[lug] Usable security / cryptography / certificates: LetsEncrypt; Mathematical Mesh

Neal McBurnett neal at bcn.boulder.co.us
Fri Sep 9 20:32:34 MDT 2016


I was struck at yesterday's meeting at how many people were interested in information on managing certificates.  Usable security, Application Password Security, etc. has also been a popular topic on this mailing list, etc.  I guess we can thank Edward Snowden for much of that.  It is more interest in the field than I've seen in decades....

As I noted last night, one tool you should have in your toolkit is "Let's Encrypt", a new free Certificate Authority and set of configuration tools and advice from the venerable Linux Foundation, EFF and a host of gurus:

 https://letsencrypt.org/

Of course we've had a long journey towards usable security and encryption, while the context continues to shift.
I still remember in November of 1993 when I came to Phil Zimmerman's talk in Boulder on his cool new PGP program for the venerable Front Range Unix User's Group, and got him to sign my first PGP key.  But there were lots of hoops to jump thru, and many of those remain.  No wonder the paper "Why Johnny Can't Encrypt" was a classic.

The latest, coolest approach I've seen in that space is from Philip Hallam-Baker, a long-time security guru in the Internet Engineering Task Force who I've known nearly as long.

His project is the Mathematical Mesh, which blends a key infrastructure and a secure online profile (to help you authenticate and communicate from multiple devices). It is cool because he realizes a big part of the proper goal is to make it easier to get our multiple devices properly working together in general:

Some good context comes in this message from Phil:

 https://www.ietf.org/mail-archive/web/ietf/current/msg98085.html

A nice intro demo is on youtube:

  see Part 1: https://youtu.be/6vM6vxtQzGg
  and Part 2: https://www.youtube.com/watch?v=aXpEPsZOYOc

See also an Internet draft here:

 https://tools.ietf.org/html/draft-hallambaker-mesh-architecture-01

and it is all related to the earlier "Prism Proof" trust model:

 https://tools.ietf.org/html/draft-hallambaker-prismproof-trust-01

The latest exposition of it it all is in this talk from Hope X [Hackers On Planet Earth conference 10]
 https://xi.hope.net/schedule.html#-the-mathematical-mesh-and-the-new-cryptography-

He covers both a nice overview of evolving standards for security, and the mesh [starting at 22:10 or so].

Is anyone else engaged with this?  I guess the Comodo CA is funding it, but it is open source and unencumbered by any troublesome IP according to Hallam-Baker.

 https://github.com/hallambaker/Mathematical-Mesh

Cheers,

Neal McBurnett                 http://neal.mcburnett.org/


More information about the LUG mailing list