I am quite pleased to see Google's new option for Gmail to have your Gmail session in https by default. Basically, that means that the data communicated will be encrypted, rather than passed across the Internet in plaintext. Previously, and still, you could explicitly request an encrypted session by designating the protocol to be HTTPS in the URL, like https://www.gmail.com. To ensure your Gmail sessions are encrypted, go to your Settings and scroll to the bottom, and select the option "Always use https".
While there are performance penalties, I think that encryption is generally a good idea. In particular, I find it almost scandalous that Instant Messengers do not offer an option to encrypt your conversations by default. A popular IM encryption software suite, providing plugins for a number of messengers, is Off the Record. Of course, both sides need to be using it for the encryption to work (or how would the otherside decrypt your messages?), so that is a massive barrier to using it commonly.
One "feature" I dislike about OTR is deniability, which I probably don't understand very well. They do not employ digital signatures that would certify messages were from you outside of your current session. This is considered good, I think so that people cannot be held strictly responsible for forged messages purporting to be from them: hence deniability. I can see applications for it, but I think that, while I appreciate the privacy of encryption, I don't necessarily want deniability. I am generally responsible for what I do and say.
What sort of "performance penalties" are there? Slower load times?
ReplyDeleteThe deniability feature does seem odd. It would seem to me that encryption is all about ensuring WYFSIWYS (what your friend sees is what you wrote) and avoiding peepers and forgers. If you're doing that right, then why deny?
But maybe my understanding is less-so even then yours.
Key generation can take a while, cipher text can frequently end up larger than the plain text equivalent, and the encryption and decryption require mathematical transformation of the data that would otherwise not be necessary.
ReplyDeleteImagine if you're helping plot a rebellion against the Republic, or you're privately a controversial individual due to your beliefs or lifestyle and would be stoned to death if people just knew. First, you don't want anyone intercepting your communications, revealing your controversial and rebellious nature. But, what if the other end of your communications becomes compromised? It would be very bad if they could confirm that you are indeed the source of the messages. If the historical record of your dissidence could have been forged, you have a much better alibi. But somehow, I don't think Chancellor Palpatine will care. Alderon is so toast.