[liberationtech] Firesheep: Making the Complicated Trivial
Uncle "The Dod" Zzzen
unclezzzen at gmail.com
Wed Oct 27 14:03:16 PDT 2010
On Wed, Oct 27, 2010 at 1:45 PM, Chris Palmer <chris at eff.org> wrote:
> The only thing that matters is what the user story is: How are people to understand the security guarantee,
> detect when it has been broken, and know what to do when it has been broken?
There's no guarantee, but (if I understand correctly) it will be cheaper
to snoop on *some* of your traffic if you *don't* use tcpcrypt. Just
like you lock your door although it won't protect you from a bulldozer
or a missle, and just like you use WPA wifi to protect yourself from
sheep-kiddies although "we all know governments snoops at the ISP
anyway". There are many adversaries. Ruling out *some* of them is still
a good idea.
> Nontechnical end-users [I prefer the term "people" --- CP]
When Gregory Maxwell wrote
> > appropriate hooks so that an application can implement its own
> > transport-bound domain specific authentication...
He didn't mean "people". He meant "geeks" :)
What "people" need to do is run tcpcrypt (and they'll do it if
influential people like Chris Palmer say it's kosher to touch tcpcrypt
with a stick) so that when there are enough of them, the "geeks" who
write the application will have incentive to develop application-level
authentication (e.g. numbers to show their bosses).
> The biggest security problem on the internet right now is usability. No more half-measures and geek sideshows, please.
The urgency in the "right now" is too melodramatic for my taste,
and there's no more reason "right now" to choke innovation than there was "yesterday".
After all, "internet has already died when SATAN was released" :)
I agree that "people" should understand they're not "safe" when using
tcpcrypt, but it's way better than nothing, unless you have reasons to
believe otherwise. Some systems (e.g. diaspora or my own SwaTwt R.I.P)
are "worse than nothing", but this can be backed up with concrete
arguments.
The advantage of SSL is that it's *no longer* a "geek sideshow". On the
other hand, an SSL certificate costs money (a lot of rice if you're a
Cambodian site owner, a bit less here in Thailand) - and still isn't
failsafe (how do you know the site wasn't hacked? Are you sure there's
no court order that forces the hosting provider to wiretap your stuff
and not tell you? Chris Palmer is from EFF and I'm sure he's familiar
with such cases).
I'm not even sure whether I'm going to use tcpcrypt (still waiting to
hear the "why nots"), but I just had to say this. People here know that
when *my* "geek sideshow" got slapped in the face with a wet fish here,
I've accepted it because the criticism was right. From what I've heard
so far, Chris Palmer's response doesn't sound like criticism, but rather
like a knee-jerk reflex.
Cheers,
The Dod
More information about the liberationtech
mailing list