On 03/18/2017 09:04 PM, Rich Kulawiec wrote: > On Fri, Mar 17, 2017 at 09:54:48AM +1100, Morgan Reed wrote: >> I'd submit that this is tantamount to saying "it's impossible to make a >> 100% secure system so why bother even trying". > > Then you're not grasping my point. Let me try again. > > I suggest that you re-read what I've written *and* consider as well the > disclosures of the past week vis-a-vis smartphones and their encrypted > communications applications. > > In particular, note that entities like Whisper and Signal have been, as > I've said for years, peddling snake-oil. They cannot possibly deliver > on their promises *even if they do everything they say they can do* > because all of it is immediately and completely undercut if the > underlying system is compromised.
Open Whisper Systems and Signal provide what they state, End-to-End encryption. Applications and technologies like these make mass surveillance harder, as passively sniffing traffic is no longer viable. Shifting the attacker to actively compromise devices is an overall improvement. > > Which is exactly what the disclosures of Vault 7 show everyone, > although it's not really news to anyone who's been paying attention. > Intelligence agencies, vulnerability brokers, organized cybercrime, > and others have been knocking themselves out to hack everything > for years -- and whaddaya know, they've succeeded. This set of > disclosures is merely the latest, and it and all the other ones > to date are merely the tip of the iceberg. Obviously protection against state actors is hard [1]. However thats not the only threat source that there are reasons to protect against. There are plenty of threat actors for which sniffing traffic to a plaintext mailing list might be easy, however overcoming a well setup encrypted mailing list system would be quite hard. > > So what I am saying, and what I hope is obvious, is that you cannot > build a secure system on top of an insecure one. > > This isn't about not being able to build a 100% secure system: > as a long-time security professional, I'm fully aware that's impossible > and that the best we can do is to stack the deck in our favor. > This is about building a system that is known 0% secure from the start. The system security only increases in this case. It's security is obviously debatable against state actors/equivalent threats, there it might not improve much, but improves significantly against other threats. > > I think, in the end, this will serve the community poorly -- because > people who don't grasp the contemporary security landscape will deploy it, > will rely on it, and will not understand that they lost the game > before they even started to play it. This will have consequences. This assumes that those people are not currently relying on plaintext mailing lists or any other insecure messaging technology. I think it is quite obvious, from the nature of a mailing list, that every subscriber can read all messages. With proper documentation about security of endpoint devices and security of mailing lists, I think this feature has viable use-cases. -Jan [1]: https://www.usenix.org/system/files/1401_08-12_mickens.pdf
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9