Re: [projectvrm] Do We Need an Alternative to HTTPS and TLS for Transport Layer Security?

[Peter Cranstone < >]

Dan,

The problem is adoption and user behavior - Govt.'s trump both of those. Whatever new standard/encryption scheme somebody comes up with would have to vetted by the experts and that would take years. Govt.'s have unlimited resources, the Patriot Act and the ability to pass into law whatever they need.

There is NO such thing anymore as Privacy/security. It's just an illusion. Unless you completely disconnect from the world (not possible) you can always be tracked. HTTPS doesn't stop anybody determined enough, nor does AES. We are all connected for better or worse - we should accept reality as it is, and look for new ways to allow consumers to be in control of the collection, flow and use of their data.

We need to stop thinking of ourselves as islands - the Internet connected every island and therefore to interact we must share - and for 99% of the time HTTPS is good enough. For those who want more privacy disconnect - but it's lonely world.

Peter

From: Dan Blum < "> >
Date: Tuesday, October 8, 2013 6:33 AM
To: ProjectVRM list < "> >, " "> " < "> >
Subject: [projectvrm] Do We Need an Alternative to HTTPS and TLS for Transport Layer Security?

After revelations of NSA's Bullrun exploits against commercial cryptography, I'm hearing questions from partners in the emerging personal cloud ecosystem about whether they should build alternatives to HTTPS/SSL/TLS into their privacy-enabling products. Enterprise security staff and individuals are also re-evaluating what products and protocols can still be trusted, and what to build into their long plans.

In the following post "Do We Need an Alternative to HTTPS and TLS for Transport Layer Security?" I share some brief analysis of this issue and also am looking for any comments.

Best regards,

Dan Blum

Respect Network

http://security-architect.blogspot.com

@danblumSS