[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ih] e2e protections (was: Re: question re. early adoption of email)

Subject: [ih] e2e protections (was: Re: question re. early adoption of email)
From: dhc2 at dcrocker.net (Dave Crocker)
Date: Sat, 30 Apr 2016 06:42:39 -0700
In-reply-to: <[email protected]>
References: <[email protected]>

On 4/30/2016 5:09 AM, Noel Chiappa wrote:
> Let's all just conveniently ignore the fact that if said government
> agency/ies_really_  wanted to know what someone was doing online, they'd
> perhaps infect that machine's bloat-/Swiss-cheese-ware, which passes for
> contemporary 'best software practices', with a virus that would report every
> keystroke ... or something like that.


There is a striking lack of community discussion about system design 
requirements (nevermind usable[*] technical specifications) for 
meaningful, end-to-end integrity, confidentiality, and authentication. 
One-hop, link-level encryption is useful against some basic forms of 
attack, but not against many others that are known to happen.


d/

[*] Mass-market usability seems to be the holy grail of security 
mechanisms.  The mantra that usability and security are in opposition is 
convenient and reasonable, but ultimately unacceptable.  The security 
community mostly seems to think the pushing harder for systems that are 
known to have poor usability will somehow eventually achieve success.
-- 

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net

References:
- [ih] question re. early adoption of email
  - From: jnc at mercury.lcs.mit.edu (Noel Chiappa)

Prev by Date: [ih] question re. early adoption of email
Next by Date: [ih] question re. early adoption of email
Previous by thread: [ih] question re. early adoption of email
Next by thread: [ih] question re. early adoption of email
Index(es):
- Date
- Thread