[ih] e2e protections (was: Re: question re. early adoption of email)
Dave Crocker
dhc2 at dcrocker.net
Sat Apr 30 06:42:39 PDT 2016
On 4/30/2016 5:09 AM, Noel Chiappa wrote:
> Let's all just conveniently ignore the fact that if said government
> agency/ies_really_ wanted to know what someone was doing online, they'd
> perhaps infect that machine's bloat-/Swiss-cheese-ware, which passes for
> contemporary 'best software practices', with a virus that would report every
> keystroke ... or something like that.
There is a striking lack of community discussion about system design
requirements (nevermind usable[*] technical specifications) for
meaningful, end-to-end integrity, confidentiality, and authentication.
One-hop, link-level encryption is useful against some basic forms of
attack, but not against many others that are known to happen.
d/
[*] Mass-market usability seems to be the holy grail of security
mechanisms. The mantra that usability and security are in opposition is
convenient and reasonable, but ultimately unacceptable. The security
community mostly seems to think the pushing harder for systems that are
known to have poor usability will somehow eventually achieve success.
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
More information about the Internet-history
mailing list