On Wed, Sep 11, 2013 at 04:03:44PM -0700, Nemo wrote: > Phillip Hallam-Baker <hal...@gmail.com> writes: > > > I have attempted to produce a summary of the discussion so far for use > > as a requirements document for the PRISM-PROOF email scheme. This is > > now available as an Internet draft. > > > > http://www.ietf.org/id/draft-hallambaker-prismproof-req-00.txt > > First, I suggest removing all remotely political commentary and sticking > to technical facts. Phrases like "questionable constitutional validity" > have no place in an Internet draft and harm the document, in my opinion.
Privacy relative to PRISMs is a political problem first and foremost. The PRIM operators, if you'll recall, have a monopoly on the use of force. They have the rubber hoses. No crypto can get you out of that bind. I'm extremely skeptical of anti-PRISM plans. I'd start with: - open source protocols - two or more implementations of each protocol, preferably one or more being open source - build with multiple build tools, examine their output[*] - run on minimal OSes, on minimal hardware [**] After that... well, you have to trust counter-parties, trusted third parties, ... It get iffy real quick. The simplest protocols to make PRISM-proof are ones where there's only one end-point. E.g., filesystems. Like Tahoe-LAFS, ZFS, and so on. One end-point -> no counter-parties nor third parties to compromise. The one end-point (or multiple instances of it) is still susceptible to lots of attacks, including local attacks involving plain old dumb security bugs. Next simplest: real-time messaging (so OTR is workable). Traffic analysis can't really be defeated, not in detail. On the other hand, the PRISMs can't catch low-bandwidth communications over dead drops. The Internet is full of dead drops. This makes one wonder why bother with PRISMs. Part of the answer is that as long as the PRISMs were secret the bad guys might have used weak privacy protection methods. But PRISMs had to exist by the same logic that all major WWII powers had to have atomic weapons programs (and they all did): if it could be built, it must be, and adversaries with the requisite resources must be assumed to have built their own. Anti-PRISM seems intractable to me. Nico [*] Oops, this is really hard; only a handful of end-users will ever do this. The goal is to defeat the Thonpson attack -- Thompson trojans bit-rot; using multiple build tools and dissassembly tools would be one way to increase the bit-rot speed. [**] Also insanely difficult. Not gonna happen for most people; the ones who manage it will still be susceptible to traffic analysis and, if of interest, rubber hose cryptanalysis. _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography