Re: [saag] Ubiquitous Encryption: spam filtering
Phillip Hallam-Baker <phill@hallambaker.com> Fri, 03 July 2015 05:38 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A39B31B2C79 for <saag@ietfa.amsl.com>; Thu, 2 Jul 2015 22:38:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.276
X-Spam-Level:
X-Spam-Status: No, score=-1.276 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, LOTS_OF_MONEY=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TfUiR2mCoLUs for <saag@ietfa.amsl.com>; Thu, 2 Jul 2015 22:38:54 -0700 (PDT)
Received: from mail-lb0-x22b.google.com (mail-lb0-x22b.google.com [IPv6:2a00:1450:4010:c04::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 550C71B2C78 for <saag@ietf.org>; Thu, 2 Jul 2015 22:38:54 -0700 (PDT)
Received: by lbnk3 with SMTP id k3so43805962lbn.1 for <saag@ietf.org>; Thu, 02 Jul 2015 22:38:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=/APnH1nw5VG4JfhqcvPJf5qGNIOXoMmBhM8k+3OizA4=; b=pkxumNMHvfeo0Vj1i9L+BWYzv6vjaAIsL8arRf/GEwYdOvsTXgzxkPtTOnZ0D3q7Eh ZqX9W3aIGkPeaDj9Z/xNWzo9uD0RFqUDEV7s0H5RuhJDfgNDcdnqyLmg48ajbbXlVOdi 7uY5Jy1RM0qw2yxffe4gFBIBNcePE/jR+gZkonV4vr9kPl69ihY8aUlTbmVxbBX5tDbH bjhNbP3R1i7GvVtVbb/nwWtzH89P8eNSDfSQo/FPOHoD8sJfJmL+G/+VphCNw18PYFC+ DfSGf/ZNeQQXOSrc8H5nKhyvLqbbr352T4K37Y30FWJBHmKvB7InFy596sziiSIcaBHI fYbA==
MIME-Version: 1.0
X-Received: by 10.152.36.65 with SMTP id o1mr34778236laj.55.1435901932792; Thu, 02 Jul 2015 22:38:52 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.203.163 with HTTP; Thu, 2 Jul 2015 22:38:52 -0700 (PDT)
In-Reply-To: <alpine.OSX.2.11.1507021052490.989@ary.lan>
References: <20150623151902.89304.qmail@ary.lan> <CAMm+LwjG7=r1B5J2P9WNpEefs9kC+b9ZLM+Q71-KJ=3jb6Gq_Q@mail.gmail.com> <559236DF.7080203@bogus.com> <CAMm+Lwhcx-AGo_T1E4cjNoAP9n4xnGweGebq2z4cHRpWBNopTA@mail.gmail.com> <alpine.OSX.2.11.1506301600130.78297@ary.lan> <CAMm+LwhyPVoC8=YMvCq3kA0SPqP0gpRUewwaH7nh+7qPDJ1uAw@mail.gmail.com> <alpine.OSX.2.11.1507021052490.989@ary.lan>
Date: Fri, 03 Jul 2015 01:38:52 -0400
X-Google-Sender-Auth: N0tLjvT-OZqqOWbRyj0_ffpzWMQ
Message-ID: <CAMm+LwjLYus5+HZkPrcChUTD4NNKZJdKjVb2_wdg41UdXEM02A@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: John R Levine <johnl@taugh.com>
Content-Type: multipart/alternative; boundary="089e0158b6c2a2f40f0519f1f814"
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/ZuxyC8Q8qGG5ogOtX9Nk628G4zw>
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] Ubiquitous Encryption: spam filtering
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jul 2015 05:38:55 -0000
On Thu, Jul 2, 2015 at 10:53 AM, John R Levine <johnl@taugh.com> wrote: > supercomputers with communications and touch screen displays known as >> 'smartphones'. >> >> Bank sends a request to the phone/watch saying 'do you want to transfer >> $10,000' >> >> Phone/watch authenticates request, gets user input, signs request, returns >> response to bank. >> >> The keys used for signing need never leave the device. >> > > I've seen demos of malware that subverts smartphone apps. Really, it's a > hard problem. > > > Regards, > John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY > Please consider the environment before reading this e-mail. > Security is risk management, not risk elimination. It is actually possible to tie the private key to a device using hardware protections given the will. But even without that, the attack surface is considerably narrowed. And if you look at the malware stats for phones, two brands have essentially 0% malware for very different reasons while the other is the other 100%
- [saag] Ubiquitous Encryption: spam filtering John Levine
- Re: [saag] Ubiquitous Encryption: spam filtering Kathleen Moriarty
- Re: [saag] Ubiquitous Encryption: spam filtering John R Levine
- Re: [saag] Ubiquitous Encryption: spam filtering Nico Williams
- Re: [saag] Ubiquitous Encryption: spam filtering Phillip Hallam-Baker
- Re: [saag] Ubiquitous Encryption: spam filtering joel jaeggli
- Re: [saag] Ubiquitous Encryption: spam filtering Eliot Lear
- Re: [saag] Ubiquitous Encryption: spam filtering Dave Crocker
- Re: [saag] Ubiquitous Encryption: spam filtering Phillip Hallam-Baker
- Re: [saag] Ubiquitous Encryption: spam filtering John R Levine
- Re: [saag] Ubiquitous Encryption: spam filtering Phillip Hallam-Baker
- Re: [saag] Ubiquitous Encryption: spam filtering John R Levine
- Re: [saag] Ubiquitous Encryption: spam filtering Phillip Hallam-Baker