On Sat, 15 Mar 2014 16:31:05 ianG wrote:
> If people stop believing in institutions such as standards bodies,
> certification bodies, and governments, the question is, what or whom
> will they trust? And what could actually deliver that trust?
On Sun, 16 Mar 2014 05:33:57 James A. Donald wrote:
> Trust individuals.
> Let us have Jon Callas as unelected president for life of symmetric
> cryptography, Bernstein as God King of public key cryptography.
On Sat, 15 Mar 2014 23:34:34 Stephen Farrell wrote:
> But for me I conclude that trying to make as much of the
> technology that gets used have as much resistance against
> this attack is the approach to try, while not aiming for
> perfection, and without claiming that other approaches are
> that wrong.
It seems to me that it might make sense to get an open competition going to elect a process of building trust in crypto that actually works in practice and gets us out of the situation we're stuck in today:
The challenge is this:
"Show me the whole practical process anyone on this planet can use to have a secure online communication with someone else."
The proposals must not be reduced to technical specifications but need to show how exactly we can achieve the results of trust building. In this process individuals must play an important role. As a precondition the process must be entirely comprehensible and verifiable, so that a variety of smart people - including the President and the God King - can expose themselves to say "Yes, I've checked this approach, I know of N capable colleagues that I know have scrutinized the code and the inner workings. I might be wrong, but I sincerely would recommend to use this to my wife."
The successful winner of this competition won't be perfect, it won't guarantee that the NSA cannot subvert it, it wouldn't even guarantee that it'll be widely used in practice, but it would be a foundation for the mammoth task that lies before us, to take back the internet.
Including the personal aspects, the need for a reliable framework that shows all checks have actually been done in a way people can understand might make this approach a success. I hope this can help to get the ship going again, and I'm sure others will have much better ideas how to achieve trust in crypto. Don't keep them to yourself. http://cryptome.org/2014/02/snowden-drop.pdf
To see what it takes to establish a secure online communication it's interesting to look at the way Edward Snowden finally convinced Glenn Greenwald, the journalist who published the NSA files, to use crypto.
It took him about six months. 
In the beginning Snowden knew he needed a secure channel to Greenwald but Greenwald's laptop was clear of PGP. In his first contact Snowden asked for Greenwald's PGP public key several times but without success. Snowden was then an anonymous contact, an untrusted source, no reason to go through the pains of installing PGP/GPG, even though Snowden prepared a video tutorial for him.
Snowden didn't give up, he knew about Greenwald's skills as a journalist and his courage and contacted Greenwald's friend Laura Poitras who had experienced some pretty bad treatment at border control that made her a well-experienced user of PGP. This was the context Snowden knew about.
Now Ed had Laura's public key but his encryption key was somewhat suspicious to Laura, because she could not rely on verified context information about Ed. The man behind Snowden's public key could as well be a girl from the NSA trying to entrap her. The working secure channel was one-way.
Laura based in Europe needed to talk to Greenwald, but she had no secure channel as Greenwald didn't use PGP, so she flew back to the US to meet him. When both met and looked at the emails, their untrusted source had sent, a picture formed and Snowden began to gain trustworthiness. The idea of an interview was born, four months after the first frustrating contact, initiated by Snowden.
Then a parcel arrived at Greenwald's door containing two USB sticks that eventually enabled Greenwald to boot a pre-fabricated security distribution, TAILS, to establish a direct, secure channel to Snowden. Using this channel, Snowden revealed the first PRISM documents to Greenwald, still busy to sharpen his reputation as a trustworthy source to the journalist.
If anything, this may help to understand that building trust is not just following a protocol, not just having the correct information, but a process in which crypto plays one (important) role that is by no means independent of the context around it.
On Wed, 19 Mar 2014, ianG wrote:
> Trust then is optimised risk analysis over time.
Of course there is a big difference between trust and risk but primarily it has to do with what we know (context) as a foundation for our decisions.
While trust - accumulated over time - defines what I can truly expect to happen under normal circumstances as a result of past experience, risk calculation focuses on what I don't know, and what the consequences are, if things go wrong. Reducing risks is fine, and it helps to build trust, but what we need for a trusted, secure communication is the assurance that our expectation of a private conversation is real in practice and not only a faint hope.
To achieve this it does not suffice to look at one part of the picture, as risk assessment does (which is important without a doubt!) but to construct a process that we can know to work as we reasonably expect. A process we can trust, based on context.
Getting the correct PGP public key is a hard problem in itself, but it's still only part of the problem to be solved when the decryption key (for instance) is stored in plain text on an insecure endpoint (smartphone) or when we don't have any idea how intensely the code running there had been scrutinized, or ... or .. or ... and we still want a reliably secure communication. Without solving the whole problem we cannot get trust.
The bad news is, that we have to attack the complexity problem, there is no way around it. We need to think about how we can reduce both the code base and the algorithmic dependencies in our solution to be able to reach the point where we have enough evidence (context) to trust the process.
> how do we put (more?) trust into crypto, if PGP is our starting point?
> For the next step in evolution, I'd suggest looking closely at CAcert's
> Assurance programme. That programme rewrote the WoT and the CA rulebook.
> It didn't (IMO) quite create trust. It came a bit short of it (I say
> this in the sense that it went further than anything else I am aware of
> in the space). But it did lay the foundation for the next evolution.
I will have a look at it, certainly with the focus on solving the complexity problem.