Marc Stiegler | 15 Mar 00:53 2012

Rich Sharing and Clusterken videos come to YouTube

As supplementary information for the RSA folk attending my talk on
Crowd Sourcing Access Control in the Cloud, I put up a web page with
additional documentation, including new youtube videos.

2 of the videos might be of particular interest here, in the aftermath
of my failed effort to persuade Jonathan to do some kind of access
control other than weakpasswords.

First is PubShare: an Example of Rich Sharing, at
http://www.youtube.com/watch?v=LJ8FPM1_uTA

which hopefully answers some questions on how you might use webkeys in
a full-up application. I believe the video articulates some of the
answers I was trying to give Jonathan better than the numerous
paragraphs I wrote: if a pic is worth 1K words, what is a video worth?
:-) As with most of these webkey apps I write, the question for the
audience is, how many clicks do you see that serve no purpose other
than security?

Second is Webkeys or Passwords: Which is More Secure?
http://www.youtube.com/watch?v=C7Pt9PGs4C4

Too often discussions of webkeys versus passwords sound like 2 kids on
the playground: Child1 says, "webkeys are better because they solve
problem X", and child2 says, "passwords are better because they solve
problem Y". No progress is possible  in kindergarten. In this video
passwords and webkeys face off in a simple (but perhaps still
moderately realistic) decision matrix, with multiple threats of
varying priorities, assembled in an actual threat model. This video
does not deliver the definitive answer, but it points to a direction
(Continue reading)

Toby Murray | 15 Mar 01:30 2012
Picon
Picon

Re: Rich Sharing and Clusterken videos come to YouTube

Trawling the other videos Marc has posted to youtube, I quite enjoyed
the following:

"Security Myth Debunkers: Can People Manage Fine Grain Privileges?"
http://www.youtube.com/watch?v=mjBG2r34jvo

(Best watched after the PubShare one.)

I particularly enjoyed how Marc fleshes out the "treat the UI elements
as graphical reifications of fine-grained authorities; then use your
already well-developed UI manipulation skills to manage those
authorities" idea.

Marc (and Ping, too) has long been advocating here for security UIs
that play to users' strengths, and harness their existing skills to
help them securely manage authority. (The powerbox is of course a
seminal example.) I found the above video a wonderful demonstration of
this principle.

Cheers

Toby

On 15 March 2012 10:53, Marc Stiegler <marcs@...> wrote:
> As supplementary information for the RSA folk attending my talk on
> Crowd Sourcing Access Control in the Cloud, I put up a web page with
> additional documentation, including new youtube videos.
>
> 2 of the videos might be of particular interest here, in the aftermath
> of my failed effort to persuade Jonathan to do some kind of access
(Continue reading)

James A. Donald | 15 Mar 04:57 2012

Re: Rich Sharing and Clusterken videos come to YouTube

On 2012-03-15 10:30 AM, Toby Murray wrote:
> Trawling the other videos Marc has posted to youtube, I quite enjoyed
> the following:
>
> "Security Myth Debunkers: Can People Manage Fine Grain Privileges?"
> http://www.youtube.com/watch?v=mjBG2r34jvo
>
> (Best watched after the PubShare one.)

One obvious problem:  Fine grain authorities are interesting only if you 
pass them around. Your browser and your email will cheerfully report 
these authorities to all and sundry, not knowing an authority that 
should be world readable, because you usually want as much audience as 
possible, from an authority that should not be.

To pass around authorities between programs written by different people 
with conflicting interests we need an operating system that is 
internally different from what we have, though look pretty much the same 
to the humans using it and the programs running under it.

To pass around authorities between people, as in the example given in 
the you tube video, we need a browser and email system significantly 
different from what we have.

Since a browser is an enormous chunk of software, need to somehow wrap 
the browser, so that the browser sees petnames for valued authorities 
that should not be known to the world, therefore cannot rat them out.

And of course, need to communicate securely with people: each person has 
to be represented by numerous write only authorities to his read only 
(Continue reading)

David Barbour | 15 Mar 06:10 2012
Picon

Re: Rich Sharing and Clusterken videos come to YouTube


On Wed, Mar 14, 2012 at 5:30 PM, Toby Murray <toby.murray-wzN9gXeOksgSiZgQ0OGTRA@public.gmane.org> wrote:
Trawling the other videos Marc has posted to youtube, I quite enjoyed
the following:

"Security Myth Debunkers: Can People Manage Fine Grain Privileges?"
http://www.youtube.com/watch?v=mjBG2r34jvo

That's a straw man argument, IMO. The challenges of `managing` fine grained privileges involve many related problems such as distribution, revocation, and awareness. 
 

_______________________________________________
cap-talk mailing list
cap-talk@...
http://www.eros-os.org/mailman/listinfo/cap-talk
Ben Laurie | 15 Mar 16:53 2012
Picon

Replacing passwords

People may find this of interest "The quest to replace passwords: a framework for comparative evaluation of Web authentication schemes"

_______________________________________________
cap-talk mailing list
cap-talk@...
http://www.eros-os.org/mailman/listinfo/cap-talk
Stiegler, Marc D | 15 Mar 17:50 2012
Picon

Re: Rich Sharing and Clusterken videos come to YouTube

You identify a number of threats in the critique below. While important, they are only some of the threats
that should be considered when comparing webkeys today to the other alternatives available today
(rather than to a more perfect hypothetical future world). I believe your criticisms approximately
align with the shoulder surfing and social engineering criteria in the decision matrix video comparing
webkeys to passwords. To the extent they are not, then they should be added as additional criteria. Even
then, it's not clear the result would compellingly argue in favor of sticking with passwords until we have
revamped the world to better support webkeys. Even if webkeys are currently only approximately equal, on
pure security criteria, to passwords, I think webkeys would win once you incl
 ude usability (zero-signon click and go) and functionality (rich sharing).

Ben Laurie's post on evaluation criteria for password replacements is a marvelous enhancement of my
decision matrix video. I'm still digesting it, but it looks like a better place to start to do a hardcore
decision matrix.

--marcs

> -----Original Message-----
> From: cap-talk-bounces@... [mailto:cap-talk-
> bounces@...] On Behalf Of James A. Donald
> Sent: Wednesday, March 14, 2012 8:58 PM
> To: General discussions concerning capability systems.
> Subject: Re: [cap-talk] Rich Sharing and Clusterken videos come to
> YouTube
> 
> On 2012-03-15 10:30 AM, Toby Murray wrote:
> > Trawling the other videos Marc has posted to youtube, I quite enjoyed
> > the following:
> >
> > "Security Myth Debunkers: Can People Manage Fine Grain Privileges?"
> > http://www.youtube.com/watch?v=mjBG2r34jvo
> >
> > (Best watched after the PubShare one.)
> 
> One obvious problem:  Fine grain authorities are interesting only if
> you
> pass them around. Your browser and your email will cheerfully report
> these authorities to all and sundry, not knowing an authority that
> should be world readable, because you usually want as much audience as
> possible, from an authority that should not be.
> 
> To pass around authorities between programs written by different people
> with conflicting interests we need an operating system that is
> internally different from what we have, though look pretty much the
> same
> to the humans using it and the programs running under it.
> 
> To pass around authorities between people, as in the example given in
> the you tube video, we need a browser and email system significantly
> different from what we have.
> 
> Since a browser is an enormous chunk of software, need to somehow wrap
> the browser, so that the browser sees petnames for valued authorities
> that should not be known to the world, therefore cannot rat them out.
> 
> And of course, need to communicate securely with people: each person
> has
> to be represented by numerous write only authorities to his read only
> queue, which ultimately means we have to represent people using Zooko's
> triangle.
> _______________________________________________
> cap-talk mailing list
> cap-talk@...
> http://www.eros-os.org/mailman/listinfo/cap-talk
Stiegler, Marc D | 15 Mar 18:25 2012
Picon

Re: Rich Sharing and Clusterken videos come to YouTube

It's a straw man argument to knock down a straw man criticism. There is a casual claim thrown out by people
(too often, by "security experts") who just want to shut off the discussion with the one-liner that "it's
just too many things". The reason I felt that this one-liner attack needed a one-liner riposte is that,
with traditional security mechanisms, the one-liner attack is legitimate, without even considering
the hard problems you raise. This has been proven repeatedly. My favorite example is still Java Web Start.
It cannot stop throwing dialogs at you long enough to let you get any work done. And it does not even pretend
to deal with distribution, revocation, and awareness.

The questions you raise are more serious issues and hopefully are addressed more seriously by the PubShare
video. 

One thing I wish I had time to build for PubShare is a better viewer of the descendants of one's authority. It
would be pretty easy to put a button on the page that would construct a list or tree view of all the entities
who received chained delegations that page as root. This would be a cool visibility/awareness
component. 

--marcs 

> -----Original Message-----
> From: cap-talk-bounces@... [mailto:cap-talk-
> bounces@...] On Behalf Of David Barbour
> Sent: Wednesday, March 14, 2012 10:11 PM
> To: General discussions concerning capability systems.
> Subject: Re: [cap-talk] Rich Sharing and Clusterken videos come to
> YouTube
> 
> 
> On Wed, Mar 14, 2012 at 5:30 PM, Toby Murray
> <toby.murray@...> wrote:
> 
> 
> 	Trawling the other videos Marc has posted to youtube, I quite
> enjoyed
> 	the following:
> 
> 	"Security Myth Debunkers: Can People Manage Fine Grain
> Privileges?"
> 	http://www.youtube.com/watch?v=mjBG2r34jvo
> 
> 
> That's a straw man argument, IMO. The challenges of `managing` fine
> grained privileges involve many related problems such as distribution,
> revocation, and awareness.
> 
Stiegler, Marc D | 15 Mar 18:56 2012
Picon

Re: Replacing passwords

This is a great list of criteria. It subsumes almost all the criteria in my little decision matrix. The 2
items I would want to add to build a really serious matrix would be a set of functionality criteria for rich
sharing, and representation, either as a mechanism for prioritization or as an additional criterion, of
the number of cyberthieves the threat exposes you to. I cannot help feeling that attacks like phishing,
transcontinental in the risk they expose one to, are much, much more important and worrisome than
shoulder surfing. I find the asterisk-filled password field, which leaves me clueless about whether
I've committed a typing error with my relatively-long passwords, to be a vastly greater usability threat
than security strength. Even if there is a dumb little checkbox I can inte
 rrupt my workflow even more to click to toggle off the asterisks, the hiding of my own keystrokes encourages
shorter passwords to minimize typing error risk. Does that really make us more s!
 ecure?

--marcs

> -----Original Message-----
> From: cap-talk-bounces@... [mailto:cap-talk-
> bounces@...] On Behalf Of Ben Laurie
> Sent: Thursday, March 15, 2012 8:54 AM
> To: General discussions concerning capability systems.
> Subject: [cap-talk] Replacing passwords
> 
> People may find this of interest "The quest to replace passwords: a
> framework for comparative evaluation of Web authentication schemes"
> 
> http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf
David Barbour | 16 Mar 15:57 2012
Picon

Cypherpunks

At the moment Cypherpunks seems to be forbidding access to the erights resources, including a document on Uni-tea towards which I had recently pointed someone. Can anyone here fix this?

https://www.cypherpunks.to/erights/


_______________________________________________
cap-talk mailing list
cap-talk@...
http://www.eros-os.org/mailman/listinfo/cap-talk
Norman Hardy | 18 Mar 19:46 2012

Re: Rich Sharing and Clusterken videos come to YouTube


On 2012 Mar 14, at 16:53 , Marc Stiegler wrote:

> As supplementary information for the RSA folk attending my talk on
> Crowd Sourcing Access Control in the Cloud, I put up a web page with
> additional documentation, including new youtube videos.
> 

...

> First is PubShare: an Example of Rich Sharing, at
> http://www.youtube.com/watch?v=LJ8FPM1_uTA

Good stuff.
I added comments under the horizontal rule in my page at
http://cap-lore.com/CapTheory/KK/Secretary.html
as a result of watching this video.

Gmane