Re: [openpgp] Manifesto - who is the new OpenPGP for?
Phillip Hallam-Baker <phill@hallambaker.com> Wed, 25 March 2015 15:16 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FD1E1B2A2B for <openpgp@ietfa.amsl.com>; Wed, 25 Mar 2015 08:16:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0mmULj4W6QBt for <openpgp@ietfa.amsl.com>; Wed, 25 Mar 2015 08:16:30 -0700 (PDT)
Received: from mail-la0-x231.google.com (mail-la0-x231.google.com [IPv6:2a00:1450:4010:c03::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 403C61B2A2C for <openpgp@ietf.org>; Wed, 25 Mar 2015 08:16:16 -0700 (PDT)
Received: by labe2 with SMTP id e2so22468288lab.3 for <openpgp@ietf.org>; Wed, 25 Mar 2015 08:16:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=eP7D7AwDwCMpGfogJ4bipEROK4dC5+/UuMXxozWOVXM=; b=SKB6zxXbryxC6HfqRx12zzMWDW9Il07Sk3NSJMZxE8XAy7FioIUB+HeUp6KdKMsayS PqW5J61Z602sBrVhV5gTwLlUXtdF6rtmP0+n1IBBI9bXvaoD7VUHer3BaISZOs8vfmCh 0r8xiyEIc83cVFZQwZt8iqy2nzBBKG1Zk9wqIPNPjLZejeDb8HhAOt0A9HrWhpFDTP+w GHudPrtUuDqHILTb/UwsfdPg3eJTIUkpPxIYbmk0Ib2ojMMmUekJ6AZn8YPjjzSw82wK dBKqNSlg5DMqOYfj3bRqJNVWyzGCBxky+myPrVO1zilx2fCFwP5TjQy6QzEuJUQpIeSf EYuA==
MIME-Version: 1.0
X-Received: by 10.112.147.163 with SMTP id tl3mr3677521lbb.118.1427296574686; Wed, 25 Mar 2015 08:16:14 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.45.203 with HTTP; Wed, 25 Mar 2015 08:16:14 -0700 (PDT)
In-Reply-To: <55126C0D.30807@iridiumlinux.org>
References: <CAA7UWsUz65C0GAQo8Yf7ZOeT9BYy+NLV5pbbPg+Ok0-72ca1eA@mail.gmail.com> <1426721882.4249.72.camel@scientia.net> <5510578A.80304@iang.org> <1427140788.10191.75.camel@scientia.net> <5510B7CF.8060308@iang.org> <1427168189.10191.241.camel@scientia.net> <5511FE82.6010807@iang.org> <CAMm+Lwho7Ri0X6hDBoN4gJvBLkNJ+0UufKketgSK3FFBbgtFUg@mail.gmail.com> <55126C0D.30807@iridiumlinux.org>
Date: Wed, 25 Mar 2015 05:16:14 -1000
X-Google-Sender-Auth: pBFMvjmeBPY688kDIzF3XhHWpnY
Message-ID: <CAMm+Lwh=9oum6Wc9gfAuKcGpNGtd_XC19og2__EHFqGkqkYvtw@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Falcon Darkstar Momot <falcon@iridiumlinux.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/8--jOXg9W7ka7V2Y9PVW97VdIFg>
Cc: IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] Manifesto - who is the new OpenPGP for?
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Mar 2015 15:16:32 -0000
On Tue, Mar 24, 2015 at 10:04 PM, Falcon Darkstar Momot <falcon@iridiumlinux.org> wrote: > In all seriousness, attempts to create useability for any target > audience by committee are probably doomed (even though what we have now > is balked at even by a lot of security professionals). PoC something first. Take a look at the work on http://prismproof.org/ I have done security usability in the past and the bit with the testing lab and one way mirrors. After a while I realized that I didn't need any of it. All that we need to do to achieve usable email security is to make using the secure mail exactly as easy as using insecure. Think that is impossible? I have running code on SourceForge that works with existing mail clients with no plug ins. It is based on S/MIME of course because that is the message format that the clients support. The trust model I am using is actually PGP fingerprints. The configuration tool essentially has only one option, whether to select a CA or not and if so the DNS name of the CA. (Right now the CA registration code is incomplete due to the ACME situation). Regardless of what the user chooses, the tool creates a personal PKI for the user, complete with a self signed root, intermediate, split encryption/decryption keys and a device key for use in key rollovers. This is the CostCo strategy, instead of selling 20 different models with different features, CostCo tells the vendor to provide all the features of the top of the line model at the base model price. Giving every user a 'standard' trust environment allows us to get to a pretty good compromise between security and convenience from the start. Expert users can always enroll supplemental keys which make different security tradeoffs, not escrowing the key provides some protection against a subpoena but introduces a real risk of data loss. To send mail, users just send and receive as normal. The only time a user has to be aware of the encryption is if they want to require the message to be encrypted. As I said, right now the code only supports S/MIME. But I have always planned to add OpenPGP support so I can make use of the PGP keys as well. The key bit of technology is basically taking a bit of design for the web "Take all the information you need to establish a connection and pack it into one identifier that can be cut and pasted". aed9ef23-12393764-64931237?alice@example.com
- Re: [openpgp] New encryption formats for messaging Christoph Anton Mitterer
- Re: [openpgp] New encryption formats for messaging ianG
- Re: [openpgp] New encryption formats for messaging Christoph Anton Mitterer
- Re: [openpgp] New encryption formats for messaging ianG
- Re: [openpgp] New encryption formats for messaging Christoph Anton Mitterer
- [openpgp] Manifesto - who is the new OpenPGP for? ianG
- Re: [openpgp] Manifesto - who is the new OpenPGP … Christoph Anton Mitterer
- Re: [openpgp] Manifesto - who is the new OpenPGP … Phillip Hallam-Baker
- Re: [openpgp] Manifesto - who is the new OpenPGP … Falcon Darkstar Momot
- Re: [openpgp] Manifesto - who is the new OpenPGP … Werner Koch
- Re: [openpgp] Manifesto - who is the new OpenPGP … Stephen Paul Weber
- Re: [openpgp] Manifesto - who is the new OpenPGP … Stephen Paul Weber
- Re: [openpgp] Manifesto - who is the new OpenPGP … Wyllys Ingersoll
- Re: [openpgp] Manifesto - who is the new OpenPGP … Clint Adams
- Re: [openpgp] Manifesto - who is the new OpenPGP … Phillip Hallam-Baker
- Re: [openpgp] Manifesto - who is the new OpenPGP … ianG
- Re: [openpgp] Manifesto - who is the new OpenPGP … ianG
- Re: [openpgp] Manifesto - who is the new OpenPGP … Tim Bray
- Re: [openpgp] Manifesto - who is the new OpenPGP … Phillip Hallam-Baker
- Re: [openpgp] Manifesto - who is the new OpenPGP … Christoph Anton Mitterer
- Re: [openpgp] Manifesto - who is the new OpenPGP … John Kreznar
- Re: [openpgp] Manifesto - who is the new OpenPGP … Werner Koch
- Re: [openpgp] Manifesto - who is the new OpenPGP … Phillip Hallam-Baker
- Re: [openpgp] Manifesto - who is the new OpenPGP … Brian Sniffen
- Re: [openpgp] Manifesto - who is the new OpenPGP … Bill Frantz
- Re: [openpgp] Manifesto - who is the new OpenPGP … Phillip Hallam-Baker
- Re: [openpgp] Manifesto - who is the new OpenPGP … Christoph Anton Mitterer
- Re: [openpgp] Manifesto - who is the new OpenPGP … Christoph Anton Mitterer
- [openpgp] OpenPGP private certification [was: Re:… Daniel Kahn Gillmor
- Re: [openpgp] OpenPGP private certification [was:… Phillip Hallam-Baker
- Re: [openpgp] OpenPGP private certification [was:… Daniel Kahn Gillmor
- Re: [openpgp] OpenPGP private certification [was:… Phillip Hallam-Baker
- [openpgp] public logging of e-mail certificates [… Daniel Kahn Gillmor
- Re: [openpgp] public logging of e-mail certificat… Phillip Hallam-Baker
- Re: [openpgp] public logging of e-mail certificat… Daniel Kahn Gillmor
- Re: [openpgp] public logging of e-mail certificat… Phillip Hallam-Baker
- Re: [openpgp] OpenPGP private certification [was:… Derek Atkins
- Re: [openpgp] public logging of e-mail certificat… Brian Sniffen
- Re: [openpgp] OpenPGP private certification [was:… Phillip Hallam-Baker
- Re: [openpgp] public logging of e-mail certificat… Phillip Hallam-Baker
- Re: [openpgp] Manifesto - who is the new OpenPGP … ianG
- Re: [openpgp] OpenPGP private certification Werner Koch
- Re: [openpgp] OpenPGP private certification Phillip Hallam-Baker
- Re: [openpgp] OpenPGP private certification Christoph Anton Mitterer
- Re: [openpgp] OpenPGP private certification Phillip Hallam-Baker
- Re: [openpgp] OpenPGP private certification Christoph Anton Mitterer
- Re: [openpgp] OpenPGP private certification Werner Koch
- Re: [openpgp] OpenPGP private certification Derek Atkins
- Re: [openpgp] OpenPGP private certification Phillip Hallam-Baker
- Re: [openpgp] OpenPGP private certification Phillip Hallam-Baker
- Re: [openpgp] OpenPGP private certification Christoph Anton Mitterer
- Re: [openpgp] OpenPGP private certification Christoph Anton Mitterer
- Re: [openpgp] OpenPGP private certification Phillip Hallam-Baker
- Re: [openpgp] OpenPGP private certification Christoph Anton Mitterer
- Re: [openpgp] OpenPGP private certification Werner Koch
- Re: [openpgp] OpenPGP private certification ianG
- Re: [openpgp] OpenPGP private certification [was:… ianG
- Re: [openpgp] public logging of e-mail certificat… Phillip Hallam-Baker
- Re: [openpgp] public logging of e-mail certificat… ianG
- [openpgp] New encryption formats for messaging David Leon Gil
- Re: [openpgp] OpenPGP private certification Ben McGinnes