[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: "Scruffies" vs. "Neats"
For whatever it's worth, my position fits into Tim's taxonomy pretty
well.
I think it's worthwhile to do enough to protect people from their
sysadmins, even if it won't protect them from the NSA.
The important thing is to take care not to create standards or large user
communities that will force more determined people to choose between
security and interoperability.
For example: a mail system that can only work with small keys ought to be
avoided; but a mail system that uses large keys and clients with crummy
random number generators ought to be deployed, if it has some significant
advantage (like user friendliness) over other systems that currently
exist.
A java mixmaster applet with a bad random number generator would probably
be the best game in town for most people. Is it good enough? No. But is
it better than anything that's currently available (in a practical sense)
to the typical ms-windows user? Yes. And that's enough reason to deploy
it.
Unix clients and the mixmaster remailer network are capable of providing
much better security to anyone who wants to pursue it -- the poor quality
of the java version doesn't impose a ceiling on other users. And a clear
path of improvements exists (ie., easy to use dos and mac native code
clients, or a better java applet) to pull the low end users up to where
the unix users are now.
Deployment is the thing that's going to make putting the genie back in the
bottle impossible. 10,000,000 people who use a flawed java implementation
of some crypto applet are still 10,000,000 people who are going to scream
bloody murder if crypto's banned. There is a lot of political value in
getting something out there, even if it's less than perfect.
(Incidently, I'd like to encourage more people to set up mixmaster
remailers. I've had mine ([email protected]) up for several weeks, and I
haven't had a single complaint or hassle from it. That's not at all what
I expected -- I figured people would be complaining all the time. If I
had known how it would turn out, I would have set it up a long time
ago.)