[messaging] Multiple devices and key synchronization: some thoughts

Joseph Bonneau jbonneau at gmail.com
Sat Jan 3 08:15:06 PST 2015

On Fri, Jan 2, 2015 at 1:47 AM, carlo von lynX <
lynX at i.know.you.are.psyced.org> wrote:
> > In any case, I would advocate that any system needs to be flexible for
> > different users to choose multiple options based on their security
> > preferences. I suspect most users will want a simple baseline UI along
> the
> > lines of iMessage (or almost any other chat app) today, which is that you
> > can enroll any new device instantaneously with a username/password only
> and
> > no pairing protocol. I think if you want to design a mass-market system,
> > anything involving an explicit device pairing-protocol needs to be an
> > opt-in feature.
> Consider also the possibility that market logic may not work out as
> it never has in the past two decades since we "won" the crypto wars.
> If we let people always take the decision and opt for easy solutions
> humanity may never experience a secure Internet as they will always
> pick a compromised solution and mass surveillance will go on, to
> the detriment of democracy. Consider the possibility that the only
> way to create an Internet that respects the principles of democratic
> consititutions could be to put certain basic requirements of end-to-end
> security into law. http://youbroketheinternet.ortellg/legislation/
> <http://youbroketheinternet.org/legislation/> is
> about that, a law proposal for obligatory encryption.

I agree that a market failure often exists in which users genuinely want a
higher level of security, but are unable to achieve it because they can't
tell the difference between secure and insecure products (or secure and
insecure behaviors) and so they default to insecure products and behaviors
because they are usually easier. Essentially, this is a lemons market
(although not technically, since there is usually not a price difference
but a convenience one). This was proposed for information security at least
13 years ago in the original papers on security economics [1] and has been
widely discussed since then.

I think this is a helpful framing, and there are many actions to try to
reduce information asymmetry. For example, things like the EFF Scorecard
attempt to inform more users that certain products aren't secure, as well
as to try to convince large Internet companies not to tarnish their brand
with weak products. Libertarian/soft paternalism [2] can also be helpful,
in which users are nudged to better decisions through secure defaults.

However, I think it's also possible (and indeed common) to make a design
error by assuming all users have the same values as we do, or would "if
only they knew" and therefore we should try to force them into a high level
of security.

Personally, I think many users' desire for end-to-end security ends well
short of printing backup codes or running a pairing protocol that prevents
them from instantly using a new device. If this is required to use multiple
devices, I'm worried that the result will be a large number of users
signing up for some new cloud service which manages a single private key
for them and lets them fetch their messages from any device (using
passwords and HTTPS), at which point end-to-end security is gone.

[1] https://www.acsac.org/2001/papers/110.pdf
[2] https://en.wikipedia.org/wiki/Soft_paternalism
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150103/457a1ed0/attachment.html>

More information about the Messaging mailing list