dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
11

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

1 recommendation

Blackbird to Steve

Premium Member

to Steve

Re: The Threat of Silence

said by Steve:

said by Blackbird:

True encryption ought to be the standard, not the exception, for traffic on a public-accessed network.

How would you propose, even in broad strokes, for this to happen?

Encryption is trivial, it's key management that's the hard part.

Given what the Internet has grown up to be, it certainly wouldn't be as easy now as it might have been at inception. As a minimum, all traffic should have something akin to SSL protection, though the security made more robust. Add to that, redundant public-key depositories (along the lines of current DNS servers and certificates) for all traffic other than simple, passive web-page browsing, and a framework might just begin taking shape. The cost of true traffic security is invariably a certain loss of anonymity in order to verify key-holder ownership, at least to some degree... but one might also make "insecure" mode the option instead of the default as it is today, so that if one does not want the traceability of key-handling, they would be free to do without... assuming, of course they could find someone on the other end of their traffic willing to participate.

I'm under no illusions. A public network can never be made as secure as a well-designed and operated private network. Security on the 'public' Internet has always been an after-thought, laid upon an architecture intentionally designed for accessibility and survivability. The problem today is that the traffic security has become increasingly important, but it's still being conceptually treated largely from a band-aid and opt-in mentality... and that's visibly not working out well.
OZO
Premium Member
join:2003-01-17

OZO

Premium Member

said by Blackbird:

The cost of true traffic security is invariably a certain loss of anonymity in order to verify key-holder ownership, at least to some degree...

Not necessarily, if P2P is involved in design (and they've specifically mentioned it) and keys are generated (and then immediately destroyed) on the fly - there is no need to forfeit anonymity (as opposite to centralize based PKI). Here is example of similar (only by the idea behind) implementation - ZRTP.

Authors are practicing quite rare privacy-by-design approach, which shows respect to the end user, not to any other third party entities (government, private snoopers, marketeers, etc). And they've committed to making source code of the new technology available publicly. It's yet another sign of true user-oriented intentions behind the project. That, IMHO, brings confidence to this privacy solution (along with well known authors, standing behind it).

Good to hear that there are still some folks, who care about privacy or people.