IETF Logo Mail Archive

Re: [openpgp] OpenPGP private certification

ianG <iang@iang.org> Fri, 10 April 2015 17:25 UTC

Return-Path: <iang@iang.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFF121A885B for <openpgp@ietfa.amsl.com>; Fri, 10 Apr 2015 10:25:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qJdc60n0RLlr for <openpgp@ietfa.amsl.com>; Fri, 10 Apr 2015 10:25:02 -0700 (PDT)
Received: from virulha.pair.com (virulha.pair.com [209.68.5.166]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5DACA1A8833 for <openpgp@ietf.org>; Fri, 10 Apr 2015 10:25:02 -0700 (PDT)
Received: from tormenta.local (iang.org [209.197.106.187]) by virulha.pair.com (Postfix) with ESMTPSA id CBF576D78E; Fri, 10 Apr 2015 13:25:00 -0400 (EDT)
Message-ID: <5528076B.4040302@iang.org>
Date: Fri, 10 Apr 2015 18:24:59 +0100
From: ianG <iang@iang.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: openpgp@ietf.org
References: <CAA7UWsUz65C0GAQo8Yf7ZOeT9BYy+NLV5pbbPg+Ok0-72ca1eA@mail.gmail.com> <1427243451.10191.375.camel@scientia.net> <5512F137.80702@iang.org> <CAHBU6isgirHnx+gHP+OiHuvhzD+1OTCShCHEkhWcqEmUn9qnzQ@mail.gmail.com> <CAMm+LwiXKf1DvgbHaZoJnKdCVbak-jderv6Z8KDs9xPEbUuYQQ@mail.gmail.com> <1427343948.23692.14.camel@scientia.net> <CAMm+Lwi5bVTujuazTXw7oRty7n5RtsObEfNrJzmbtPiOb-X25g@mail.gmail.com> <m27fu3fsom.fsf@usma1mc-0csx92.kendall.corp.akamai.com> <CAMm+LwjBuZfP4NwRCy23_d9eRtcfUiLKdyZOu+jYT72HfB0g9g@mail.gmail.com> <87vbhlt8tg.fsf@alice.fifthhorseman.net> <CAMm+Lwjo5eyCHNahqWcwUBoaevCw2s3WAeq-2=maW=JEpCFWxA@mail.gmail.com> <sjmvbheioxv.fsf@securerf.ihtfp.org> <CAMm+Lwi4zsnQoX0R0CRbmDceLKi8B3ipHnBvSqNgo8FA8UYh3w@mail.gmail.com> <87mw2i28nr.fsf@vigenere.g10code.de> <CAMm+Lwief440=CdrQrjma1qrFHJYKTZAM5gZ1N9mMVikFvDzSw@mail.gmail.com> <1428498695.5137.17.camel@scientia.net> <CAMm+Lwjq3He8tHRWCOq7gLcps-Zor-m-hk0sMcdbjfKout-nBg@mail.gmail.com> <1428500028.5137.26.camel@scientia.net>
In-Reply-To: <1428500028.5137.26.camel@scientia.net>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/aeD1qy_KyMq5TN-PDhaFjenFyrM>
Subject: Re: [openpgp] OpenPGP private certification
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Apr 2015 17:25:03 -0000

On 8/04/2015 14:33 pm, Christoph Anton Mitterer wrote:
> On Wed, 2015-04-08 at 09:23 -0400, Phillip Hallam-Baker wrote:
>>> Crypto is not an iPhone.
>> Mine is.
> Believing that you're secure with a proprietary driven system, from a
> company which is known to have worked with mass surveillance
> organisation (and if it's just because they were forced so by law), is
> naive - at best.


No, it's security modelling.  It all depends on what the business model 
is, which defines the threats that one has to deal with.  There are 
plenty of people out there that don't care about the mass surveillance 
and there are plenty of people in here who do care about it.  The reason 
that people out there don't care about mass surveillance is because they 
(a) don't see the harm or (b) have bigger harms to worry about.

Sometimes valid reasons, sometimes not.

We have to remember that the old CIA was something that was taught to us 
back in the 1990s out of military models.  E.g., it made sense to 
consider the MITM as a big commsec threat when our only experience was 
MITMs in aggressive military actions -- armies against armies.  But the 
Internet was different, we had different threat actors, different values 
under protection, and different incentives.

There are probably more people out there that don't want authentication 
than do, or more precisely they want nymity.  Canonically, recall all 
the people (eg) Manning who were caught over the net, and had recorded 
chat sessions used as evidence against.  Having unattributable, 
untraceable content is actually a goal for many.

And things like twitter show how confidentiality isn't really the thing, 
but they still put everything over the HTTPS so that at least the 
passive surveillance is turned into active surveillance.

etc etc.  Your enemy may be the NSA.  But for most people most of the 
time, it's others:  aggressive ex-spouses, parents who spy, business 
partners stealing money, teenagers getting into trouble with photos, etc 
etc.




iang


ps; And to echo Phil, my crypto is iPhone too - end-to-end secure 
payments systems.  'cept, Java only runs on Android ;)

v2.23.0 | Report a Bug | By Email