"Better Than Nothing Security"
Eric Rescorla has a great post reporting from the IETF on the “Better Than Nothing Security BOF.”
As I see it, this boils down to an understanding that paying for digital signatures is very expensive, while we’ve known for ten years that “keys are cheap.” (Thanks, Eric!)
The SSH folks got this very right: You connect to a host and remember its key. That’s cheap, and mostly works. You can decide to verify keys at a higher layer if you feel a need to. The IETF’s IPSec folks, in contrast, got it wrong. They want you to pay someone else to sign your keys.
The names being associated with this (“leap-of-faith” and “anonsec”) are incredibly poorly chosen, and will help keep IPSec from deploying. (Alternately, they’re well chosen by the enemies of the good — those who want nothing but the best, and are willing to be insecure until we get it.) If you’d like these to ever deploy, call them “local certification” and “persistent.”
Oh, and the cryptography list discussed this, too.
So when will the public be able to easily and cheaply adopt useful security technologies that cost next to nothing?
It would be great to see self-signed SSL certs and mail keys (if only for signing and not encryption)be used more commonly.
It does seem like the big signing authorities want to dissuade any notion that it would be acceptable to do so.
Opportunistic Cryptography is now Acceptable
Adam reports that Eric reports that the IETF has run its first meeting on opportunistic cryptography. Called “Better Than Nothing Security” the Internet protocol people are starting to get antsy about the number of attacks on unprotected sessions on th…