it
or
so and stuff
i work at red hat
and i've been involved in brno now i think seven years
what really draw to be known is the focus on making stuff usable
and for me that's the paradox between security and usability there often at once but
i like the challenge of making them
work together
we're the first cover some abstract concepts or some principles
that you can apply when writing security features in your software
and
then some
examples of how we are implementing in applying those principles
or in a cover a bunch a different topics so feel free to interrupt if
you want if you want to get your question and while we're on topic i
might tell you that it's gonna be answered but no loss there
so
when working with security we have or just in general as developers we often have
this abstract concept of the user
as mystical being
and it as security guys we kind of sometimes
shake our heads at the user
you know it's clicking on stuff is not supposed to clicking on right installing should
be software and falling for fishing and so on and so forth
well we kind of failed to remember
but the users a human
humans are intelligent fun creative crazy
but they're usually overwhelmed
because
our lives are full of all sorts of information
full of choice in the world today
we have to choose between all sorts of little things and then comes
no and forces
these poor humans to choose between more choices
they may be possible they may be capable of learning about security
but
realistically they're not going to
this we have to understand the user their nature
this is one of the fundamental things we do in our daily lives we filter
out extraneous information costly being bombarded by massive amounts of information and just even while
doing mundane things work constantly filtering out the stuff we think we don't need
we should not be surprised when the user ignores something that we wanted him to
see
there's a lot of discussion about that we've all
been involved in this discussion freedom is not people to choice
freedom is equal to match the choice
freedom is equal to the choice to choose
you have to be able to choose the software you run on your computer you
have to be able to choose
to modify you have to be free to do these things but you definitely don't
wanna be
micromanaging all the tiny choices that these tools are supposed to be doing for you
sometimes users think they want choice probably really want as much a choice
so
if you force the user to be part of a security system
they're gonna have a really bad time
a as the professionals writing the software whether we feel maybe we know all the
details are not we are better equipped to make a security decision for the user
then the use of themself
and just like a doctor sometimes doctors get frustrating "'cause" they present you all these
different possible remedies or possible ways to treat you know let's you might have and
there if you see involved make a choice you know it's up to you have
to doctor what would you do
well it depends on each situation is different and sure there is a sometimes you
want to professional
to make a decision or to make a strong proposal strong
decision you can choose to reject that decision that's about a choice there that you
want
that's
from a professional like one of us
in general this should be our goal like in the security feature the user has
to identify themselves have to know who they are if we could do that automatically
we probably would
but
sadly we're not there yet so you have to use a for password or something
to improve that they are
right but after that
we shouldn't
interrupt the user with security questions insecurity decisions
now there's a different kind of user profession of
these professionals use different tools
the
duh
that is how
and so they use different tools
they look inhuman when they're doing their job actually
professionals have alert how to reject part of humanity essentially to be specialised and do
one thing really well
but we can't forget that even professionals when they go on to something else
they don't wanna micro manage the rest of their lives
even someone who drive the fire truck for a living with a massive console full
of all the buttons many which you know you have to learn and be trained
to use that thing drive home a normal car right and he won't want to
draw the firecracker i mean pretty basic stuff
so given that
one is the worst possible time to ask the user a risky question to make
a risky decision
when they're trying to do something else
that's the worst possible time you're gonna get results that are worse than random chance
if it's something is really truly going well let's say someone is attacking the user
and something is going wrong and they get a problem
the chance of them making the right decision there and not just clicking through and
ignoring it or whatever if you just did a fifty you probably be better than
what the right so
so we just to our first
max and problems are dubious
if you are coding a problem for you see a problems looking at you know
for yourself are you factoring something there's a problem there regarded with suspicion
do you actually need to prompt the user and this goes across the board i
mean sure the technology we have sometimes requires that's the problem maybe to save a
file or something we really
we don't want that like
our end goal should be to get rid of yes no problem toward the equivalent
stuff
but taking a step further security problems are wrong
sure sometimes you have to prompt for a password and that's an identification problem right
you're asking use it identify themselves and unfortunately passed first is one way we do
that
but in general a question about security like do you want to continue
you wanna ignore this bad certificate all those exact all those things will cover some
examples later they are wrong almost ninety nine percent the time
and if you can the user tries to make that permanent you're adding insult injury
basically say okay fine go ahead they can choice alright
we're actually doing that forever now ridiculously
alright so here's an example
we all sing this
and the user is really ill equipped to answer this question i mean completely unlike
what
there are very few people
you can answer this question correctly
there's another example
i don't even know what is going on here what's offered be i can't even
as a security professional cannot answer this question correctly just gonna
exactly
here's another example i mean i could go on and on with examples i mean
there so many examples
so it's just game over you lose
alright stop interrupting so what we do instead of interrupting
we let the user express their intent
what they want to do
and then we make a decision based on
so
yours volume you some examples of this to get you thinking
there's a principle to apply
figure out what the user wants to do design so that he can expresses intent
during the task is trying to do and then don't problem with random problems either
confirming or whatever right
so we heard letter to talk about
portals well that's part is that boxing right enforce and this product talk so but
anyway
portals
our away for some what's application to kind of call of the system
and ask the system to do something that i just and what's application but otherwise
not be allowed to do now these are right for doing it wrong is are
right for problems and actually
we're approaching this from a different angle right so the classical example which i think
must dimension is if a somewhat suffocation wants to open the file
that's not in the sample X
ask the system to the portal
october the file system for parts of a file chooser user selects the file the
user expresses the intent
the open the file
and then the system allows that security access at no point is the user
prompted
to with a with a this application wants to access this file in read mode
in right now i don't know what and then continue disallow both should not of
that right so that's expressing intent make insecure decision based off of it
another example this is just a theoretical example
you know for the subtext of dot in them
you can imagine software that wants to be not within our privacy campaign right you
can imagine going to software and checking for this that we don't upload them accidently
that we don't think them to public service sick that data to public service
so rotten than seeing a problem like this
i mean of course the designers can probably
we work this but you might we might choose to make the data visible
thank you very visible what is the what is in that photo so it
this is the sense of data that's in this photo
and just like we allow you know rotating photos and stuff you might have a
button to clear so it's very clear the user has the data is intent is
to take this started here put it online if you doesn't like the data that's
here you can change it maybe take out that X of data or whatever i
mean well apply the principle is to be applied
that
user can express the intent is in control knows that he wants to do and
then that doesn't get these problems to allow or deny access
so
so moving onto concrete some more concrete examples what are we doing to fix this
here are some steps and things that i've been working on
i'm just one person though
and i know security sometimes seems like the dark side
but in reality
it's it there there's very few people who are actively working on this stuff and
so i would encourage your involvement so examples that i'm gonna give one stuff that
i've sort of have find out or have worked on already are no means comprehensive
solution to this problem
and so we need everyone's involvement to try and apply as you're making you software
and help fix the stuff so first
no more certificate problems
i mean this is the details of a certificate i mean i don't include the
like binary details that you actually are the ones that you need to verify here
but
barely anyone can actually go through this and double check that you know certificate matches
what it's supposed to be this is what we're gonna do how should
just drop the connection with something is wrong
if the user is connecting let's say from a web browser or the thing i
am let's and the server's not listening on the right port what do you do
we display big dialogue telling him how to change the word for to contact whoever
or like some thing know it's in this country it's a problem that's on the
server side miss configuration
and we're like oops something's broken
i mean sure their remedies i can be done for example if i think of
someone doesn't pay the D N S for jabber daughter work doesn't pay the domain
registration we should we could possibly put up a dialogue this is do you want
to send an email to the admin of whatever based on who is information and
like
so why we do it for certificates
but i hear these but yes
so let's look at the use cases what the users want to do the user
intent
well one big class
is enterprise the A's enterprise company organisation has their own see a their own anchor
right so for those of you fortunate enough not to know how this works
there's an anchor
which is stored on your system a whole bunch of them right and the website
has a certificate
that it
signs the dollar that's coming from the server with and that certificate has a signature
on it by the anchor
and so your browser or software is checking that it's signed by one of the
anchors on your system
so what we need
for enterprise see ace is a way to configure it we might have a link
that pulls of a help file we might we now we have a way
just or anchors
this is already in the door and debian you open so we have a way
to store anchors across so that by default all the different corpora libraries will use
them
and
here are some details how it works
so you can see that there is kept alive is unfortunate that we have so
many
so what we don't here is this trust or
now the trust or
basically holds a list of all the anchors and blacklist and everything from file so
happens can just put files in a directory there are tools to do this too
and
and assessing can at last read this information through protocol called you can see it's
a lot
now some of that we haven't yet retrofitted open ssl in java to do the
same
so
in addition as kind of a concession to getting this working now
whenever that restores modified we also expect some bundles
so that
these kind of a legacy
uses of the bundles will still work so the upshot is that and enterprise user
or and price admin can how to see a and have it just work so
that's all like to on is and tons and tons of the instances of the
use cases where you want to
use a certificate that your system doesn't trucks
and it's not yet done but we once having can only user interface
for adding that the a C H your system sure there will be an every
application applications that use it it's
saw could include a link to help documentation if we want
but after dropping the connection of course
and then you have
your
that those use cases don't know there's also professionals professional tools right so we're maybe
is maybe a developers developing against a system that is
just a test system as certificate on it that
they just generate a quickly and in production are gonna use a good like a
signed certificate
or for some other reason you might have a personal server that you just decide
to like what self signed certificates on a no okay but you wanna make it
work well there is room for
professional tools to recognise that to work with that
and here's how instead of prompting the user even in professional tools
number the professionals are users to they also ignore information a i know i have
click throughs also i certificates too many times
it's just like
so what you do there
is there a don't feel like you're tool needs to do this you're a
but what you do there is association a certificate with the account
as you would let the user specify host name or username or whatever
what that does it does two things is that we can be more secure with
less security does two things one is that's the user you know not get prompted
later and you know use work around the fact that it's a self signed certificate
but to it also lets the user do it's called a certificate pinning
where
if the certificate to the server sends does not match that certificate so
doesn't work anymore let's really micromanaging secure users
double check certificates that they want to use with a given service and
and then there and if something changes get notified so
but
not every application has to do this so if you're building special application or something
that you imagine these this feature this is how to do it
instead of prompting this is how to do it
alright want another topic
application passive storage
so in currently in
in brno we have
no hearing which is kind of like the central database of all the passwords not
application some faster than there and they can get about
now this is really surprising to users because it doesn't match their intent their intent
is that they type faster than this application the application remembers it
what they don't expect is that every other application including their younger brother using C
horse go and we all the passwords
and
in addition to create all these problems where we have one set one security domain
you would call it for all the applications they can all read each other's passwords
and crap
so
really the password is partly account info when you set up a password and i'm
the or whatever really is part of the account why don't we store today count
well because most people agree that putting up password on encrypted on a laptop disk
is that practise i mean there are certain store just where you can write actually
clear tax like an encrypted this maybe a phone where you can well some sort
of phones where you cannot read this wrong about the wrong this for sandbox applications
so we likely need to use some for sort of encryption
but
and starbucks applications really thrown a wrench into this because if you have the more
sharing their passwords right in the central database you have all these like all this
but this that wants to read this past where the not all these weird if
the prompts or situations that problems are likely to appear so instead what we wanna
do
is
have a session key in the kernel keyring the kerdock eerie it's kind of it's
kind of like know keyring of that but it's volatile and only
stays around on for one
for the brooded life for the computer i guess or
well it's on
and we really want applications to store the passwords in their account information so they
use the library to access the kernel keyring
and ask for session key with which they can use to encrypted password so they
can store the right there and they pass it through
and
store the result in the account information and the colonel keyring if it's not if
we don't yet have a session keyring
their little house
but that's not the secret service or whatever to be the prompt the user or
get a notice i think hearing based on the user's market
this actually lets you do some really interesting things where you can have policy
like that the whole scheme let's you have policy where different applications
you could you could tell them this application i want to never to store passwords
and so the kernel clearing always refuses to have a session a master session key
for that and respects that doesn't write a password or you could say and M
T P mean store in clear text
then you can have either propagation or for the whole system away for
to indicate the applications just put that lay down in your in your account information
in clear text don't want to bother with encryption here
so again another example modelling the user intent when we're keeping the password in the
account data
and
again you have more secure because you can you can model all these different things
you don't have maps
interacting with each other to sam box office apps especially to retrieve the past for
from somewhere of course unless the case where apps want to share an accountant from
account right and we do that is through can a lot line accounts or service
like that
more sound what's applications there should be part of for that
and
and i related use case that someone actually brought up just the other day so
i would mention it is people like to look up the past with that they
use in an archive our back so
we might also have a portal or something for that to kind of say i'd
use this password
if the user wants be reminded of it later story but we but after just
don't necessarily use that look up stuff the user for looks up stuff there he
wants to use it somewhere else and if an application you put and
so another topic
when you login to your you know that start using fingerprints are all the login
or anything about a passer morgan to get this problem which is really stupid because
it's a password right so users pleasantly chose not to login password you get this
no the reason for that is because although we can authenticate the user
we can make a guess no decision based on his identity who he is
we cannot we don't have any
secret data like a master password or anything but which to decrypt the stuff on
the best so we can open his password store and so on
so known keyring stubbornly puts at this prompt
that's really unusable
users intent is to monologue in for example just have a static be accessible
right actually ask for fingerprint the ask for although its kind of secure to make
is donna accessible based on the fingerprint that he's leaving all over the place
right so really
the user has way to secure at the a decision already that says i want
to be less than
a hundred percent or less than password secure and i want to
i don't care this point
so this is how we're gonna solve this
so again for those of you fortunate enough not to understand how power works
have the stack of modules
and one of the modules what usually more the early ones in the stock will
prompt the user for a password
usually it pam unix although it could be the S T component have S as
and so one
so what we really want is that password to come from somewhere else
first of all
we want all the counts to have a password
but then the user can choose not to use that us
so
when configuring fingerprint on or auto login or pay login even
users password is written to a file
and ideally that file would be secured via something on the hardware like a T
P M trip or pretend and be ram or something but if not we written
in clear text and this is the users explicit choice
in addition we wanna fix the case where
you i'll you unlock your disk encryption and then you have to like the same
password again when you login
so both of these data into the kernel keyring
the colonel keyring contain is the users
login password in these cases this can a login fingerprint
authentication
and then when the login starts
there is no authentication token there's no password that they call it
so the first thing in the stock looks and check so the kernel keyring
do you have the user's login password can i just use it
and if you didn't this time
at the top
and then the underlying component see there's already one there tries to use it
and if it works then know product
and on we go down the bottom can known keyring is also able to use
that how sort to unlock the users passwords or to provide like it's in the
last that master session keys for us on what their own past
so we got
are usable login experience that models users intense and in fact
you get ability to use more secure stuff which is your just encryptions smoothly
so those are the things that i
sort of have scheme than this area but
there is so much more if you're if you want to join in on any
of these tasks i can break them down we can we can work together i'd
love that i'm this is not my job to work on this stuff i work
part time on it
and if you see other places where you want to apply the principles i talked
about that by all means don't be afraid of join in the
darkside the security bring us back from the dark side we have cookies
so
who's your comment
terminate security problems with extreme prejudice
and this is really interesting about this the other day
for every keystroke or click that the user has to use to use a security
or crypto feature user base declines by you can imagine how that goes
alright any questions
yes
are you very the if you so the web browser example we back that we
just gonna draw connections if the certificates mismatching there are some sites that they're gonna
practise that you can take people want to go to them
do you think you just gonna find you know like more extreme measures of disabling
the security system so that they can get what they want
and that will match user intent
like i find with someone who's crazy or someone who is a it is come
used to living on the extreme going in disabling have to secure this but if
like user intent is i want to see this site and then you force them
into like and disabling all security validation or something like that
that's a possibility but i think we've also made it possible for the user to
fix that situation
in a straightforward secure way without getting a problem interrupting them so not only are
we taking something away but we given them the ability to fix it really it's
been hopeless so far right
you try to trust some see a or something like see a start for example
i was like what you have to figure and every application that's not so we're
trying to do is really solve the problem that the users are actually facing and
they're always be some
weirdos
who want to ignore that stuff or totally valid you serious want ignore that stuff
and verify minutes open source they can going modify they can we can figure it
they can change it but we don't necessarily have to present that to all these
is that option to all the users
did you have a question
there we go
so with the decline of the passwords this is secure mission to the contention relates
to the ultimate just a user can remember is for below the amount of that
is that compute complete for some half an hour
the two
and with the jan on the availability of the two factor authentication right
what can we do to fix the problem
a lot of lot of research unless the sure that it
i don't have an amazing response to that i mean if and if
if someone wants to work on you authentication methods or implementing
ones that are in research that certainly interesting work that
we can do i mean
but we have established stuff we could try implementing in to go but
i don't be shy when exploring the stuff there's definitely a need for something better
but we don't have
sure
or the
i think it's a good approach to try to catch the use intents but it's
at the same time very far as it is hard i mean
it's security
i don't know it might be very different see what you know the uses and
ten E it's
there's no doubt that
and that's one reason i wanted to get this talk is we're on the verge
of design in this
somewhat applications and it would be so easy
the fall into the trap of getting more problems
so easy and i agree it is hard
is really hard like for example do you want to share your location yes no
what is the answer to that
what if you what if you i mean this is just spit balling here but
what if you were displaying and say select your location share but
like a user clicks it takes the share button it has a web at and
you get some i guess like of course under his current location and all and
it kind of modelling some attached to do rather than a permission i mean i
realise it's hard
and no i don't think any of us have like this ingenious solution for each
and every problem i mean each one it's going to be a child
but we really not just fall into the trap of prompting users that just makes
like i mean showing transit are just going to be click through when you kind
of get in the habit of just picking to
i think it is useful to make a distinction between props that or like would
you like to share your location yes-no versus parts that are more like would you
like me to do what will allow you to do what you're trying to do
so i mean equipment industry choice that's
later you know if i'm clicking no i don't get what i want verses okay
this is really a preference and then i can proceed writing there's a you want
to do your task like exactly and then the ability to of course stop it
if it was a surprise that somehow this thing popped up so saying that all
yes we know choices are only back i'm not sure that that's true
that's why i said problems are dubious and i understand a your point
but we need to react
when we see if we as developers we to react when we see problem and
really think hard is this really necessary and i guess that's my point
so we've been so used to just generating problem
so after that extreme here
and there are exceptions
but it really should be part of our first reaction to think hey this is
the problem what are we doing here can we can we change this there were
actually matching what the user wants to do or presenting a like part of the
flow or somehow let me show isn't and or something like that
just for the
so continuing rinds question before i think which is absolutely terrible has had invalid sort
of the certificate for five years and i don't see any fixed that
that i mean you i know i is they bought my credit card your like
any money right now a but i mean it's just sort of i mean i
sort of agree with brian sentiment that it's like there's a valid
certificate websites all over the place like just sorta children actually and he obviously the
right now like it's very bad by record choose you like
but like i would do that as you were on your fish will be use
like we could do i wanna do i get my money's
so it's just like i understand your point with like
i don't use any for just terrible websites or so i probably not use their
online banking system but
i'm gonna return anecdote in time and that is on them as a that bugs
a lot about our website where people file bugs about firefox
there are and number of bugs the people that exact same thing hey you guys
suck you do not recognizer certificate five bank i keep getting prompted and blah and
then similar looks and the details and they are in fact being that in the
middle someone is attacking that and they have enough knowledge to go and post like
certificate details and all that stuff on for example so you're how many people are
just ignoring the i mean my factor of thousand more right so
i realise there's a trade off here but i think this is completely the right
approach and there are ways to get up to obviously we haven't totally ignore the
fact that all certificates automatically validate and there are ways to do it so someone
might make a browser plug in for you or you might make it that says
hey when i go to this bookmark
always check to make sure it's the certificate no matter outdated or whatever in the
certificate to the bookmark and there you go
the other question i have we think about this you linux
the reaction i was expecting thank you know i think i think that i think
there's a lot of good use cases for it and i just think many of
much of what we try to do with it now is to find great so
it's again that the chairman E of small decisions
we need to and there there's definitely working done on this i'm not trying to
not get we need to use it at a higher level more like for example
with a marxist that's kind of the abstraction we containers or with virtual machines that's
kind of the level like you're talking about rather than the something i wanna micro
manage and sassy the next always support that i think we take it to the
next level now and by removing all those tiny little incipiency intricate decisions and micromanaging
every detail you sort of have these bigger bar bigger security domains where stuff in
their interacts fine
but when it once interactive something outside there only to find ways for to do
that
so i two questions the first one was
i mean you were mentioning some alternative plan for the take to be able to
still access is websites planning and strategic it's to some sourced or something
like is percent like just an I them and then have like a you why
that you didn't really specify so okay so that's this is the infrastructure i've been
working on actually it's already done the infrastructure
and this is just or is that what you're talking about and the trust or
is basically
stuff in these two directories so right now and your food or nineteen your debian
testing or your opens is the back to re think
you can put
your see a certificate in that one of these direction for jack that because i
think some of them change the directory to be compatible with their old stuff you
can put it in there and suddenly everything will respect
obviously user interface is very important and i wish i was really hoping to have
that done by quack
unfortunately a lot of other stuff conspired against me
there are tools command line tools now that's very new to do that so you
don't have to like manually place files it'll just take a adding a listing and
stuff like that
and then there are
based on those tools we have to build a you why for example to see
orthodox can reference because i understand that not everyone has an admin even in enterprise
not everyone has an admin caring about their every you know need any them don't
care that you on the next so
by having the documentation how to do this we can guide the user through these
that if they really have to
okay and the question the i'm really interested in is you mentioned like encrypted hard
disks but like when you installed or it doesn't give you like
langford lot checked by default so will it be saying that you like to see
like
say linux distributions gently like pushing for people drink their drives
but there's a lot of discussion about that problem is password recovery right unless you
can provide the user really same way of recovering that password
checking a by default is very
"'cause" i'm just from a developers so i i'm i totally would love to see
it check right before but we have to have a good passer just got password
recovery mechanism
you talk about you would support sort of like advanced interface repenting what's your opinion
on this idea a certificate pending by default on first years so that you know
when i go and access my bank you can all the suddenly like you know
by the way your bank is now authorised by a russian certificate it's already are
you sure that that's really what you intend right so there's a lot of work
being done on how to solve the see a problem because C As or
that's pretty much a recipe for corruption right basically get money for
doing the right thing and more money for doing the wrong thing you know so
there's a lot of work on this and some proposals like tack have a way
to
pinna finicky to a website and the first time you see a first time user
you can make a leap of faith
and thereafter you kind of build trust and because you keep seeing the same thing
there's a way to migrate to new keys a not necessary you will ever really
do that again
and it's a interesting approach and but it needs more work from the user interface
perspective because
it really depends on the use case if the user is logging onto for example
it really makes sense in the case of social networking
if you were creating account that's a with facebook
the first time you're creating that account
you wanna know that later when you connect and add more your personal information that
you're going back to the same website and also works very well for ad hoc
communication between people the first time i met you i have no idea we were
and whether you trustworthy or not and the same thing works with pinning right
the first time i kinda make a leap of faith or kind of i there's
not much at stake but over time you wanna be sure you're going back to
the same place
as far as the leap of faith when you're connecting to someone you that you
like your bank that you have to know is the right party from the beginning
that is kind of more unsolved problem
you in this like you have your labial the weighted keys in user sure if
i don't trust them from the files and it's that or is it strictly additive
know there's also black listing so you should be able to take a certificate i
say
never use this certificate again now not all of those libraries support it and assesses
the only one that supports well i mean so that i can just right get
out of the trust shortly you can do that it's from that see
and see okay like i don't if you want to provide actually the last
we have a way to do that i can basically you market as untrusted for
any use each of those anchors are trusted for various uses like web or you
know someone and the tool would unmark the to tool does on market for any
use when you disable it and crystal there but can't really be
i wanna say that this slide like i love you for because this is gonna
disasters and i don't have to really like a lot better
so that's all that's great
stick what concerns me right now
is that there's a lot of us on a lot there are some of us
in our community the reading harassed as we go through T S A check
like that part i don't have that were like going to T S A checkpoints
we raster resize get take in the get image
what are we doing to prevent things like lee keen
you know are keys in memory
i shut my laptop what just happened to make sure they are actually going to
this
you know a lot of the service stuff goes to you bustling application once you
get a password securing a makeover debusk we have no control over D but zero
we not the memory that contains my password well nor do necessarily zero the password
before free need in the applications that what are we gonna do about conventions how
can we deal with that to make sure that our applications or protecting us even
when we were right so there's various aspects that question and what are the interesting
things is like this distinction between privacy and security some was telling me
yesterday and it was really good point that security is off and the implementation of
privacy right so we have this privacy campaign what i've talked here today it was
a lot about security
and our privacy campaign we should be examining
those various use cases especially if are community is already run into these problems
and a bunch of us were having a disk and how hard discussion about it
but we need to start christa lighting what we're going to do for that privacy
right i mean i'm certainly not running it but so
if you have any ideas though i'd be happy to andreas or to be us
or holland or myself we can start a discussion on that like what task do
we want to do obviously twenty K is not gonna solve the world's problems but
right you can actually start to tackle some of those things as far as the
security side ask doing their security
that is a problem and i hope that
part of that is all by this
we have a much more
secure infrastructure for
after that passed around the system although currently a list not hearing doesn't after password
over developed by in here the number that at least
presumably that the colonel hearing area is gonna be unlocked memory so when you shut
it no chance of
this so i mean we do need to take some steps when you when you
suspend your computer to clear the kerdock hearing and then unlock use that unlock password
to we populate that master section
as far as point the second thing is concerns a right now i'm still gathering
what we
we won't be community a knowledge and see what we gonna be using the money
full it's very possible that will end up having just like to produce the nation's
in previous campaigns that will just add
one company working on a particular set of tasks but it's also very possible that
will and of speeding up the
the problems into small pieces some of codes of P W
participants can
can use that we can even make some of the stuff into going on goals
right is a week you page on which we have a really point is ready
and we need to flesh that out we need to figure out what's the most
important in the short term
cool
i just one comment on the privacy campaign is what as we accept bids from
companies are ideas of things we need to secure is such a broad topic i
mean it means something different to everyone so i think we need to focus as
we are more on privacy i think especially i think yes exactly so if we
excepted three companies we're gonna get a lot of security stuff as well we have
and you know bundled them down to privacy
and do this regime where account service their applications are storing passwords as account information
inside and sells presumably and all sorts of different ways that the system doesn't really
have any awareness of the if i want to change the this key that's a
marking all of the is that it seems that i really can't do that yes
that's a good point and i didn't covered in the slide but you might as
there's a little to here
okay
what that does is when you ask
the kerdock hearing for
to unlock a password that you've stored previously you also pastor identifier
that's all the which has certainly used to market previously when you're doing it for
the first time well when you're storing capacity use the current identifier and you tag
in into your value you pass a back so that allows for migration between see
so using the ski i mean there may be more holes and i'd love to
discuss
the details make sure we have it all right if this can you have a
lot of the protocol the whole model has a lot of flexibility a lot of
power not necessary that we have to expose all that in the default install but
you have that
does the protocol you an opportunity to say it's you requesting like a generation to
did you know there's a generation three would you like three include no i would
suggest personally
that we always have the out just have a well known place to retrieve the
currently when they're storing a password
just use that
great stuff
more question
thank you much
right
and then