On Fri, Apr 3, 2020, at 03:54, Fred Baker wrote:
Let me put a finer point on Keith's comment. "...privileging encryption over security" is a fairly interesting statement. The encryption people would, I think, tell you that encryption is a technology whose fundamental purpose is security, so it cannot be privileged over security. Now, on the other hand, in the TLS 1.3 discussion we have had people talking about privileging creating a new security key for every session over being able to debug operational problems in an operational environment, and I would say that is in fact very different; when security prevents people from debugging problems, that's something that I want the security people helping operators to solve.
Malware detection
Exfiltration detection of private keys
Enumeration attack detection
Pretty much anything which looks for behaviour patterns across multiple endpoints is severely hampered by inability to correlate multiple datapoints. By pushing all the security out to the endpoints, they either have to coordinate threat information with each other by some side channel, or each is operating entirely in a vacuum.
"encryption is a technology whose fundamental purpose is security, so it cannot be privileged over security" is an extremist position that admits no nuance or tradeoffs - of which debugging that you already noted is just one.
For sure that in the antispam world, the ability to see patterns across a large set of messages is invaluable for classifying messages, and looking at each message right at the endpoints in isolation is much less effective.
Bron.
--
Bron Gondwana, CEO, Fastmail Pty Ltd
brong@xxxxxxxxxxxxxxxx
