A naive comment. In his first email Zooko states:
"S4 offers “*verifiable* end-to-end security” because all of the source code that makes up the Simple Secure Storage Service is published for everyone to see" A suspicious user may wonder, how can he be sure that the service indeed uses the provided source code. IMHO, end-to-end security can be really verifiable--from the user perspective--if it can be attested by examining only the source code of the applications running on the user side. Best, Nikos On Sat, Aug 17, 2013 at 11:52 AM, ianG <i...@iang.org> wrote: > On 16/08/13 22:11 PM, zooko wrote: >> >> On Tue, Aug 13, 2013 at 03:16:33PM -0500, Nico Williams wrote: >>> >>> >>> Nothing really gets anyone past the enormous supply of zero-day vulns in >>> their complete stacks. In the end I assume there's no technological PRISM >>> workarounds. >> >> >> I agree that compromise of the client is relevant. My current belief is >> that >> nobody is doing this on a mass scale, pwning entire populations at once, >> and >> that if they do, we will find out about it. >> >> My goal with the S4 product is not primarily to help people who are being >> targeted by their enemies, but to increase the cost of indiscriminately >> surveilling entire populations. >> >> Now maybe it was a mistake to label it as "PRISM-Proof" in our press >> release >> and media interviews! I said that because to me "PRISM" means mass >> surveillance >> of innocents. Perhaps to other people it doesn't mean that. Oops! > > > > My understanding of PRISM is that it is a voluntary & secret arrangement > between the supplier and the collector (NSA) to provide direct access to all > information. > > By 'voluntary' I mean that the supplier hands over the access, it isn't > taken in an espionage or hacker sense, or leaked by an insider. I include > in this various techniques of court-inspired voluntarianism as suggested by > recent FISA theories [0]. > > I suspect it is fair to say that something is PRISM-proof if: > > a) the system lacks the capability to provide access > b) the operator lacks the capacity to enter into the voluntary > arrangement, or > c) the operator lacks the capacity to keep the arrangement (b) secret > > The principle here seems to be that if the information is encrypted on the > server side without the keys being held or accessible by the supplier, then > (a) is met [1]. > > Encryption-sans-keys is an approach that is championed by Tahoe-LAFS and > Silent Circle. Therefore I think it is reasonable in a marketing sense to > claim it is PRISM-proof, as long as that claim is explained in more detail > for those who wish to research. > > In this context, one must market ones product, and one must use simple > labels to achieve this. Otherwise the product doesn't get out there, and > nobody is benefited. > > > > iang > > > [0] E.g., the lavabit supplier can be considered to have not volunteered the > info, and google can be considered to have not volunteered to the Chinese > government. > [1] In contrast, if an operator is offshore it would meet (b) and if an > operator was some sort of open source distributed org where everyone saw > where the traffic headed, it would lack (c). > > > > > >> Regards, >> >> Zooko >> >> _______________________________________________ >> cryptography mailing list >> cryptography@randombit.net >> http://lists.randombit.net/mailman/listinfo/cryptography >> > > _______________________________________________ > cryptography mailing list > cryptography@randombit.net > http://lists.randombit.net/mailman/listinfo/cryptography _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography