[liberationtech] Security / reliability of cryptoheaven ?
Maxim Kammerer
mk at dee.su
Tue Oct 9 05:01:27 PDT 2012
On Wed, Oct 3, 2012 at 2:41 PM, D J Capelis <djcapelis at cs.ucsc.edu> wrote:
> I like the part where you say the problem is easy and then point to a
> solution with issues that make it anything but easy, tenable or workable.
Why? The solution (if you refer to cables in Liberté) is easy to use,
is robust, and it works. Here is a sample feedback that I found online
(translation mine): “The Tor email [referring to cables] is
brilliantly implemented. No registration or setup whatsoever, during
first boot a unique email address is configured, and this way it is
possible to correspond with others like you” [1].
Even the CryptoHeaven solution that I criticized above is good,
discarding minor issues that can be easily fixed, and discarding
what's apparently a security-usability tradeoff decision: not
incorporating a public key hash in the username (making the user
address self-authenticating). There is apparently no solution to this
tradeoff — see Zooko's triangle in [2].
[1] https://ns-wp.ws/forum/index.php/topic,4983.msg69093.html#msg69093
[2] http://www.skyhunter.com/marcs/petnames/IntroPetNames.html
> But saying that it's not a hard problem makes the real challenges that
> remain less visible. Throwing layers of encryption on e-mail is easy.
> Verifying that it's being encrypted to the right person is *still* hard.
That's why you need self-authenticating addresses, or another way of
non-optional recipient authentication.
> And that's not even getting into platform inter-op issues that
> drive so many people to want to do their crypto in a web interface or on
> some other person's server.
You can't provide interoperability between secure and insecure systems
while leaving the security intact. That's why the military uses
compartmentalization and air gaps.
> Pretending it's an easy problem because technologies exist that aren't
> usable ignore the real technology issues we haven't solved yet.
Only if you want to use technologies that weren't developed with
security in mind.
--
Maxim Kammerer
Liberté Linux: http://dee.su/liberte
More information about the liberationtech
mailing list