Re: Failure of PKI in messaging

>Banks [use] a web interface, after the user logs in to
their account.

>So, what's missing in the email PKI model is
two-sidedness.
>Fairness.

Not really.  What's missing is, if you'll pardon the phrase,
a central
point of failure.

If you can persuade everyone to use a single system, it's
not hard to
make communication adequately secure.  Look at Hushmail; if
you
believe that their internal processes are OK, you can set up
an
account and communicate quite securely with other Hushmail
users on
their web site, or for the more nerdy, you can use SSL IMAP
and PGP to
communicate with their central site.  It's been limping
along since
1999, I don't know anyone who uses it which says something
about its
actual utility.

But that's not e-mail.  The great thing about Internet
e-mail is that
vast numbers of different mail systems that do not know or
trust each
other can communicate without prearrangement.  And of couse
the awful
thing about Internet e-mail is the same thing.  It's hard to
see any
successful e-mail system in the future, secure or otherwise,
that
doesn't do that, since Internet mail killed all of the
closed systems
that preceded it.



------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com

John Levine wrote:
>  The great thing about Internet e-mail is that
> vast numbers of different mail systems that do not know
or trust each
> other can communicate without prearrangement.  

That's not banking. Banks and their clients already have a
trusted
relationship. The banks webmail interface leverages this to
provide
a trust reference that the user can easily verify (yes, this
is my
name and balance). That's why it works, and that's what is
missing
in the bank PKI email model -- what's that relationship
buying you?

Email for banks should thus leverage the relationship,
rather than
present an ab initio communication.

> It's hard to see any
> successful e-mail system in the future, secure or
otherwise, that
> doesn't do that, since Internet mail killed all of the
closed systems
> that preceded it.

It is not true that you can't secure first communications.
It is just
harder and _not_ necessary for banks (because the client
already knows
the bank and vice versa).

Best,
Ed Gerck

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com

| >Banks [use] a web interface, after the user logs in to
their account.
| 
| >So, what's missing in the email PKI model is
two-sidedness.
| >Fairness.
| 
| Not really.  What's missing is, if you'll pardon the
phrase, a central
| point of failure.
| 
| If you can persuade everyone to use a single system, it's
not hard to
| make communication adequately secure.  Look at Hushmail;
if you
| believe that their internal processes are OK, you can set
up an
| account and communicate quite securely with other Hushmail
users on
| their web site, or for the more nerdy, you can use SSL
IMAP and PGP to
| communicate with their central site.  It's been limping
along since
| 1999, I don't know anyone who uses it which says something
about its
| actual utility.
| 
| But that's not e-mail.  The great thing about Internet
e-mail is that
| vast numbers of different mail systems that do not know or
trust each
| other can communicate without prearrangement.  And of
couse the awful
| thing about Internet e-mail is the same thing.  It's hard
to see any
| successful e-mail system in the future, secure or
otherwise, that
| doesn't do that, since Internet mail killed all of the
closed systems
| that preceded it.
On the other hand, the push/pull combination of spam and
IM/SMS are well
on their way to killing Internet mail.  Spam being what it
is, the
notion that "anyone can send mail to anyone" is
naive.  Unsolicited mail
stands a good chance of ending up tossed by a spam filter. 
The volume
of spam is so high that few people even bother to review the
stuff
caught, if their mail provider even provides a mechanism to
do that.

Meanwhile, the next generation of users is growing up on the
immediacy
of IM and text messaging.  Mail is ... so 20th century.

I think the whole notion of decentralizing *everything* has
turned out
to be a trap.  Yes, it makes for great cryptography and
system design to
find ways to do without a trusted third party.  But the
resulting
systems just don't fit the way people think and work.  Trust
has
*always* been based on personal contact, extended to
organizations that
work hard to have a "human face" on the one hand,
and to various
human-scale, humanly-transparent ways of reifying and
rendering portable
the smile and the handshake, from letters of credit to
various business
rating organizations (D&B, BBB), and so on.  Replacing
that with some
abstract cryptographic system that no one understands, no
one can see or
touch - and that ultimately can only be perceived as
trustworthy if it
comes from trustworthy institutions anyway - is just a
non-starter.

With this shaky base, it should perhaps not come as a
surprise that
after all these years of trying, we haven't managed to come
up with
human interfaces to these systems that actually allow them
to work
effectively in the human world.

Meanwhile, in real terms, it would be interesting to know
what
percentage of Email these days flows *between*
organizations, and what
percentage remains within individual organization's Exchange
servers.
With all the rules already enforced by typical
Exchange-using
organizations - not to mention all the new rules being added
as
first "compliance" and now "evidence
retention and destruction" regs
and the upcoming "information leakage management",
more and more
Email systems are taking on the characteristics of the old
closed
systems, with only a thin, closely watched pipe connecting
them out
to the Internet.
							-- Jerry

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com

On Thu, Feb 15, 2007 at 10:10:21AM -0500, Leichter, Jerry
wrote:

> Meanwhile, the next generation of users is growing up
on the immediacy
> of IM and text messaging.  Mail is ... so 20th
century.

Well, you certainly don't want to use email when
coordinating a place to
meet in the next 10-15 minutes, while on the move with a
cell phone, or
other near-real-time social activity so important to the
next generation
while they are still the "next" generation.

I challenge the myth that this means that email won't be
more important
to them as they mature.

> Meanwhile, in real terms, it would be interesting to
know what
> percentage of Email these days flows *between*
organizations, and what
> percentage remains within individual organization's
Exchange servers.

I may be able to get you a data-point on that.
Qualititatively external
email is not shrinking in significance here.

-- 

 /" ASCII RIBBON                  NOTICE: If received
in error,
  / CAMPAIGN     Victor Duchovni  please destroy and
notify
  X AGAINST       IT Security,     sender. Sender does not
waive
 /  HTML MAIL    Morgan Stanley   confidentiality or
privilege,
                                   and use is prohibited.

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com

On Thu, Feb 15, 2007 at 11:36:35AM -0500, Victor Duchovni
wrote:

> On Thu, Feb 15, 2007 at 10:10:21AM -0500, Leichter,
Jerry wrote:
> 
> > Meanwhile, the next generation of users is growing
up on the immediacy
> > of IM and text messaging.  Mail is ... so 20th
century.
> 
> Well, you certainly don't want to use email when
coordinating a place to
> meet in the next 10-15 minutes, while on the move with
a cell phone, or
> other near-real-time social activity so important to
the next generation
> while they are still the "next" generation.
> 
> I challenge the myth that this means that email won't
be more important
> to them as they mature.
> 
> > Meanwhile, in real terms, it would be interesting
to know what
> > percentage of Email these days flows *between*
organizations, and what
> > percentage remains within individual
organization's Exchange servers.
> 
> I may be able to get you a data-point on that.
Qualititatively external
> email is not shrinking in significance here.

O.K. inbound external email is ~20% of our traffic.

-- 

 /" ASCII RIBBON                  NOTICE: If received
in error,
  / CAMPAIGN     Victor Duchovni  please destroy and
notify
  X AGAINST       IT Security,     sender. Sender does not
waive
 /  HTML MAIL    Morgan Stanley   confidentiality or
privilege,
                                   and use is prohibited.

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com

On Thu, Feb 15, 2007 at 11:36:35AM -0500, Victor Duchovni
wrote:
> On Thu, Feb 15, 2007 at 10:10:21AM -0500, Leichter,
Jerry wrote:
> > Meanwhile, the next generation of users is growing
up on the immediacy
> > of IM and text messaging.  Mail is ... so 20th
century.
> 
> Well, you certainly don't want to use email when
coordinating a place to
> meet in the next 10-15 minutes, while on the move with
a cell phone, or
> other near-real-time social activity so important to
the next generation
> while they are still the "next" generation.

As mobile devices improve in compute/memory/display/input
capabilities
the distinction between texting/IM/e-mail will get blurred,
and at the
same time mobiles will become more and more tempting vehicle
for
securing transactions.

E.g., I use the GMail J2ME app on my cell phone and it's
almost as good
as SMS in some ways and better in others (plus I forward
some e-mails to
SMS so that this app need not be running all the time).  I
can even pay
via paypal using my phone, supposedly -- I've not tried it.

Just as we laugh when we recall 1980s cell phones (ha!) the
next
generation will laugh at the best of our current crop of
mobile devices,
never mind the more basic ones.

Nico
-- 

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com

Leichter, Jerry wrote:

> On the other hand, the push/pull combination of spam
and IM/SMS are well
> on their way to killing Internet mail.  

Video killed the radio star? I'm an IM partisan, but even I
have given 
up on trying to kill off email.

> Meanwhile, the next generation of users is growing up
on the immediacy
> of IM and text messaging.  Mail is ... so 20th
century.

I prefer the phrase "second-millennium". 

> I think the whole notion of decentralizing *everything*
has turned out
> to be a trap.  

Interestingly, the public communication systems that are
"secure" 
(Hushmail, Skype, etc.) are all centralized. I can't claim
that a 
decentralized approach like Jabber is secure, though we're
working on it...

> Trust has
> *always* been based on personal contact, extended to
organizations that
> work hard to have a "human face" on the one
hand, and to various
> human-scale, humanly-transparent ways of reifying and
rendering portable
> the smile and the handshake, from letters of credit to
various business
> rating organizations (D&B, BBB), and so on. 
Replacing that with some
> abstract cryptographic system that no one understands,
no one can see or
> touch - and that ultimately can only be perceived as
trustworthy if it
> comes from trustworthy institutions anyway - is just a
non-starter.

Can't agree more. (Not that agreement is the sine qua non of
discussion.)

> With this shaky base, it should perhaps not come as a
surprise that
> after all these years of trying, we haven't managed to
come up with
> human interfaces to these systems that actually allow
them to work
> effectively in the human world.

So how do we abstract from or extend what (somewhat) works
in the real 
world to something that might work in the online world?

Peter

-- 
Peter Saint-Andre
XMPP Standards Foundation
http://w
ww.xmpp.org/xsf/people/stpeter.shtml

     --
John Levine wrote:
 > What's missing is, if you'll pardon the phrase, a
 > central point of failure.
 >
 > If you can persuade everyone to use a single system,
 > it's not hard to make communication adequately
secure.

But there is a central point.  ICANN is responsible for
internet names and numbers, and for keys to certify
those names and numbers, and it is pretty much
irrelevant.

Similarly, if everyone in the world used hushmail, would
not do any more good against phishing than if everyone
in the world used PKI signed mail - which is precisely
why people do not use PKI signed email.

You are making the Katrina reaction "we need someone
in
charge".  No, we do not need someone in charge. 
Someone
in charge does not make everything right, more commonly
it makes everything wrong, disrupting, rather than
facilitating, communication and cooperation, just as
with the Katrina disaster.

     --digsig
          James A. Donald
      6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
      hHUR4oItlqyjOJrgB5g69WubFGEXSD2fFY+PslCK
      4pIw1gBia7di4K0uJB1p+FcZC9yxi1vCIFI3tot1u


------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com

     --
Ed Gerck wrote:
 > That's not banking. Banks and their clients already
 > have a trusted relationship. The banks webmail
 > interface leverages this to provide a trust reference
 > that the user can easily verify (yes, this is my name
 > and balance). That's why it works, and that's what is
 > missing in the bank PKI email model -- what's that
 > relationship buying you?
 >
 > Email for banks should thus leverage the
relationship,
 > rather than present an ab initio communication.

Hence my proposal for a single sign on and messaging
system resembling IM buddy lists - the computer tracks
relationship information, rather than true name
information.

     --digsig
          James A. Donald
      6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
      NMb/3lhm5wj1jn9bea0UJsViLkPWzA2jR+GCOgFV
      4WdwEv3Qp46Bt5AR7KTqFUUnJqu7E/XHnkKfJ2t/D

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com

Leichter, Jerry wrote:

> I think the whole notion of decentralizing *everything*
has turned out
> to be a trap.  Yes, it makes for great cryptography and
system design to
> find ways to do without a trusted third party.  But the
resulting
> systems just don't fit the way people think and work. 
Trust has
> *always* been based on personal contact

In human interactions trust is not based upon a centralized
"authority"
either. So having a decentralized, inter-human solution such
as PKI is
actually a lot closer to the natural ways of things, than
the SSL
CA-based infrastructure.

The human touch is somewhat missing though and that's an
implementation
issue. For example, one of the heavily underused features of
GPG is the
picture ID. It'd make a lot more sense for non-geeks to see
a picture of
their friend "message verified to come from [pic
here]" than the more
obscure "Good signature from John Doe" which needs
to be interpreted.
Likewise the mentioned use of colors, which would aid in
intuitive
understanding of the authenticity and security of a message
(or lack
thereof).

Silvio

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com