The fact that you would even try to pass off the special case of the ends of the link being the ends of the communication suggests that you understand how weak your case is here.
2) My argument was based on usage by the billion plus Internet users.
I don't think more than about 5% of Internet users have ever used one of the protocols you mention. And of the people who install free encryption add-ons, the number who actually go on to use them regularly is infinitesimal.
Now that particular group are a pretty important group with pretty important reasons for doing what they do. But from my perspective it was a mistake to design Internet security so that it could only serve their needs and not the needs of even a majority of Internet users.
On Thu, Mar 10, 2011 at 11:25 PM, Martin Rex <mrex@xxxxxxx> wrote:
Phillip Hallam-Baker wrote:
>
> Another mistake was the absolutist insistence on end to end security models
> despite abundant evidence that people could not make use of them. Military
> communications use end-to-end where possible but they have the luxury of
> specialist trained cipher clerks and coms operators.
I don't think this is correct.
The end-to-end security model is actually the only one that did work,
provided that it could be used in an ad-hoc fashion PGP, SSH, WPA/WPA2
-- i.e. without any need to involve any third party, pay fees and go
through a very bureaucratic setup process and end up with a severely
constrained, lifetime-limited result.
Things that failed badly are those that are severly usability-impaired
for ad-hoc usage (such as TLS) or completely locked against ad-hoc usage
(such as S/MIME), simply because the technology completely ignored
how security works for humans in real life: it starts ad-hoc with a
leap-of-faith on initial encounter and trust develops over time
through memorizing experience of previous encounters.
The original SSH approach is really the most natural fit, and it just
worked out-of-the box for Linux installations (I realize I haven't
been installing Linux Distros for a couple of years ...) Did this
change in the meantime?
A devastatingly large number of Web-Servers and WebShops has been
misapplying SSL/TLS. And it takes Foolproof point-and-click exploits
such as Firesheep to make businesses move slighlty towards better
security from the irresponsible state they've been holding for
years in full awareness of their own negligence.
-Martin
--
Website: http://hallambaker.com/
_______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf