IETF Logo Mail Archive

Re: Bruce Schneier's Proposal to dedicate November meeting to savingthe Internet from the NSA

Pete Resnick <presnick@qti.qualcomm.com> Fri, 06 September 2013 13:21 UTC

Return-Path: <presnick@qti.qualcomm.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2609911E8193 for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 06:21:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.583
X-Spam-Level:
X-Spam-Status: No, score=-102.583 tagged_above=-999 required=5 tests=[AWL=0.016, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Bs+8R1WeOsJ for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 06:20:58 -0700 (PDT)
Received: from sabertooth01.qualcomm.com (sabertooth01.qualcomm.com [65.197.215.72]) by ietfa.amsl.com (Postfix) with ESMTP id AFD0B11E8145 for <ietf@ietf.org>; Fri, 6 Sep 2013 06:20:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qcdkim; t=1378473657; x=1410009657; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=q0AEQMw3wbhNSURcb9XkHaJE7j/yF0iwLjLuhsG74Tg=; b=bohzxWcMYmnE3v/jLPT9FRQTZ7Py3ukpTnCSgRLXwU8ZenpLzGk/fz5e y05cD87+tnzct/tPSCCb85UzYnDBHMyU6g/JGb4dbj31LKJfazmVH0Ras xKGrKJFFR5KltOrWe+DNBb5gHmABF+uCtarTDfMYgL0Nl5uQQx4m7GYu3 o=;
X-IronPort-AV: E=McAfee;i="5400,1158,7189"; a="50965513"
Received: from ironmsg03-r.qualcomm.com ([172.30.46.17]) by sabertooth01.qualcomm.com with ESMTP; 06 Sep 2013 06:20:56 -0700
X-IronPort-AV: E=McAfee;i="5400,1158,7189"; a="543012979"
Received: from nasanexhc08.na.qualcomm.com ([172.30.39.7]) by Ironmsg03-R.qualcomm.com with ESMTP/TLS/RC4-SHA; 06 Sep 2013 06:20:56 -0700
Received: from presnick-mac.local (172.30.39.5) by qcmail1.qualcomm.com (172.30.39.7) with Microsoft SMTP Server (TLS) id 14.3.146.2; Fri, 6 Sep 2013 06:20:54 -0700
Message-ID: <5229D6B0.1040709@qti.qualcomm.com>
Date: Fri, 06 Sep 2013 06:20:48 -0700
From: Pete Resnick <presnick@qti.qualcomm.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.7; en-US; rv:1.9.1.9) Gecko/20100630 Eudora/3.0.4
MIME-Version: 1.0
To: "t.p." <daedulus@btconnect.com>
Subject: Re: Bruce Schneier's Proposal to dedicate November meeting to savingthe Internet from the NSA
References: <5F053C0B-4678-4680-A8BF-62FF282ADDCE@softarmor.com><alpine.BSF.2.00.1309051743130.47262@hiroshima.bogus.com><52293197.1060809@gmail.com><CAMm+LwjdN478yyU=J7=GTpQxqtdgP8wtdEtna50X+WtA-bV3hg@mail.gmail.com><52294BDC.4060707@gmail.com><20130906033254.GH62204@mx1.yitter.info> <CAMm+Lwg9kJymBWaEXwZfQ=P5Uo-UmYoNvvzewnXjUu+mhg+QTQ@mail.gmail.com> <006001ceaad6$61f39640$4001a8c0@gateway.2wire.net>
In-Reply-To: <006001ceaad6$61f39640$4001a8c0@gateway.2wire.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [172.30.39.5]
Cc: IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2013 13:21:02 -0000

On 9/6/13 12:54 AM, t.p. wrote:
> ----- Original Message -----
> From: "Phillip Hallam-Baker" <hallam@gmail.com>
> Cc: "IETF Discussion Mailing List" <ietf@ietf.org>
> Sent: Friday, September 06, 2013 4:56 AM
>
>> The design I think is practical is to eliminate all UI issues by 
>> insisting that encryption and decryption are transparent. Any email 
>> that can be sent encrypted is sent encrypted.
>
> That sounds like the 'End User Fallacy number one' that I encounter 
> all the time in my work. If only everything were encrypted, then we 
> would be completely safe.

Actually, I disagree that this fallacy is at play here. I think we need 
to separate the concept of end-to-end encryption from authentication 
when it comes to UI transparency. We design UIs now where we get in the 
user's face about doing encryption if we cannot authenticate the other 
side and we need to get over that. In email, we insist that you 
authenticate the recipient's certificate before we allow you to install 
it and to start encrypting, and prefer to send things in the clear until 
that is done. That's silly and is based on the assumption that 
encryption isn't worth doing *until* we know it's going to be done 
completely safely. We need to separate the trust and guarantees of 
safeness (which require *later* out-of-band verification) from the whole 
endeavor of getting encryption used in the first place.

pr

-- 
Pete Resnick<http://www.qualcomm.com/~presnick/>
Qualcomm Technologies, Inc. - +1 (858)651-4478

v2.23.0 | Report a Bug | By Email