←back to thread

I read the federal government’s Zero-Trust Memo so you don’t have to

(www.bastionzero.com)
656 points EthanHeilman | 3 comments | 27 Jan 22 15:06 UTC | HN request time: 0s | source
Show context
upofadown ◴[28 Jan 22 13:04 UTC] No.30114043[source]
>Meanwhile encryption with PGP has been a complete failure, due to problems with key distribution and user experience.

Encrypted messaging has been a complete failure; there is no need to single out email. I suspect the reason is more or less the same in all cases. Users have not been provided with a conceptual framework that would allow them to use the tools in a reasonable way. If the US federal government can come up with, and promote such a framework the world would become a different place.

BTW, the linked article is mostly based on misconceptions:

* https://articles.59.ca/doku.php?id=pgpfan:tpp

replies(1): >>30115199 #
lolinder ◴[28 Jan 22 14:45 UTC] No.30115199[source]
> Encrypted messaging has been a complete failure; there is no need to single out email.

Can you elaborate on why you see it this way? WhatsApp has been wildly successful, my very non-technical in-laws use Signal for their family's conversations, and other messaging platforms are jumping on the bandwagon.

As far as I can tell, if we lose encrypted messaging at this point, it will be due to government action or corporate rug-pulling, not because it failed to catch on. Whereas encrypted email really hasn't caught on anywhere.

replies(1): >>30118104 #
1. upofadown ◴[28 Jan 22 17:58 UTC] No.30118104[source]
>WhatsApp has been wildly successful, my very non-technical in-laws use Signal for their family's conversations, and other messaging platforms are jumping on the bandwagon.

You only get effective end to end encryption if you can verify that you are talking to who you think you are talking to. Otherwise the people that are running the system can cause your messages to take an unencrypted detour and thus be able to read them. This is often called a man in the middle attack. Verifying identities normally means checking some sort of long identity number. Very few people know how to do that in an effective way.

For example: in a usability study involving Signal[1], 21 out of 28 computer science students failed to establish and maintain a secure end to end encrypted connection. The usability of end to end encrypted messaging is a serious issue. We should not kid ourselves into thinking it is a solved issue.

PGP in a sense is actually better here in that it forces the user to comprehend the existence of a key in a way where it is intuitively obvious that it is important to know where that key came from.

[1] https://www.ndss-symposium.org/wp-content/uploads/2018/03/09...

replies(1): >>30120029 #
2. lolinder ◴[28 Jan 22 20:37 UTC] No.30120029[source]
To call encrypted messaging a complete failure you have to demonstrate that the percentage of people capable of maintaining secure messaging is stagnant. As far as I can see, the opposite is true. It is easier than ever to establish and maintain a secure communication channel.

The Signal study showed that the majority of people were unable to understand Signal's security features, but not that the security model is broken. The question at hand isn't how many people are using it wrong but how many people are using it right that never could have managed to do so with PGP keys. If even 10% of Signal's users successfully maintain a secure channel, you're looking at around 5 million people, most of whom probably would not have been able to set up secure messaging without Signal.

Do we still have work to do? Of course! But that doesn't mean that we've failed in our efforts so far.

replies(1): >>30121311 #
3. upofadown ◴[28 Jan 22 22:26 UTC] No.30121311[source]
That assumes that usability is actually getting better. There is no evidence that this is the case from usability studies. This is not a new problem and we have known what is wrong for something like 20 years now. This isn't something I just thought of. See: Why Johnny Can't Encrypt[1].

[1] https://www.usenix.org/legacy/events/sec99/full_papers/whitt...

[1] https://people.eecs.berkeley.edu/~tygar/papers/Why_Johnny_Ca...