[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ih] e2e protections (was: Re: question re. early adoption of email)

On 4/30/2016 5:09 AM, Noel Chiappa wrote:
> Let's all just conveniently ignore the fact that if said government
> agency/ies_really_  wanted to know what someone was doing online, they'd
> perhaps infect that machine's bloat-/Swiss-cheese-ware, which passes for
> contemporary 'best software practices', with a virus that would report every
> keystroke ... or something like that.

There is a striking lack of community discussion about system design 
requirements (nevermind usable[*] technical specifications) for 
meaningful, end-to-end integrity, confidentiality, and authentication. 
One-hop, link-level encryption is useful against some basic forms of 
attack, but not against many others that are known to happen.


[*] Mass-market usability seems to be the holy grail of security 
mechanisms.  The mantra that usability and security are in opposition is 
convenient and reasonable, but ultimately unacceptable.  The security 
community mostly seems to think the pushing harder for systems that are 
known to have poor usability will somehow eventually achieve success.

   Dave Crocker
   Brandenburg InternetWorking