Re: Bruce Schneier's Proposal to dedicate November meeting to savingthe Internet from the NSA

Pete Resnick <presnick@qti.qualcomm.com> Fri, 06 September 2013 14:38 UTC

Return-Path: <presnick@qti.qualcomm.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2752811E817F for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 07:38:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.571
X-Spam-Level:
X-Spam-Status: No, score=-106.571 tagged_above=-999 required=5 tests=[AWL=0.028, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OyXeRNX2Iz1c for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 07:38:08 -0700 (PDT)
Received: from wolverine02.qualcomm.com (wolverine02.qualcomm.com [199.106.114.251]) by ietfa.amsl.com (Postfix) with ESMTP id 3443911E8128 for <ietf@ietf.org>; Fri, 6 Sep 2013 07:38:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qcdkim; t=1378478287; x=1410014287; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=PlHetFzzvkQ2qFQNgoZKf/drLMJCbgnIAEht0p8zCJI=; b=beOYmvO6XAV30sokqBi1Uw9zBAz9PY6uGaacm2dIBH+XzcErY0tsqnbG lI5+HppltKBFXqpg2iSgdbcxlgCFWYHnQVeDD+/CV2edJKOEqFtCk6nO/ seJAa/xSzDPQVaWNG6AXDPqb6Nj5DhqJPwcuqToYtu3KkXh/QLPoVHuVw A=;
X-IronPort-AV: E=McAfee;i="5400,1158,7189"; a="73012821"
Received: from ironmsg04-r.qualcomm.com ([172.30.46.18]) by wolverine02.qualcomm.com with ESMTP; 06 Sep 2013 07:38:07 -0700
X-IronPort-AV: E=McAfee;i="5400,1158,7189"; a="596655583"
Received: from nasanexhc08.na.qualcomm.com ([172.30.39.7]) by Ironmsg04-R.qualcomm.com with ESMTP/TLS/RC4-SHA; 06 Sep 2013 07:38:06 -0700
Received: from presnick-mac.local (172.30.39.5) by qcmail1.qualcomm.com (172.30.39.7) with Microsoft SMTP Server (TLS) id 14.3.146.2; Fri, 6 Sep 2013 07:38:04 -0700
Message-ID: <5229E8C8.6060801@qti.qualcomm.com>
Date: Fri, 06 Sep 2013 07:38:00 -0700
From: Pete Resnick <presnick@qti.qualcomm.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.7; en-US; rv:1.9.1.9) Gecko/20100630 Eudora/3.0.4
MIME-Version: 1.0
To: John C Klensin <john-ietf@jck.com>
Subject: Re: Bruce Schneier's Proposal to dedicate November meeting to savingthe Internet from the NSA
References: <5F053C0B-4678-4680-A8BF-62FF282ADDCE@softarmor.com> <alpine.BSF.2.00.1309051743130.47262@hiroshima.bogus.com> <52293197.1060809@gmail.com> <CAMm+LwjdN478yyU=J7=GTpQxqtdgP8wtdEtna50X+WtA-bV3hg@mail.gmail.com> <52294BDC.4060707@gmail.com> <20130906033254.GH62204@mx1.yitter.info> <CAMm+Lwg9kJymBWaEXwZfQ=P5Uo-UmYoNvvzewnXjUu+mhg+QTQ@mail.gmail.com> <006001ceaad6$61f39640$4001a8c0@gateway.2wire.net> <5229D6B0.1040709@qti.qualcomm.com> <59C958339C8533E20B11F2C3@JcK-HP8200.jck.com>
In-Reply-To: <59C958339C8533E20B11F2C3@JcK-HP8200.jck.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [172.30.39.5]
Cc: IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2013 14:38:12 -0000

On 9/6/13 7:02 AM, John C Klensin wrote:
> ...It may still be
> good protection against more casual attacks, but we do the users
> the same disservice by telling them that their transmissions are
> secure under those circumstances that we do by telling them that
> their data are secure when they see a little lock in their web
> browsers.
>
> Certainly "encrypt first, authenticate later" is reasonable if
> one doesn't send anything sensitive until authentication has
> been established, but it seems to me that would require a rather
> significant redesign of how people do things, not just how
> protocols work.
>    

Actually, I think the latter is really what I'm suggesting. We've got do 
the encryption (for both the minimal protection from passive attacks as 
well as setting things up for doing good security later), but we've also 
got to design UIs that not only make it easier for users to deal with 
encrpytion, but change the way people think about it.

(Back when we were working on Eudora, we got user support complaints 
that "people can read my email without typing my password". What they in 
fact meant was that if you started the application, it would normally 
ask for your POP password in order to check mail, but you could always 
click "Cancel" and read the mail that had been previously downloaded. 
Users presumed that since they were being prompted for the password when 
the program launched -- just like what used to happen when they "logged 
in" to read mail on their Unix/etc. accounts -- the password was 
protecting the local data, not that it was only being used to 
authenticate to the server to download mail. You'd ask them why they 
weren't so worried about people reading their Microsoft Word files and 
they'd give you dumb looks. Sometimes you do have to redesign "how 
people do things".)

pr

-- 
Pete Resnick<http://www.qualcomm.com/~presnick/>
Qualcomm Technologies, Inc. - +1 (858)651-4478