Re: Bruce Schneier's Proposal to dedicate November meeting to savingthe Internet from the NSA
Phillip Hallam-Baker <hallam@gmail.com> Sat, 07 September 2013 00:36 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56A2811E80EA for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 17:36:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.876
X-Spam-Level:
X-Spam-Status: No, score=-2.876 tagged_above=-999 required=5 tests=[AWL=0.483, BAYES_00=-2.599, GB_I_LETTER=-2, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, SARE_LWSHORTT=1.24]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JRt8gjSOOqSV for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 17:36:26 -0700 (PDT)
Received: from mail-lb0-x233.google.com (mail-lb0-x233.google.com [IPv6:2a00:1450:4010:c04::233]) by ietfa.amsl.com (Postfix) with ESMTP id 678BB11E80D9 for <ietf@ietf.org>; Fri, 6 Sep 2013 17:36:21 -0700 (PDT)
Received: by mail-lb0-f179.google.com with SMTP id x18so3424834lbi.38 for <ietf@ietf.org>; Fri, 06 Sep 2013 17:36:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=b2Yo24WqJlyUNhl0Eph0Z22I6GvwJ8cuLF0dtk+UYpM=; b=qnow2GMMAvxmYKMItlHo09Iu4411LPS5h5XBSAgnrTzy49CI1Ca7p7l1r6JJNspXt4 XVtMM7nmp6E+92NDjLjBWqLYSec3G20YmJfRX0o+ia8/7mqZvzIZbZLMygJE81ks1Nxa AsDbAb++kGfgYcRe9MkI+t7lLIDLX5icP4ws8RnXf7lM97Q+1FzIIgvV4rcIV5oh2uo+ OCBYouwdwLfpME60BrEq2zigoJeNjFaE1DotzdPtmsqXFvJG8MLLLo4m0fkQsWCQ53al VIgDyG+ehnceHWqS1G/g6VaEqj7cpJEWb0N3GMqzoyX6ug4Oc3xN77/zkXsv9qRFx8VC 7WNw==
MIME-Version: 1.0
X-Received: by 10.112.156.166 with SMTP id wf6mr4981428lbb.13.1378514180263; Fri, 06 Sep 2013 17:36:20 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Fri, 6 Sep 2013 17:36:20 -0700 (PDT)
In-Reply-To: <5229D6B0.1040709@qti.qualcomm.com>
References: <5F053C0B-4678-4680-A8BF-62FF282ADDCE@softarmor.com> <alpine.BSF.2.00.1309051743130.47262@hiroshima.bogus.com> <52293197.1060809@gmail.com> <CAMm+LwjdN478yyU=J7=GTpQxqtdgP8wtdEtna50X+WtA-bV3hg@mail.gmail.com> <52294BDC.4060707@gmail.com> <20130906033254.GH62204@mx1.yitter.info> <CAMm+Lwg9kJymBWaEXwZfQ=P5Uo-UmYoNvvzewnXjUu+mhg+QTQ@mail.gmail.com> <006001ceaad6$61f39640$4001a8c0@gateway.2wire.net> <5229D6B0.1040709@qti.qualcomm.com>
Date: Fri, 06 Sep 2013 20:36:20 -0400
Message-ID: <CAMm+LwhF7orC=Pkqpmx1PoZE_r8vMHP+SbW_9D-y-NKZ6g=wsA@mail.gmail.com>
Subject: Re: Bruce Schneier's Proposal to dedicate November meeting to savingthe Internet from the NSA
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Pete Resnick <presnick@qti.qualcomm.com>
Content-Type: multipart/alternative; boundary="001a11c18e7a0855c504e5c058e6"
Cc: IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Sep 2013 00:36:37 -0000
On Fri, Sep 6, 2013 at 9:20 AM, Pete Resnick <presnick@qti.qualcomm.com>wrote: > On 9/6/13 12:54 AM, t.p. wrote: > >> ----- Original Message ----- >> From: "Phillip Hallam-Baker" <hallam@gmail.com> >> Cc: "IETF Discussion Mailing List" <ietf@ietf.org> >> Sent: Friday, September 06, 2013 4:56 AM >> >> The design I think is practical is to eliminate all UI issues by >>> insisting that encryption and decryption are transparent. Any email that >>> can be sent encrypted is sent encrypted. >>> >> >> That sounds like the 'End User Fallacy number one' that I encounter all >> the time in my work. If only everything were encrypted, then we would be >> completely safe. >> > > Actually, I disagree that this fallacy is at play here. I think we need to > separate the concept of end-to-end encryption from authentication when it > comes to UI transparency. We design UIs now where we get in the user's face > about doing encryption if we cannot authenticate the other side and we need > to get over that. In email, we insist that you authenticate the recipient's > certificate before we allow you to install it and to start encrypting, and > prefer to send things in the clear until that is done. That's silly and is > based on the assumption that encryption isn't worth doing *until* we know > it's going to be done completely safely. We need to separate the trust and > guarantees of safeness (which require *later* out-of-band verification) > from the whole endeavor of getting encryption used in the first place. Actually, let me correct my earlier statement. I believe that UIs fail because they require too much effort from the user and they fail because they present too little information. Many times they do both. What I have been looking at as short term is how to make sending and receiving secure email to be ZERO effort and how to make initialization no more difficult than installing and configuring a regular email app. And I think I can show how that can be done. And I think that is a part of the puzzle we can just start going to work on in weeks without having to do usability studies. The other part, too little (or inconsistent) information is also a big problem. Take the email I got from gmail this morning telling me that someone tried to access my email from Sao Paulo. The message told me to change my password but did not tell me that the attacker had known my password. That is a problem of too little information. The problem security usability often faces is that the usability mafia are trained how to make things easy to learn in ten minutes because that is how to sell a product. They are frequently completely clueless when it comes to making software actually easy to use long term. Apple, Google and Microsoft are all terrible at this. They all hide information the user needs to know. I have some ideas on how to fix that problem as well, in fact I wrote a whole chapter in my book suggesting how to make email security usable by putting an analog of the corporate letterhead onto emails. But that part is a longer discussion and focuses on authentication rather than confidentiality. The perfect is the enemy of the good. I think that the NSA/GCHQ has often managed to discourage the use of crypto by pushing the standards community to make the pudding so rich nobody can eat it. -- Website: http://hallambaker.com/
- Bruce Schneier's Proposal to dedicate November me… Dean Willis
- Re: Bruce Schneier's Proposal to dedicate Novembe… Martin Millnert
- Re: Bruce Schneier's Proposal to dedicate Novembe… Lucy Lynch
- Re: Bruce Schneier's Proposal to dedicate Novembe… Brian E Carpenter
- Re: Bruce Schneier's Proposal to dedicate Novembe… cb.list6
- Re: Bruce Schneier's Proposal to dedicate Novembe… Ted Lemon
- Re: Bruce Schneier's Proposal to dedicate Novembe… Ted Lemon
- Re: Bruce Schneier's Proposal to dedicate Novembe… Phillip Hallam-Baker
- Re: Bruce Schneier's Proposal to dedicate Novembe… Noel Chiappa
- Re: Bruce Schneier's Proposal to dedicate Novembe… Brian E Carpenter
- Re: Bruce Schneier's Proposal to dedicate Novembe… Dave Crocker
- Re: Bruce Schneier's Proposal to dedicate Novembe… Brian E Carpenter
- Re: Bruce Schneier's Proposal to dedicate Novembe… Melinda Shore
- Re: Bruce Schneier's Proposal to dedicate Novembe… Vinayak Hegde
- Re: Bruce Schneier's Proposal to dedicate Novembe… Andrew Sullivan
- Re: Bruce Schneier's Proposal to dedicate Novembe… Vinayak Hegde
- Re: Bruce Schneier's Proposal to dedicate Novembe… Noel Chiappa
- Re: Bruce Schneier's Proposal to dedicate Novembe… Phillip Hallam-Baker
- Re: Bruce Schneier's Proposal to dedicate Novembe… Phillip Hallam-Baker
- Re: Bruce Schneier's Proposal to dedicate Novembe… Randy Bush
- Re: Bruce Schneier's Proposal to dedicate Novembe… Melinda Shore
- Re: Bruce Schneier's Proposal to dedicate Novembe… Jari Arkko
- Re: Bruce Schneier's Proposal to dedicate Novembe… Eliot Lear
- Re: Bruce Schneier's Proposal to dedicate Novembe… Jari Arkko
- Re: Bruce Schneier's Proposal to dedicate Novembe… SM
- Re: Bruce Schneier's Proposal to dedicate Novembe… Måns Nilsson
- Re: Bruce Schneier's Proposal to dedicate Novembe… Hannes Tschofenig
- Re: Bruce Schneier's Proposal to dedicate Novembe… Adam Novak
- Re: Bruce Schneier's Proposal to dedicate Novembe… t.p.
- Re: Bruce Schneier's Proposal to dedicate Novembe… Vinayak Hegde
- Re: Bruce Schneier's Proposal to dedicate Novembe… Hannes Tschofenig
- Re: Bruce Schneier's Proposal to dedicate Novembe… Stewart Bryant
- Re: Bruce Schneier's Proposal to dedicate Novembe… Stephen Farrell
- Re: Bruce Schneier's Proposal to dedicate Novembe… Hannes Tschofenig
- Re: Bruce Schneier's Proposal to dedicate Novembe… Jorge Amodio
- Re: Bruce Schneier's Proposal to dedicate Novembe… Peter Saint-Andre
- Re: Bruce Schneier's Proposal to dedicate Novembe… Alan Johnston
- Re: Bruce Schneier's Proposal to dedicate Novembe… Martin Sustrik
- Re: Bruce Schneier's Proposal to dedicate Novembe… Eliot Lear
- Re: Bruce Schneier's Proposal to dedicate Novembe… Pete Resnick
- Re: Bruce Schneier's Proposal to dedicate Novembe… Scott Brim
- Re: Bruce Schneier's Proposal to dedicate Novembe… Bjoern Hoehrmann
- Re: Bruce Schneier's Proposal to dedicate Novembe… Noel Chiappa
- Re: Bruce Schneier's Proposal to dedicate Novembe… Dave Crocker
- Re: Bruce Schneier's Proposal to dedicate Novembe… John C Klensin
- Re: Bruce Schneier's Proposal to dedicate Novembe… Theodore Ts'o
- Re: Bruce Schneier's Proposal to dedicate Novembe… Theodore Ts'o
- Re: Bruce Schneier's Proposal to dedicate Novembe… Tony Finch
- Re: Bruce Schneier's Proposal to dedicate Novembe… Theodore Ts'o
- Re: Bruce Schneier's Proposal to dedicate Novembe… Stefan Winter
- Re: Bruce Schneier's Proposal to dedicate Novembe… Pete Resnick
- Re: Bruce Schneier's Proposal to dedicate Novembe… Joe Abley
- Re: Bruce Schneier's Proposal to dedicate Novembe… Noel Chiappa
- Re: Bruce Schneier's Proposal to dedicate Novembe… Scott Brim
- Re: Bruce Schneier's Proposal to dedicate Novembe… Dave Crocker
- Re: Bruce Schneier's Proposal to dedicate Novembe… John C Klensin
- Re: Bruce Schneier's Proposal to dedicate Novembe… Brian Trammell
- Re: Bruce Schneier's Proposal to dedicate Novembe… Ted Lemon
- Re: Bruce Schneier's Proposal to dedicate Novembe… Stephane Bortzmeyer
- Re: Bruce Schneier's Proposal to dedicate Novembe… Pete Resnick
- Re: Bruce Schneier's Proposal to dedicate Novembe… Scott Brim
- Re: Bruce Schneier's Proposal to dedicate Novembe… John C Klensin
- Re: Bruce Schneier's Proposal to dedicate Novembe… Ted Lemon
- Re: Bruce Schneier's Proposal to dedicate Novembe… Dave Crocker
- Re: Bruce Schneier's Proposal to dedicate Novembe… John C Klensin
- Re: Bruce Schneier's Proposal to dedicate Novembe… SM
- Re: Bruce Schneier's Proposal to dedicate Novembe… Spencer Dawkins
- Re: Bruce Schneier's Proposal to dedicate Novembe… Tony Finch
- Re: Bruce Schneier's Proposal to dedicate Novembe… Arturo Servin
- Re: Bruce Schneier's Proposal to dedicate Novembe… Noel Chiappa
- Re: Bruce Schneier's Proposal to dedicate Novembe… Hannes Tschofenig
- Re: Bruce Schneier's Proposal to dedicate Novembe… Hannes Tschofenig
- Re: Bruce Schneier's Proposal to dedicate Novembe… Abdussalam Baryun
- Re: Bruce Schneier's Proposal to dedicate Novembe… Michael Richardson
- Re: Bruce Schneier's Proposal to dedicate Novembe… Adam Novak
- Re: Bruce Schneier's Proposal to dedicate Novembe… Spencer Dawkins
- Re: Bruce Schneier's Proposal to dedicate Novembe… Dean Willis
- RE: Bruce Schneier's Proposal to dedicate Novembe… George, Wes
- Re: Bruce Schneier's Proposal to dedicate Novembe… Dean Willis
- Re: Bruce Schneier's Proposal to dedicate Novembe… Dave Crocker
- Re: Bruce Schneier's Proposal to dedicate Novembe… Ted Lemon
- Re: Bruce Schneier's Proposal to dedicate Novembe… Keith Moore
- Teachable moment Brian E Carpenter
- Re: Bruce Schneier's Proposal to dedicate Novembe… Måns Nilsson
- Re: Bruce Schneier's Proposal to dedicate Novembe… SM
- Re: Bruce Schneier's Proposal to dedicate Novembe… David Conrad
- Re: Bruce Schneier's Proposal to dedicate Novembe… Tim Bray
- Re: Bruce Schneier's Proposal to dedicate Novembe… Ted Lemon
- Re: Bruce Schneier's Proposal to dedicate Novembe… David Morris
- Re: Bruce Schneier's Proposal to dedicate Novembe… Scott Brim
- Re: Bruce Schneier's Proposal to dedicate Novembe… SM
- Re: Bruce Schneier's Proposal to dedicate Novembe… Dave Crocker
- Re: Bruce Schneier's Proposal to dedicate Novembe… Phillip Hallam-Baker
- Re: Bruce Schneier's Proposal to dedicate Novembe… Patrik Fältström
- Re: Bruce Schneier's Proposal to dedicate Novembe… Jorge Amodio
- Re: Bruce Schneier's Proposal to dedicate Novembe… Patrik Fältström
- Re: Bruce Schneier's Proposal to dedicate Novembe… Phillip Hallam-Baker
- Re: Bruce Schneier's Proposal to dedicate Novembe… ned+ietf
- Re: Bruce Schneier's Proposal to dedicate Novembe… Ted Lemon
- Equably when it comes to privacy SM
- Re: Equably when it comes to privacy Phillip Hallam-Baker
- Re: Equably when it comes to privacy Jorge Amodio
- Re: Equably when it comes to privacy Phillip Hallam-Baker
- Re: Equably when it comes to privacy Scott Kitterman
- Re: Equably when it comes to privacy SM
- Re: Equably when it comes to privacy joel jaeggli
- Re: Equably when it comes to privacy Janet P Gunn
- RE: Bruce Schneier's Proposal to dedicate Novembe… l.wood
- Re: Bruce Schneier's Proposal to dedicate Novembe… John C Klensin
- Re: Equably when it comes to privacy SM
- Re: Equably when it comes to privacy joel jaeggli
- RE: Bruce Schneier's Proposal to dedicate Novembe… l.wood
- Re: Bruce Schneier's Proposal to dedicate Novembe… Ross Finlayson
- Re: Bruce Schneier's Proposal to dedicate Novembe… Eliot Lear
- Re: Teachable moment Jari Arkko
- Re: Bruce Schneier's Proposal to dedicate Novembe… Erik Nordmark
- Re: Equably when it comes to privacy Abdussalam Baryun
- Re: Bruce Schneier's Proposal to dedicate Novembe… Tobias Gondrom
- Re: Bruce Schneier's Proposal to dedicate Novembe… Tobias Gondrom
- Re: Bruce Schneier's Proposal to dedicate Novembe… Phillip Hallam-Baker