Internet Security vs. Quantum Computing
One of the great scientific challenges of our time is the construction of a practical quantum computer.
End-to-end (e2e) encryption for email is hard. We know this from OpenPGP and S/MIME efforts with the main problem being around obtaining, installing, and exchanging keys.
End-to-end (e2e) encryption for email is hard. We know this from OpenPGP and S/MIME efforts with the main problem being around obtaining, installing, and exchanging keys. While there are a number of positive efforts to fix e2e encryption for email, it may take a while for a viable easy to use solution to be deployed and actively used. What if instead, we think more about what we want to communicate that needs to be encrypted and if a shift is needed to be open to new solutions?
Today with social media, we are trending toward texting and instant messaging as a default form of communication. We typically use these technologies for quick messages and some, like XMPP have e2e encryption capabilities already… but it could be better.
Wouldn’t it be nice to have less mail to manage? As we all know, quick messages and discussions are better suited to XMPP, SMS, or other IM related protocols. Using these technologies gets you away from managing an unwieldy inbox, and if it’s encrypted at the data level (e2e) you don’t have to worry about exposing that data.
XMPP already has Off-the-Record (OTR) encryption support, so aren’t we done? No, that would be nice. OTR is lacking some features and the crypto could be improved upon, but it certainly fits the bill for easy-to-use.
Developers and some XMPP working group participants have plans for new features and need to gauge support from the community. Improved e2e functionality has been proposed in IETF drafts in the past, but has not gotten enough attention and really could help us improve our e2e capabilities for messaging. Some of the features proposed include:
If XMPP were favored in cases when you prefer to have your messages encrypted, it may lessen the need for e2e encrypted email, shifting how we accomplish communication goals. For those unfamiliar, the XMPP protocol provides instant messaging or chat. Use of instant messaging embedded in other tools makes this a more accessible method of communication for every day users, that may not be technical, but want their privacy protected with encryption.
So you say OTR is good enough. Is it really? While I do use OTR quite often and am glad to have it, it doesn’t always work. An OTR session could break and send your text in the clear without forewarning. This could be a problem.
Not only that, file transfers (both meta-data and data) are also completely unprotected by OTR, without warning in most user interfaces. Along with many of the other protocols on this list:
A couple of highlights of XMPP extensions impacted:
all of which have the potential to leak personal information without e2e encryption.
What’s needed?
Interest expressed in this work with active reviews and contributors on requirements and proposals to drive work on end-to-end encryption for XMPP forward. This could be a game changer.
One of the great scientific challenges of our time is the construction of a practical quantum computer.
IETF Chair Jari Arkko explains IANA protocol parameters. To begin with, what are protocol parameters? What is the role of IAB? What is oversight? Who draws contracts at the IETF? What role does the IAOC play? How can you ensure that the IETF leadership works according to the community’s wishes?
La semana pasada, al hablar de Internet abierta para un evento de Gobernanza en Moscú, Jari se reunió con gente del Capítulo Rusia de Internet Society.
The upgrade to the datatracker UI mentioned in plenary at IETF 92 has just been released. This effort has been underway for more than a year.
Last week, while speaking about open Internet in Moscow for an Internet Governance event, Jari met with folks from the Internet Society Russia Chapter. They had recently made a translation of the IETF Journal to Russian!
Show all