric secret that is known to the network operator and to rather too many people on the operator's staff, and which could be easily discovered by the phone holder - but which is very secure against everyone else. This means that cell phones provide authentication that is secure against everyone except the network operator, which close to what we need for financial transactions. The network operator maps this narrowly shared secret to a phone number. The phone number, which once upon a time directly controlled equipment that makes connections, is now a database key to the secret. There are now send-money-to-and-from-phone-number systems in Canada http://digitaldebateblogs.typepad.com/digital_identity/2008/10/sos-sms.html, in South Africa, and in various third world countries with collapsed banking systems. At present, each of these systems sits in its own narrow little silo - you cannot send money from a Canadian phone number directly to a South Africa phone number, and, despite being considerably more secure than computer sign on to your bank, are limited to small amounts of money, probably to appease the banking cartel and the money laundering controls. Skype originally planned to introduce such a system, which would have been a world wide system, skype id to skype id, but backed off, perhaps because of possible regulatory reprisals, perhaps because computers are insufficiently secure. If you click on the spot in the UI that would have connected you to Skype's offering, you instead get an ad for paypal. Of course, the old cypherpunk dream is a system with end to end encryption, with individuals having the choice of holding their own secrets, rather than these secrets being managed by some not very trusted authority, and with these secrets enabling transfer of money, in the form of a yurls representing a sum of money, from one yurl representing an id, to another yurl reprsenting an id. We discovered, however, that most people do not want to manage their own secrets, and that today's operating systems are not a safe place on which to store valuable secrets. We know in principle how to make operating systems safe enough http://jim.com/security/safe_operating_system.html, but for the moment readily transferable money is coming in through systems with centralized access to keys, and there is no other way to do it. If the mapping of phone numbers to true names is sufficiently weak, (few of my phone numbers are mapped to my true name) centralized access to symmetric keys is not too bad. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]