[Freedombox-discuss] Using more than one security scheme

belorn belorn+freedom at recompile.se
Sat Jul 9 10:46:12 UTC 2011


There seems to be an implicit assumption where if one can not have one
"perfect" solution to security, then the alternative is to use none at
all.  Since perfection is hard to achieve, this approach results in no
encryption in many or most real-life cases.  This is something I think
FreedomBox could address so that communication between FreedomBoxes
are guaranteed to at least use best effort in regards to security.

This might sound a bit much like policy and very litte about exact
details on How To implement it, and it's not completely unintended.
When I look to find examples on communication security schemes, I take
a look at the browser.  Security in the browser currently means that
you either have a 100% secure chain of certificates (in the view of
the browser), or it will be clear text for you.  Added is an override
function with red blinking lights that allows a user to solemnly swear
that they trust a site. This does not mean the browser has bad
security implementations, but rather symptomatic of a view that takes
security as an all-or-nothing approach.  FreedomBox could do better.

Beside just trying to bring some attention to this, I would like to
add a suggestion.  It would be nice if the FreedomBox tried to apply
the best security it can do to any communication that gets sent
through it.  That means depending on what it has available, be it a
key ring, a social network with relationship driven privacy or
something else; it could make a decision on what the best solution to
security is for each separate connection going through the box.  If it
doesn't have anything better available, then opportunistic encryption
could be one of the lowest security solutions before anything falls
back on clear text.  It could also apply different schemes depending
on the application layer.  Mail could be handled differently than say
IM messages simply because latency might be of less importance.

A list should be made of services that FreedomBox will offer, and
their respective possibilities for security, and which services or
circumstances that can be adapted to use opportunistic encryption, etc.
What do you think?

/Björn Påhlsson



More information about the Freedombox-discuss mailing list