Quotes of the week [LWN.net]

We are the 'lesser' platform here... ultimately all the apps that are cross platform are never going to look nice on free desktops because they will conform primarily to Windows. This plays into our competitors advantage not ours. To me, a cross-platform app simply means that you're on your way to becoming a Windows or OSX app because that will be where the money and support goes.

— Sriram Ramkrishna, on prioritizing cross-platform application development.

While I applaud the steps github is taking with licensing, I think that they should forbid anyone to clone a repo without a license chosen.

— Tom Callaway, in regard to GitHub's new Licenses API.

GPG isn't the thing that's going to take us to ubiquitous end to end encryption, and if it were, it'd be kind of a shame to finally get there with 1990's cryptography. If there's any good news, it's that GPG's minimal install base means we aren't locked in to this madness, and can start fresh with a different design philosophy. When we do, let's use GPG as a warning for our new experiments, and remember that "innovation is saying ‘no' to 1000 things."

In the 1990s, I was excited about the future, and I dreamed of a world where everyone would install GPG. Now I'm still excited about the future, but I dream of a world where I can uninstall it.

— Moxie Marlinspike, on the difficulties of working with GnuPG.

to post comments

It's easy to whine about PGP

Posted Mar 11, 2015 23:27 UTC (Wed) by HelloWorld (guest, #56129) [Link] (19 responses)

but it's hard to come up with something that is actually better. I have a hard time imagining a solution that is significantly easier to use than PGP, i. e. one that doesn't require the user to understand the relationship between public and private keys without severely compromising resilience against e. g. man in the middle attacks.

It's easy to whine about PGP

Posted Mar 12, 2015 1:32 UTC (Thu) by ebiederm (subscriber, #35028) [Link] (1 responses)

How does TextSecure look in your judgment.

It's easy to whine about PGP

Posted Mar 12, 2015 22:35 UTC (Thu) by job (guest, #670) [Link]

I have a hard time getting it to sign my distribution packages...

It's easy to whine about PGP

Posted Mar 12, 2015 5:52 UTC (Thu) by magnus (subscriber, #34778) [Link]

In the context of email I think the goal should be to have a default scheme for encrypted email which is less rigid and is zero extra effort for the user compared to unencrypted. Compromises would need to be made compared to GPG but the massively increased usage might be worth this.

The rough idea I have would be something like: Your own key-pair is generated the first time you run the email client, and the public key gets published or attached automatically to all your emails. The other side could then have an "encrypted reply" button on the other side to use the key corresponding to that email. The point would be that rather than guaranteeing that it can only be decrypted by a certain person (which the GPG key management tries to do) you are just trying to guarantee that it can only be decrypted by the one who sent the email that's being replied to, whoever that is.

The email client could also present the trustworthiness of the key based on how many earlier conversations by that person with the same key have been made before. MITM is a problem, you could have schemes to avoid MITM modifications by automatically echanging some challenge/response each time the same person is emailed. That way people you have known for a long time and exchanged many emails with, you will have a trustworthy encryption key for, should you need to send something secret.

It's easy to whine about PGP

Posted Mar 12, 2015 9:56 UTC (Thu) by epa (subscriber, #39769) [Link] (14 responses)

I'm beginning to doubt that public-key encryption is even needed. For communication between two existing parties a simple symmetric cipher is enough, using a key you have exchanged beforehand over Skype or Facebook or whatever. That's not NSA-proof but given the ease of getting malware onto most PCs it hardly matters - the encryption is not the weak link in the chain.

https is finally getting to a state where it's well implemented and immune against MITM attacks; that can be used for where public-key cryptography is needed. An https: web page could let you get an encryption key to use. The world has hardly been able to come up with a single working public key infrastructure; any plan which requires creating two (for https and for email) is even less likely to work.

It's easy to whine about PGP

Posted Mar 12, 2015 11:55 UTC (Thu) by pabs (subscriber, #43278) [Link] (3 responses)

Are you kidding about MITM and https?

It's easy to whine about PGP

Posted Mar 12, 2015 14:12 UTC (Thu) by epa (subscriber, #39769) [Link] (2 responses)

Now that browsers are taking certificate warnings seriously (for all that we love to moan about it), yes you can have some confidence that your https session isn't being MITMed - assuming you are running a browser you control on a PC you control.

If your PC is infected with malware (whether to add bogus certificates to the local store as Superfish did, or to do other nasty things) then https doesn't provide any protection against MITM attacks. But neither does anything else in that situation.

It's easy to whine about PGP

Posted Mar 12, 2015 17:05 UTC (Thu) by pabs (subscriber, #43278) [Link] (1 responses)

Wow, I did't think people seriously thought the CA system is effective.

It's easy to whine about PGP

Posted Mar 12, 2015 17:08 UTC (Thu) by epa (subscriber, #39769) [Link]

It's not great but it is rather better than what PGP uses. A web of trust sounds great in theory but, despite decades of geeks trying to organize keysigning parties, hasn't provided a useful way to distribute keys among the great unwashed masses. https with key pinning and CAs is terrible in theory but only quite bad in practice.

It's easy to whine about PGP

Posted Mar 12, 2015 14:32 UTC (Thu) by vadim (subscriber, #35271) [Link] (9 responses)

What? No, SSL as it stands is horrible.

Chrome includes something like a hundred CAs, any of which can sign a cert for any domain they please. And the list includes CAs from China and one called "State of Netherlands". I don't have anything against NL, but surely it's not hard to see how a government running a CA could have interesting effects.

Then there's that the popular CAs are a huge weak link in the entire scheme. If somebody gets hold of Verisign's keys it's going to be chaos. And with DigiNotar having been killed due to their troubles there's a huge incentive for any compromised CA to hide that fact.

PGP and the Web of Trust certainly have their flaws, but the CA system is even worse than that. The very design of it makes it less secure the more it expands (as it takes only one compromised CA to make a valid cert for any bank.com and competition encourages cutting corners), and it's based a bunch of entities that we must blindly trust..

It's easy to whine about PGP

Posted Mar 12, 2015 15:42 UTC (Thu) by epa (subscriber, #39769) [Link] (8 responses)

My point is more that we are stuck with the https certificate authorities *anyway*, so we would do better to fix the problems with that, rather than hope that somehow having two different public key infrastructures will succeed even though we can hardly deal with the one we've got.

It's easy to whine about PGP

Posted Mar 12, 2015 15:51 UTC (Thu) by vadim (subscriber, #35271) [Link] (7 responses)

How do you fix CAs, though? The problems I mentioned are inherent to the system, and not the result of a bad implementation.

There is Perspectives, but it fails to solve much, especially in an era of pervasive Internet interception. It will help you against an access point doing MITM, but not against the ISP of the site you're trying to reach doing it.

Another patch would be allowing certification by multiple CAs, so that we can drop bad CAs without as much pain.

But both of these aren't a complete solution and require the user to understand public key crypto -- exactly the complaint with GPG.

It's easy to whine about PGP

Posted Mar 12, 2015 19:13 UTC (Thu) by flussence (guest, #85566) [Link] (6 responses)

DNSSEC *would* be a silver bullet in this situation, allowing the CA racket to be replaced with just 3 entities: a site, its domain registrar and the DNS root servers. The only reason to keep CAs around would be for EV certs; everyone else could enjoy deploying free (without strings) HTTPS at last.

Given that browser support has been exactly 0% so far, I have to wonder what the holdup is. Money under the table?

It's easy to whine about PGP

Posted Mar 12, 2015 19:27 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link] (5 responses)

1) Lots of TLDs still have poor security support.
2) Registrars generally don't have nice UIs for key management.
3) Lots of middleboxes break DNSSEC.

It's easy to whine about PGP

Posted Mar 12, 2015 22:34 UTC (Thu) by job (guest, #670) [Link] (1 responses)

Number 1 might actually be a feature, if it could get people to stay away from the worst TLDs.

The crappy TLDs can also only affect the security of domains in their own zone, a power they have even today by redelegating the zones. DNSSEC just gives them a way to prove that redelegation cryptographically.

It's easy to whine about PGP

Posted Mar 13, 2015 0:12 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link]

I like DNSSEC. I had been using it since even before it was available for the .com TLD. I was watching the key signing ceremony for the root zone and then I spent an hour compulsively doing "dig NSKEY" waiting for the keys to appear (at around 3am local time).

However, there are problems. DANE is a horrible standard, DNS is constantly broken by everyone, and OSes only now start to include validating DNS resolvers.

It's easy to whine about PGP

Posted Mar 13, 2015 1:06 UTC (Fri) by flussence (guest, #85566) [Link]

> Registrars generally don't have nice UIs for key management.

Oh, tell me about it. I spent weeks reading up on how to set up this stuff myself in BIND because the hosted DNS service I was using is complete fail. But I'd expect that being an early adopter.

If there were a practical *use* for DNSSEC — outside of obscure SSH config options and random diagnostic tools — those companies would start falling over themselves to compete on quality of service. (well, given the state of the industry, they'd more likely simply fall over...)

It's easy to whine about PGP

Posted Mar 13, 2015 3:41 UTC (Fri) by dlang (guest, #313) [Link] (1 responses)

don't forget the bootstrapping problem, the dns implementation needs to get information to know if it can trust the server it's getting information from.

This is one of the issues that CeroWRT ran into with implementing DNSSEC on a small router/AP.

There are failure modes that you can get into where you are trapped in a catch-22 situation, and you have to be creative to get out of it (I don't remember the final work-around that ended up getting implemented in CeroWRT, you'd have to look at the final version or the mailing list discussions for details)

It's easy to whine about PGP

Posted Mar 13, 2015 7:16 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link]

> don't forget the bootstrapping problem, the dns implementation needs to get information to know if it can trust the server it's getting information from.
That's actually not an issue. The root of trust is just _one_ key (well, a few). What's more problematic is that a small device needs to do record chasing itself, rather than trust the upstream server.

However, I think that this functionality now belongs on clients, not on routers. I certainly wouldn't trust any random router to correctly flag authenticated responses.

It's easy to whine about PGP

Posted Mar 19, 2015 9:42 UTC (Thu) by ssokolow (guest, #94568) [Link]

Definitely agreed. It's actually sort of like quantum theory in that, if you think you understand how hard it is, you're probably mistaken.

One of the devs resyndicated via Planet Mozilla wrote a very nice series of posts called "Why email is hard" and dedicated an entire post to security which went into quite a bit of detail on that particular issue.

http://quetzalcoatal.blogspot.ca/2014/08/why-email-is-har...

Quotes of the week

Posted Mar 12, 2015 18:28 UTC (Thu) by ballombe (subscriber, #9523) [Link]

Moxie is conflating GnuPG, OpenPGP and his email client, as if they were a single thing. He also ignore the fact that gpg is more often used for authentification than for encryption. I find this quite troubling.