On 18/09/11 8:38 AM, Jeffrey Walton wrote:
On Fri, Sep 16, 2011 at 1:07 PM, M.R.<[email protected]> wrote:
On 16/09/11 09:16, Jeffrey Walton wrote:
The problem is that people will probably die
due Digitar's failure.
I am not the one to defend DigiNotar, but I would not make such
dramatic assumption.
I don't think DigiNotar has any defenders remaining :) As for the
dramatic assumptions, I believe past performance is indicative of
future expectations: http://en.wikipedia.org/wiki/SAVAK and
http://en.wikipedia.org/wiki/SAVAMA. (Sorry about the lame wiki
reference, I probably should have found a UN human rights report).
I don't think there is any doubt that people can die because of breached
communications. No need to look at the Iranians, just look at the US
CIA, and the intel feeding into drones.
The question of causality is one that is very difficult to determine,
absent some pattern revealed by WikiLeaks (who have been accused as well).
However causality is also very important. Without some historical
pattern of facts, we're all speculating to a greater or lesser degree.
How confident are we of that?
No one actively working against a government that is known to engage
in extra-legal killings will trust SSL secured e-mail to protect him
or her from the government surveillance.
This is a sadly inaccurate statement. Most people working actively and
aggressively against unconstrained governments know diddly squat about
tech. The communities have frequent roll-over, frequent recruitment.
The techies working with them are under considerable pressure to
deliver, and often make basic mistakes.
Perhaps I don't appreciate all the pressure and options, but I believe
an [external] email service using HTTPS is one of the safer options
available when observing due dilligence.
Yes, definately. Open question: did the 9/11 guys use HTTPS? Or just
HTTP? I'm still searching for a case where it makes a clear difference.
(Their main counter-intel coup was to understand that the threat model
better than their enemy. Their technique was to open an ordinary Yahoo
style account, share the account, then open up a draft email, and share
that! Never send it, just edit and delete, over and over. The NSA
which were presumably hoovering all sent emails ... never saw a thing.)
Its kind of like the poor
man's cloud (and corporate america is flocking to the cloud, in part
due to the additional layer of liability offload).
! OK, I'll bite. How does one offload liability by using the cloud?
(Note that liability is the keystone to the PKI debate.... Understand
the liability transfers and you understand why it's SNAFU.)
iang
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
