tag:blogger.com,1999:blog-17329179.post5068375056703288933..comments2023-03-11T04:32:02.122-08:00Comments on Email-Security: White House Seeks Comment on Trusted ID PlanEd Gerckhttp://www.blogger.com/profile/11500735527163002826noreply@blogger.comBlogger10125tag:blogger.com,1999:blog-17329179.post-9789084791358920372010-06-29T19:11:40.422-07:002010-06-29T19:11:40.422-07:00(reply to anonymous)Single technology is not singl...(reply to anonymous)<br><br>Single technology is not single provider. But this is not even single technology. We say "Many real solutions are possible, but they should all be founded on the idea that trust can be based on other factors, in addition to control or even fear of control."<br><br>And we also want to get specific, with a definite proposal, and that's why we propose ZSentry, which complies with the privacy/control considerations and adds some unique benefits including the "no target" property.<br><br>About how ZSentry solves the identity problem, including for first-contact and first-reply, please see <a href="http://zsentry.com/identity.htm" rel="nofollow">ZSentry Identity Verification</a>Ed Gerckhttps://www.blogger.com/profile/11500735527163002826noreply@blogger.comtag:blogger.com,1999:blog-17329179.post-22228035754926632942010-06-29T10:27:52.206-07:002010-06-29T10:27:52.206-07:00[received online]
so you are saying trust Zme? Si...[received online]<br /><br />so you are saying trust Zme? Single technology solutions make me uncomfortable.<br /><br />I read through your site and can see how ZSentry uses middleware to create a persistent connection between parties and encrypt data transfer, but I don't see how the identity problem (reliably tying an individual to a connection endpoint)is solved.<br /><br />(anonymous)Ed Gerckhttps://www.blogger.com/profile/11500735527163002826noreply@blogger.comtag:blogger.com,1999:blog-17329179.post-91138951141824651752010-06-28T08:47:36.137-07:002010-06-28T08:47:36.137-07:00[reply to Kynn]
>ZSentry is only part of a
&g...[reply to Kynn]<br /><br />>ZSentry is only part of a <br />>solution - it just does mail.<br /><br />It already does mail, webmail, IM, SMS, and secure storage (see site). And, remember those mail-fax gateways? Mail is just an STMP protocol -- at the end of it you can have anything you want: fax, even HTTPS in an Ajax window. I bet you could make it do FTP or anything you want. Maybe even IRC.<br /><br />It can also include elements in upper tiers, such as billing and ecommerce -- using mail, webmail, IM, SMS, fax, HTTPS, FTP,...<br /><br />so, where's the limit?<br /><br />> There are other solutions <br />> available that do more than <br />> mail, both free and paid.<br /><br />But there is no other solution available with the "no target" property, and others that make a real difference to reduce risk online and improve usability.<br /> <br />> Just like security theater <br />> though, how much does this <br />> accomplish? One solution I know <br />> the sender must receive <br />> permission from the recipient to<br />> send mail that will be received.<br /><br />PKI does that -- unless you have the public-key cert for the recipient and can verify the CA sig, no deal. It's not that useful and is often cited as one of the shortcomings of PKI ("where's your new cert?" and "I cannot validate your CA").<br /><br />The post office seems to me to offer a more natural paradigm to follow. It allows that but does it post-sending. So the recipient can decide at a later time, and does not impact the sender. This is the method used by zsentry.<br /><br />Best regards,<br />Ed GerckEd Gerckhttps://www.blogger.com/profile/11500735527163002826noreply@blogger.comtag:blogger.com,1999:blog-17329179.post-47136164587291481442010-06-28T08:40:33.539-07:002010-06-28T08:40:33.539-07:00[received by email]
Hi Ed,
ZSentry is only part o...[received by email]<br />Hi Ed,<br /><br />ZSentry is only part of a solution - it just does mail. There are other solutions available that do more than mail, both free and paid.<br /><br />Just like security theater though, how much does this accomplish? One<br />solution I know the sender must receive permission from the recipient to send mail that will be received.<br /><br />KynnEd Gerckhttps://www.blogger.com/profile/11500735527163002826noreply@blogger.comtag:blogger.com,1999:blog-17329179.post-36678724004187026832010-06-28T06:57:00.995-07:002010-06-28T06:57:00.995-07:00[in reply to A.]
Yes, and this is all automated.
...[in reply to A.]<br /><br />Yes, and this is all automated.<br /><br />And it can extend beyond ZSentry, where it can become more useful. For example, a person who has N>>1 address book entries created (in ZSentry, not disclosed) by successfully communicating over time with N diverse people (eg, as evidenced by IP and browser diversity) could be evaluated differently from someone else with just few and recent contacts.<br /><br />We also note that trust is a "slow" process. It must be earned. You see a counter-example in scams, where criminals like to add an element of urgency to win over the expected time factor that the victim may intuitively require. <br /><br />That's why in "successfully communicating over time with N diverse people" one of the non-conformance requirements is evident: if it all happens too quickly. These requirements are not willy-nilly but follow from the extensive work on trust reported in the reference cited, and others such as http://nma.com/papers/it-trust-part1.pdf<br /><br />Best regards,<br />Ed GerckEd Gerckhttps://www.blogger.com/profile/11500735527163002826noreply@blogger.comtag:blogger.com,1999:blog-17329179.post-44158846277464215312010-06-28T06:55:01.718-07:002010-06-28T06:55:01.718-07:00[received by email]
Thanks, I think I am getting ...[received by email]<br /><br />Thanks, I think I am getting a bit closer. I see elements of Web of Trust in your proposal, and also some ideas from social networking, because it seems like a person uses relationships established online with other people to bolster his or her assertion of identity. Is that right? <br /><br /><br />A.Ed Gerckhttps://www.blogger.com/profile/11500735527163002826noreply@blogger.comtag:blogger.com,1999:blog-17329179.post-69212211748492636752010-06-27T20:27:28.811-07:002010-06-27T20:27:28.811-07:00Thanks all for the interest. This is a reply to al...Thanks all for the interest. This is a reply to all previous comments.<br /><br />Yes, it is critical that the main visible point to users should be about <i>how to make non-conformance public</i> rather than <i>certifying conformance</i>.<br /><br />Not only there is then much less liability for the service, but the user is kept in the verification loop --as the user should-- rather than blindly rely on some sort of oracle. Also, in security terms, not only less attacks are possible but attacks are so not direct in creating an error condition.<br /><br />Of course, I am simplifying but you can go and try yourself for free. It can work directly from Gmail or Outook, or Apple Mail, or from a web browser doing SSL SMTP through HTTPS by way of ZSentry. There is no plugin or installation.<br /><br />And, once you have your identity through ZSentry, you can use it at another place through the ZSentry-SAML interface and you do not have to worry about your identity being stolen online. ZSentry uses its "no target" technology to protect your login credentials and keys, whereas the SAML-ized identity authorization does not carry them either.<br /><br />An important issue to solve, of course, is the problem of initial contact.<br /><br />The main point is that, try as you may, the initial contact does not happen in vacuum. One of the points, most likely the initiator (sender), must have a previous contact with a service (eg, the gmail account where the ZSentry or ZSentry-PGP mail is purportedly sent from). That service may or may not have the full extent of trust needed to be a trusted introducer for the needs of the recipient, but it is a point of trust that can be evaluated and used to contribute to a final measure of trust.<br /><br />Furthermore, the trusted introducer function provided by ZSentry does not need to be carried over forever. Much like a booster rocket, once the transaction starts, other sources of trust are introduced (eg, who do you know that I trust and can verify you by? What is your signed PGP key?) to the point that the ZSentry introducer function can be jettisoned without prejudice.<br /><br />The http://bit.ly/TRUST reference in the article has more.<br /><br />Best regards,<br />Ed GerckEd Gerckhttps://www.blogger.com/profile/11500735527163002826noreply@blogger.comtag:blogger.com,1999:blog-17329179.post-91058550745738210992010-06-27T18:07:06.521-07:002010-06-27T18:07:06.521-07:00[as received by email]
I said something on the ab...[as received by email]<br /><br />I said something on the aba list: that natural fears (of control etc) had not been admitted, qualified or addressed. Thus trust is not possible (since one has not provided a framework for the act of qualification).<br /><br />PeterEd Gerckhttps://www.blogger.com/profile/11500735527163002826noreply@blogger.comtag:blogger.com,1999:blog-17329179.post-81996325145575609822010-06-27T16:51:57.093-07:002010-06-27T16:51:57.093-07:00[as received by email]
Hi Ed,
It's been a wh...[as received by email]<br /><br />Hi Ed,<br /><br />It's been a while. How is everything going?<br /><br />Nice artice, as always. Your take on making non-conformance public is<br />interesting and thinking out of the box. It reminds me of a story I heard years ago. A group of elementary students was given a weekend homework assignment to prepare to recite the alphabet backwards on Monday. Al weekend the kids memorized - z,y, x, etc. Except one girl that just<br />played. Monday arrives and the kids in turn tried to recite thhe alphabet backwards. The little girl that played went last and she was very successful. She got up in front of the class and turned around so she was backawards and recited - a, b, c, etc.<br /><br />One of the biggest issues I see is places like IRC - where the hard-core (and otherwise) hackers hang out. Most people don't go there - IRC is too murky.<br /><br />Another issue - I assume (maybe incorrectly) non-compliance would be on a list of some type similar to a black hole list for spam. How many would actually look? If a user name - or other identifer was listed thatt person could just adopt another. The list can be endless. Some may find some<br />useful info, but I think most would not even look.<br /><br />I also think this is a much better idea than the present one discussed on IP.<br /><br />I was cracking up at your lime: Saying "trust me" should not make you trust me. It reminds me of a teenage boy trying to get somewhere with a girl - trust me was their line :) <br /><br />And: information on servers (even hosted at the Pentagon or FBI) - they get hacked too. The only really safe servers/workstations are those not connected to anythng else. But don't get me started on that or other security issues.<br /><br />A few years ago I read 'The Coocoo's Egg'. I think it was published in the 70s and a true story. The same stupid issues exist today. Doesn't anyone<br />learn?<br /><br />LynnEd Gerckhttps://www.blogger.com/profile/11500735527163002826noreply@blogger.comtag:blogger.com,1999:blog-17329179.post-78674977147824545502010-06-26T21:33:39.395-07:002010-06-26T21:33:39.395-07:00Ed,
Thanks.
It's all a difficult problem set...Ed,<br /><br />Thanks.<br /><br />It's all a difficult problem set to be sure, particularly since there are so many intangibles involved -- not to mention so much politics. But I think we're in agreement that the approach being promulgated by the white house this round is not a reasonable way forward.<br /><br />LEd Gerckhttps://www.blogger.com/profile/11500735527163002826noreply@blogger.com