Over in MozoLand, they have opened up a bug track on the problems with Extended Validation certificates, as their way of carrying out the debate as to what Mozo should do. Using bug tracking systems doesn't mean "EV is a bug," it just fits the process and culture of the people concerned.
As I'd commented before about EV, and hit on the liability issue as one big area, the following is a more clear description of the issue: possibly suitable for filing as a bug. I just find it easier to wax on in blog form when it reaches a certain level of complexity.
Classically and simply, the certificate business is one that promises coverage of some form for MITMs (such as phishing attacks) to Internet browser users (relying parties, perhaps), while charging server users (subscribers) for the privilege. It is structured as a systemic franchise, meaning a group of interlinked but independent business units such as CAs, server vendors and browser vendors, operating to provide a single cohesive service; which term I just coined to capture the lack of transparency and potential problems incumbent in that opacity.
In practice, the promise of "safe Internet browsing" is generally false, as evidenced by phishing. In particular, CAs more or less generally seek to reduce their liability to Internet browser users to zero, using a variety of tricks [1]. For example, in law, there is generally no liability if there is no contract or no specific legislation; so a common trick is for CAs is to hand out contracts that spell out that liability only exists if the crypto has been breached or other conditions that are statistically or security-wise irrelevant.
The new EV Guidelines may then be viewed on whether they improve on this position, from the pov of users and other stakeholders. Some comments follow that attempt to interpret/predict any new liability position that arises for CAs to browser users under EV [2].
The big picture within the Guidelines is at page 42. Here is my summary:
37.(a). CA Liability(1) Subscribers and Relying Parties.
A. If the CA is compliant with EVG, then it is not liable.
B. If the CA is *not* compliant then it may seek to limit liability.
C. But not to any lower than $2000 per customer.
So what we have is that if CAs did the "right thing," then they are not liable, but even if they did the wrong thing, then they are only liable for up to $2000!
Let's get specific:
1. We know that the average phish is around $1000. Many are more, of course, and some frauds have reached towards $100,000. Now, maybe we don't want to limit liability to $100k ... but something a lot greater than twice the average phish -- data which we know have for some 3 years -- would be somewhat more impressive.
2. It has been suggested that the base price of an EV certificate will be around twice the existing "best of class" cert. That is, around $2000 from Verisign.
So in effect, for any one customer, the issuer is likely only liable for the same amount as the monies which they have accepted, albeit from the subscriber. This happens to be a normal watermark in both contract and law anyway.
3. Even when phished, you aren't covered. If there is a flaw in the Guidelines, you're not covered. If there is a flaw in the browser, you're not covered (but see "Indemnification" for more confusion).
4. Only if there is an error in the CA's actions are you covered. This could be as egregious as issuing a summer madness discount package of certs for all the Banks in in all the Americas to the Russian mobsters... and the CA still may limit liability to $2000!
5. Further, there is no hint anywhere that CAs should take on an expected liability of $2000. This is not an insurance policy by any stretch of the imagination; quite the reverse, as the CA
may seek to limit its liability ... by any means that the CA desires ...
provided that the monetary amount is capped at $2000.
What does this mean in plain words for liability? Knock yourselves out, guys: Use all those old barriers and reduce the expected liability to zero. Just state that the monetary damages upper limit is $2000.
6. For one tiny example, the statement that CAs are not liable if they are compliant with EVG is simply that: a trick to reduce liability. EVG is no contract, it is simply yet another document to wave in front of the judge and make him or her want to clear this horrible case from the calendar.
7. For further small example, what lawyer will take on a legal case for $2000? US attorneys won't deal, and no expert witness will testify on your behalf on whether the CA made a mistake (yes, you will need expert help, unless you actually understand the Guidelines....). And, um, how many attornies do the CAs have call on?
8. Bottom line is that EVG has practically knocked out all possibility of an individual case. This doesn't exclude for example class-action cases ... but if that's the case, it should just say that, if there was any interest in serving users. It doesn't, and there isn't.
To summarise. There are some benefits on behalf of the user here. It is useful for users and courts to at least know that with EV certs, there is the admission of potential liability . And with pre-EV certs, there is no admission of any useful liability at all; nix liability, zero, zip, nada, m'lord. It can then be up to a court to determine just how viable these disclaimers and limits are.
It's also beneficial to put these above numbers in perspective. Try this free test: go to your favourite computer store, pick up any soho-grade UPS like an APS or a Belkin, and read the blurb on the box.(You don't need to buy to read...)
An uninterruptible power supply (in the US at least) carries a guarantee or warranty that claims that it will pay you for damages incurred if it fails to protect your PC. The limits are something like $50,000 for a $50 unit and $100,000 for a $100 unit. ('scuse flaky memory here ...)
Serious surge protection is needed about as frequently as lighting strikes hit your block. UPS manufacturers are prepared to cover you for the surges that fry your whole office, but EV issuers won't cover more than your laptop, and on past acturial bases, they're only paying out if you are unfortunate to be struck twice.
If EV and the authors get away with this tailoring of our Emporer's new suit, then these benefits are so limited, so measly, so out of tune with validated threats of the real world (phishing, etc) that no user, no subscriber, and no software vendor would be thinking rationally to pay for these "benefits."
The only business case here is is one of deception; in this case achieved by franchising out the decision of secure browsing to some august body that writes and talks well. A rational analysis, one that could see through the systemic franchise of confusion, would conclude that there be choices that are to the benefits of the users.
The first of which is to ignore the whole thing, as it delivers insufficient benefits to users. Whether users are offered a choice in secure browsing or not is certainly an interesting question; to date, the answer is Definately Not.
[1] For a wider but equally polemic treatment, see PKI Considered Harmful.
[2] Disclosure: I audit a CA, and in that act I have come across these and other problems with liability.
What follows is a long set of criticisms on the Mozilla draft principles. Like the original document, these are quite drafty; and also hypercritical.
That's because that's what is needed now: hard words. Agreement isn't much use; it is indistinguishable from aquiescence, ignorance, and real agreement.
The reason we do this is simple: because we distrust the words of the insiders. Not because they are nasty people, but because the systems are complex, the objectives aren't clear, and there is too much money washing around. Fraud is a 'when,' not an 'if.'
The alternate is opacity. Which means we outsiders can't see in. Which positively means that Mozo could do some tricky deals that wouldn't survive a skeptical public ... and it negatively means that deals that shouldn't survive will carry on to cause more and more complications.
I've been there and done that. Opening yourself up to scrutiny is painful, and it is more work. But sometimes deals that I've favoured have been shot down by outsiders, and in retrospect, they've been right.
So when I read this:
#8. Transparent community-based development processes promote participation, accountability, and trust.
what strikes is that *development* processes are to be transparent, but not other processes. So deals can be conducted in secret? Strike One!
#9. Commercial involvement in the development of the Internet brings many benefits; ...
Strike Two! "...brings many benefits" leaves out the essential truth -- that it brings many costs! How can we trust these principles when they are couched in such miserly touchy-feely words, evading the hard truth?
Don't be subtle. Be blunt. Benefits *and* costs, please. Which leaves us to consider:
... a balance between commercial goals and public benefit is critical.
Where in the mission or in the principles or anywhere is it stated that commercial deals are a necessary part of Mozilla?
Strike Three! Take a walk. There is no assumption of commercial activity; you chose it, now explain it.
Mozilla has a choice. It can live off donations (which are listed in the financial report, the top 5 donors all being named, thanks to IRS rules). When it chooses to accept a commercial deal from Google, and participate in their mission to swallow the whole earth, or with Yahoo, and participate in their mission whatever that is, then it behoves Mozilla to explain to the user base why this is positive, and why this is negative. And how Mozilla has protected its user interests, positively.
Not the other way around. As written, these principles do not surface the core dilemma that Mozilla may be able to do more good towards its mission if it accepts commercial deals.
Which begs so many questions that go unanswered: who chooses? who benefits? Where did the 54 million go? What did I personally pay in accepting the stealth search deal? Are they tracking my queries? Does Mozilla know what it has done?
The reason they aren't answered is because they aren't admitted in the principles, which is reflective of what you admit to yourselves.
So Mozilla should be looking for ways to improve that. Looking at the published accounts for 2005, there was some $54 million flowing through, which equals a whole lot of potential for trouble. Ask yourselves this: how are you going to be keeping your eye on principles when you find the first scam diverting funds within?
So there is a massive need for scrutiny. Who is going to be able to push the CEO out for authorising nefarious things, as happened recently at HP, more or less?
There are many ways to do this; but they all involve opening up to outside scrutiny. That's the first emotional barrier to deal with.
#4. Individuals’ security on the Internet is fundamental and cannot be treated as optional.
Basically, we as a discipline do not have a good view of what the word security means. For every definition, there are people who firmly believe that it's wrong, and can show it. So in a sense, this might backfire and further entrench today's definition, whichever it is.
In one sense, resorting to the *Individual's* security might indicate that Mozo will look at what hurts users most: phishing, spam, OS viruses, dodgy sites, etc. Which seems a good idea, but see below.
I think the best we can say is that the more people put security on their agenda, the more likely it is that progress might be made. But you can only really put it into the Principles if you care to make it stick.
Which indicates a weakness: maybe, if security is still a difficult area in Mozilla, then it should be taken off the list, until it is resolved. Do you or do you not want to have a security mission? Is it something special that you do, and you go all out for; or is it something you do to a "general standards level," no worse, but no better than anyone else?
You don't want something weak and limiting to hold you back.
What to do? Should Mozilla prepare a new set of principles? Not worry about it too much? Leave the USA and encamp to Switzerland?
This gets us into the area of asking just how far can we rely on Mozilla to protect us. Recent admissions from Skype, by way of example, have indicated that they can breach the security of their phone calls. Can Mozilla breach the security of some of their products? Would they? Do they have an established and documented procedure to deal with this?
So, although the principles are full of comforting words, what I don't see is anything that helps me determine how Mozo deals with the real hard questions. E.g., reporting on Chinese dissidents, or reporting on Iranian bomb-making plans encrypted in Thunderbird email? Does it make a difference if they are their dissidents or our terrorists?
Or consider the slippery slope of Paypal. Look at the list of things you can buy now, or auction on eBay. It's a disaster for the public mission, and it's a story that will have Mozilla's name on it, one day.
#1. The Internet is an integral part of modern life ...
No, not quite. It is only prevalent in the 1st world. Basically, the rest of the world (worlds 2, 3, and 4 depending on your geopolitics) hasn't yet got to the point of integrating the Internet.
Now, it may be that Mozo simply isn't in that business, in the same way that the Gates' and Soros' Foundations are. However, Mozo should be careful to a least be aware of how these principles are perceived outside their bailiwick.
I recently looked at how to extend security systems like classical CAs into poor countries. It was very tough because those countries can't afford classical identity systems, and the CA world prays at that church. Suffice to say, it was possible, but one needs some extreme mental judo to do it, and the system needs to be well tuned.
There is no criticism intended then, in focusing on only those with incomes to pay for 1st world standard laptops and 2 mobile phones. But let's be aware of our focus, because as time goes on, it trickles down and outwards.
Considering that the Principles project (like so many others within Mozilla) was conducted internally, we can immediately identify the most powerful stakeholders: insiders. Then, we can identify the weaker stakeholders as those who were left until the draft was complete. That is, the users.
Is that right? In both senses of the word...
Further, it may be unpopular, but there do exist other stakeholders. By way of example: CAs (a topic of much currency because of the polemic EV story), the legal process (courts, LEOs, civil suits, etc), foreigners versus those who are not foreign (the term becomes harder to define with every new political revelation), independent programmers who volunteer their efforts, dependent programmers who are volunteered by corporations, the very corporations who pay for the deals, the NGOs that do some good and useful work that want help (here I'm thinking of the "access" projects that FH pursues).
Etc etc; the list of potential stakeholders is very long. Which leads us to their conflicts:
A critical first step is to identify the stakeholders. Then, identify which are yours. Principles 2 thru 5 speak to the individual. I would guess that you want to state that your primary mission, above all else, is to serve the individual on the Internet.
If so, say so.
Then, with a clear conscience, it will be easy to deal with the conflicts of dealing with corporations, governments, etc, all those who do not have your stakeholders as their mission.
If so, make them more certain. More principled.
a. Not this:
#2. The Internet is a global public resource that must remain open and accessible.
That doesn't identify the crux of any pledge; because if it fails to remain accessible, then it wasn't our fault.....
For anyone to treat it seriously, It has to be something like:
Mozilla pledges to keep the Internet a global and public resource, open and accessible to all.
If you believe in something, then stick your neck out. Failing to achieve what you believe in is far more honourable than succeeding to avoid the blame for something you might or might not have said.
These principles are full of wishy washy stuff, that makes me think that the air in California is just nicer and less invasive to our thought processes.
b. Consider #3:
#3. The Internet should enrich the lives of individual human beings.
That is soooo.... pre-Netscape! Where were you guys when they made the commercial browser?
The Internet is a shared space for all -- be they humans, corporations, NGOs, dissidents and freedom fighters, criminals & terrorists, governments, both good, bad and atrocious.
If you mean that Mozilla concentrates on the enrichment of the experience for individuals, and *not* the commercial interests of corporations, then so be it. Say it. But you'd better explain then why you take $54m from corporations, and nothing from people. And, please *identify* who your core and leading stake holders are.
Or, if you mean that you'll enrich the success rates of various terrorist or criminal elements, in order to empower their individuality and spread the enlightenment, then please explain how we deal with the due process of the law. Start with how you reject the NSL ...
Which all goes to say that putting in a wishy washy "principle" might be really useful to get "consensus" and "bring us all together" and make us "feel good about ourselves" but nobody else will believe it, and even your own people won't pay attention to it after its put in place.
But it sure makes it easier for idle critics to idly criticise.
c. Same with #4. Either sign up to protect the Individual's security, and actually do it, or take a number. Get in the queue.
You can blather on in press articles to your heart's content, behind Symantec, Microsoft, Oracle, Sun, the airlines, and other snake-oil salesmen. Nobody believes your words nor theirs about security any more.
In the new world of security, only actions speak.
d. Ditto with #7. If you believe in open source, then do it. Say:
We only do free and open source software.
Let others waffle on about why, and what the precise term should be.
Delving into vague goals of common good is generally not a good idea; smart people can abuse it and generally do so. It is far better to select a group and serve them than to serve a false god of a political ideal. Too many wars have been fought over capitalism versus socialist, christianity versus islam, representation versus taxation, freedom of speech versus right to live without fear of intimidation ... and it seems unwise to be diverted into those.
Unless you are absolutely sure. Then, make it your core. If you believe you are going to protect freedom of speech, above all else, then say that. If not, then don't.
Serving a browser alternate to the user public is a good enough mission without colouring it with such vagueries as enrichment, public benefit, etc etc.
#8. Transparent community-based development processes promote participation, accountability, and trust.
Right, but that's not what happened, is it?
a. Firefox was written *after* that process failed. It was written by one guy or two guys, in frustration. Then another, and another ... but they joined *their* process, not some open blah blah feelgood exercise.
Details of course are disputable but concentrate on the big dilemma here: your mission is to deliver the choice in browsing, etc. While as a principle, you promote open processes to enable that mission, there are exceptions.
b. Which brings up a clash: mission versus principles. To my mind, the mission must come first. The principles come second. Where the principles get in the way of the mission, the principles are dropped, at least temporarily.
So this entire document should headed with the Mission. And the priority should be clear.
c. The original browser author(s) was right, of course, to go way outfield and start again. You need to accomodate all successes, in their time and place, because the mission says that delivery is more important.
This is called "the internal marketplace" in business speak; which probably grates. But, think of your mission, not your politics.
It's also an essential hubris -- encourage your own principles to be hacked. Because, at the end of the day, the individuals are opinionated, but the delivery is what counts.
Well, that was long, wasn't it :) It is slight but ignorable coincidence that there are 10 criticisms for 10 principles. The most important thing is that this is a process, and this is now open. Let's get stuck in; the result can only be better.
Visa and Nokia have taken the wraps off their handset-based payment system. Details of workings are unclear:
The wireless standard that will link mobile phones with payment systems in stores and elsewhere will be the near field communication (NFC) chip, which will be hidden under the phone cover and makes contact when swiped over a reader.
Visa being involved means it is likely to be tied to a classical Visa card, with billing backed into the existing system.
The initial version of the mobile payment platform, which launched on Monday, offers contactless mobile payment, personalization over mobile telephony networks, coupons and direct marketing. Subsequent versions of the platform, to be made available later in the year, will include remote payment--also using mobile telephony networks--and person-to-person payment.
What is perhaps more interesting is that Visa are floating themselves as a public company. This cuts the direct tie with the banks, which in the past owned Visa (and Mastercard). So now, we can expect Visa to be (a) not a bank, and (b) not regulated by the ownership method.
Which will leave Nokia in a more confident position, as it will be Nokia that has the final say on what goes on its phones.
It's yet more evidence that the payment function is gradually moving out of the banks' sphere of influence, alongside the exploding retail gift card issuance and the slow recovery of interest in net-based payment systems.
The push to rethink security is gaining momentum. Last week I posted the abstract of pending keynote from FC2007, which commented on the desire to let the bad guys direct your security thinking. This week, I see a curious remark concerning Bruce Schneier in a DDJ article, who's been seen more and more around the economics circles:
His latest work is on brain heuristics and perceptions of security, and he'll be doing a presentation on that topic at the RSA Conference next month. "I'm looking at the differences between the feeling and reality of security," he says. "I want to talk about why our perceptions of risk don't match reality, and there's a lot of brain science that can help explain this."
I await with interest, because although I am skeptical, I find I can't dismiss it and it is a new direction that at the least may make us think about the possibilities. There is some support for this from the economics of irrationality, an emerging view in economics that suggests that rationality has been overdone, and irrationality, somtimes a.k.a. emotions, plays more of a part than we think. From the Economist report on tests of price versus product decision making:
The researchers found that different parts of the brain were involved at different stages of the test. The nucleus accumbens-known from previous experiments to be involved in processing rewarding stimuli such as food, recreational drugs and monetary gain, as well as in the anticipation of those rewards-was the most active part when a product was being displayed. Moreover, the level of its activity correlated with the reported desirability of the product in question.When the price appeared, however, fMRI reported more activity in other parts of the brain. Excessively high prices increased activity in the insular cortex, a brain region linked to expectations of pain, monetary loss and the viewing of upsetting pictures. The researchers also found greater activity in this region of the brain when the subject decided not to purchase an item.
Price information activated the medial prefrontal cortex, too. This part of the brain is involved in rational calculation, and is known from previous experiments using trading games to be involved in balancing the expected and actual outcomes of monetary decisions. In this experiment its activity seemed to correlate with a volunteer's reaction to both product and price, rather than to price alone. Thus, the sense of a good bargain evoked higher activity levels in the medial prefrontal cortex, and this often preceded a decision to buy.
OK, but that's economics and in particular behaviour during buying. What's that got to do with security? Maybe the link is that which I speculate on in the market for silver bullets; in that model, I claim that the buyer and seller knows less than needed to make a rational decision (classical 2x2 description). Then, silver bullets arise because silver bullets act as rational signals shared across the market place. (You too can speculate in the FC++ edition.)
What I glossed over was the mechanism by which each device is selected for the hallowed status of silver bullet -- I felt that the means was less relevant than the result. However, maybe economics, psychology and brain patterns can tell us something about how this happens:
His hypothesis is that rather than weighing the present good against future alternatives, as orthodox economics suggests happens, people actually balance the immediate pleasure of the prospective possession of a product with the immediate pain of paying for it.
If you read the entire article, you like I might ponder if we can avoid pain and pleasure when testing innocent victims with boxes of chocolates?
A new blog on the block: Tom Greco of Reinventing Money fame takes a few tentative steps. Here, he raises an interesting definition of when a currency is issued:
A currency is not issued until a buyer offers it in payment and a seller accepts it in return for real value. Merely distributing notes to potential participants does not constitute issuance, but only distribution. Notes are not issued until they are first spent into circulation. When accepted in payment, there is an agreement to reciprocate. That agreement may be either explicit or implied, preferably explicit and precise.
That's an interesting distinction; a contract only achieves the status of an issued right when it trades between buyers and sellers. Which means many of the lesser and flawed contracts that I've mounted on servers over time aren't really issues; they never traded, even though they were minted.
Tom is author of Money: Understanding and Creating Alternatives to Legal Tender (PDF), one of the more serious books on alternative views on community credit, and he is also a persistent scholar of E.C. Riegel, an early 20th century economist who hammered out much of the thought in community currencies and indeed the theory of money.
From Epayment news:
Jan 11 2007 : RSA Security says it has discovered a phishing toolkit which is being sold on Internet fraudster forums. The so-called "universal man-in-the-middle phishing kit" enables sophisticated "next-generation" attacks against banks and e-commerce sites, the U.S. Internet security firm says.
Funny, that's more or less what we reported nearly a year ago.
Someone reveals one of the insider secrets about Gift Cards:
According to the research from TowerGroup, consumers purchased $80 billion worth of gift cards in 2006. Of that, $8 billion will never be redeemed.
Yup. Hard numbers though, and I suspect the figure is higher.
Also, a couple of hollywood-file-sharer love-in notes:
Leslie Moonves, president of CBS Corp., and Robert Iger, chef executive of The Walt Disney Co. both gave keynote addresses this year that emphasized cooperation between studios and device makers."If you asked me two years ago, did I want Disney in the keynote? No," said Gary Shapiro, chief executive of the Consumer Electronics Association, annual sponsor of the CES show. "Disney was the poster child in Washington for the most anti-technology company there was."
What is to happen in the coming year?
(Apologies for being behind on the routine end-of-year predictions, but I was AFI -- away from Internet -- and too depressed with predictions to make the journey. Still, duty calls!)
In echoes of the Sony versus Cuthbert mess of 2005, it all adds up to: "it's OK if you can get away with it," a message much reinforced by politics. There are no rules you can rely on, and everyone struggles to keep up with the results.
For this reason, I dub 2007 the year of the platypus! What more confabulated animal is there than our world?
The crying direct need is for such a product or process in employment processes. That's old news given Michael Spence's seminal work on signals about 30 years back, but what is curious is why nobody has really stepped in to look at it? A serious idea for b-school types or economists? How do we get away from Spencarian Signalling and put integrity back into employment interviews?
Some evidence: an open phone, this phone called me on Skype, a Cordless phoneset delivered with Skype, and today's news: Apple's iPhone does wifi and runs OSX.
Expect cellphone cross-over to wifi as routine by the end of 2007. The ability to redirect calls to the net dramatically changes the competitive position of the telcos, and the open platforms make software development a low cost reality.
Why do I say that? "Been there, done that!" Chat goes with payments like Molotov with cocktails, Eddy with Patsy, Blue with Danube, but to see that you have to see the full design. The blue touchpaper has been lit, stand well back.
This is very significant, historically. Very Very Signficant: it is the end of the central bank monopoly on the control of issuance of money. As CBs are no longer the only issuers of money, we can historically mark the 20th century as the century of central banking, and the future is now refreshingly open.
Of course, we will see much hand-wringing and bemoaning of the lack of control. Also a stream of pointless and annoying regulations, audits requirements, quasii-bank statii and what-have-you. But the genie is out of the bottle.
And, it is also important to remember one of last year's very significant events, something so awesome that I never wrote it up on the blog: the Nobel Prize for Peace was awarded to Mohammad Yunus and the Grameen Bank. The significance of that event to financial cryptography is simple: their work is FC work, they just did it without our help.
The reason I know this is because around 2001-2003 I was involved in a company that tried to do it. The application epitomised by Grameen Bank, financial lending from large western sources to small 3rd world borrowers, is pure FC at its finest. (As RAH would say, of course, you can only do it with a system that shows 2 orders of magnitude savings in costs.)
This doesn't mean the end of RIAA raids and other dirty tricks. The war goes on, and battles will still be fought to keep the lid on territorial submissions. It also doesn't mean the end of cash cow economics. But it does mean lots of experiments ... on both sides ... as IP owners loosen their control on their property and p2p entrepreneurs get to grips with business models.
a. It's because Microsoft didn't understand the core weakness of security: marketing comes first. There is now sufficient evidence that they've allowed marketing to take over and drive fundamental architectural decisions which clash with security requirements we were promised. Specifically, they prayed to the false god of DRM, and the god took them for a ride. It is also the god of perpetual mirth, notching out Bachanus for hilarity. Contrast with Apple's approach, if you still aren't seeing it.
b. It's because the industrial criminal sector migrated through the easy ones and are now adept at the sophisticated ones. They can now take on new opportunities faster than responses. MITB is "game over" unless Vista is more secure than the market place will accept. Microsoft is stuck between a rock and a hard place; BCG says "cash cow."
c. It's because the economics of the OS has shifted. The third world cannot afford those prices, so they will go Vista if they can steal it, or Linux of they can't (which means they can switch easily to Mac when they can afford it). Given that most all growth is in non-1st world markets, that's kind of important to the overall game plan. Again, another rock and hard place for Microsoft.
z.b. Mac OSX and Macs will continue to acquire "all" real growth in marketshare in the 1st world, where people can afford it. Microsoft may see a buzz of pent-up activity burst through on the release in Vista, but with discouraging real take up, where it counts.
z.c. Linux up. *BSD stable or down, but up if we include OSX. Better if they can keep up their reputation as being the serious man's free Unix, the professional's alternative to Linux. Worse if they don't keep up with the application install blues; perhaps they should look at stealing Apple's pkg system.
z.d This will add costs to software developers as they are forced to support more platforms, but will also improve the overall security through diversity and also the recovery of competition. This might become the way consumers pay for security, who knows?
That's it, folks! Have a happy if confused year, evolutionarily speaking.
Preliminary Programme for "USABLE SECURITY 2007" which is colocated with FC2007 below, again in "title-only-peer-review" mode.
An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks WSKE: Web Server Key Enabled Cookies (Panel) - The Future of Phishing Usability Analysis of Secure Pairing Methods Low-cost Manufacturing, Usability, and Security: An Analysis of Bluetooth Simple Pairing and Wi-Fi Protected Setup Empirical Studies on Software Notices to Inform Policy Makers and Usability Designers Prime III: Where Usable Security and Electronic Voting Meet (Panel) Building Trusted Systems: Does Trusting Computing Enable Trusted Systems?
Click to vote your interest: https://www.usablesecurity.org/accepted.html
(Ha! Finally someone else who supports encrypted web browsing. Hey, guys, can you fix the links so that they are relative and keep people in HTTPS?)
Canny financial cryptographers will spot the bombshell in the first and last comments of the article mentioned earlier on Skype. Read those paras first (look for "payment") and come back, as the rest won't make sense.
Skype are adding payments. I may as well now reveal that we brave cryptoplumbers at Systemics built this over the period 2001-2004. (Ooops! I already revealed it.) It took about 3 years to do, as the 6 week "summer edition" by Edwin Woudt proved a need to re-jig many fundamental parts of the SOX & Ricardo architectures. The rewrite (started by Jeroen van Gelderen and Edwin, finished by yours truly) worked, and the chat part worked so well that I can predict that it would be addictive if we ever fielded it. (Why it is not fielded is your mystery and our loss.)
So what's special about this? Someone else figured it out: Skype. They are in the process of implementing Payments over their infrastructure, which means it is no longer necessary for me to keep quiet about this innovation. We've been overtaken, so I may as well reveal all.
FTR, we implemented chat over a payments system, whereas Skype are implementing payments over a chat system. If constructed as a core FC application, the result is indistinguishable, for reasons that I am slowly writing down in many parallel documents. I continue to develop the underlying infrastructure in my spare time, as well as document the core concepts, and you have already read many of the facets on these pages ... but the absence of the whole story should give you a hint as to why this is not a fielded app.
The big picture is this: integrated chat & payments is huge. Immense. It has the potential to be if not the next killer app, certainly the next killer integration. I can show this by analogue: in your last 10 payments, how many messages did you send to your counterparties? Chances are, at least 100. Ergo, the message that carried the payment is the least of the protocol known as trade.
Trade is a chat application (with a payment message thrown in somewhere around the end).
The big question for those who appreciate this and are at this minute going long on Skype is ... can they do it? Here's my answer: Yes, if they take small baby steps, then they may avoid the many bear traps of financial cryptography. That is, they at least have the track record for doing this in lower layer terms, and if they don't rush it, they'll pick up the hard higher layer lessons in time.
Can others do it? Not a chance. Skype have the field fully open. Google, AIM, Jabber, and that MS thing (I don't use it so don't know what it is called) are so unsuited to the financial cryptography needs of chat plus payments that they haven't a chance. To be honest, it will probably require dramatic changes in Skype's architecture too -- the difference is that they have *enough* in place to show they can pick up the rest, and survive the transition. The others have no chance, IMO.
Even though I failed to deploy this and am competitively annoyed, it is a joy to see these things evolve and for others to pick up the baton. Go skype! What others should bear in mind is that this is an A-grade FatBoy BombShell, for reasons that can't really be explained in a simple blog post, but will be seen when and if Skype deploys it.
If they falter, we have to wait for the next time.
Some good articles on how to do security. Firstly, the Security Bloke at Skype talks.
And secondly, someone in the USG reveals willingness to "know thy enemy," something generally out of favour in bureaucratic circles, and so immoral in some that it's probably illegal.
I've written before about the necessity to understand the conundrum of the hacker as essential to our security.
That is .. without actually endorsing the actions of our enemy, knowing him is your only way forward to victory. That's also the message at the end of this article, which while full of contradictions like "throw out your prejudices" and "trust your gut" it did have some good thoughts.