More precisely its the exposed meta-data in the SMTP. But why would you use
meta-data rich transport for silent circle internal-mail? (Internal-mail I
mean silent circle user to silent circle user vs external mail being smtp
mail to silent circle user or silent circle user to smtp mail user).
I said it before, but again: why not cancel external mail, and leave the
internal mail working - silent circle obviously have the tech for that
because they have SMS equivalent in-mail. Good for you: users who want to
continue to communicate will encourage the people they are communicating
with to also pay for subscriptions. Maybe you could allow people to give
each other gifts of 1month membership, which you hope they extend
themselves; or some referal system with a bonus free month to the existing
user etc.
Now there might be some software legacy, but that seems straight forward
enough. The crypto gap is purely the in and out mail. (Other than forced
software changes, but others have discussed how to combat that issue, and
some claim legal advice is that its harder for the mil-int community to
legally force companies to change their software. (Hushmail saga not
withstanding!)
Adam
On Sat, Aug 31, 2013 at 12:13:28AM -0700, Jon Callas wrote:
On Aug 30, 2013, at 8:43 PM, grarpamp <[email protected]> wrote:
Are we sure? This seems to tell us they are doing traffic analysis and so forth.
It doesn't seem to say much about cryptanalytic capabilities. For all we know
they could have all the crypto in the bag but need analysis to identify
talkers due to people being exceedingly careful about the message content.
I consider delivering a zero-day to be a form of cryptanalysis. I believe that
they do, too. I've been harping on that for some time.
"Blue hen rides over the book on the left side when the sun is low.
Do you copy?"
Now if someone leaked all the secret crypto capabilities docs out
in public, or someone else got in trouble solely from what they
properly encrypted, then we'd know whether or not the crypto works.
I recognize that I have a tendency to be glib in one sentence and then rigorous in another and
that's a character flaw. It's glib to say both "the crypto works" and "zero days are
cryptanalysis" in many respects.
When I say, "the crypto works" I mean the basic structures. We know how to
build block ciphers. We figured out hash functions a few years ago. We understand
integer-based public-key cryptography well enough that it gives us the creeps. We kinda
sorta understand ECC, but not as well as we think we do. I think our understanding of ECC
is like our understanding of hash functions in 2003. Meow.
The protocols mostly work, except when they don't. The software is crap. It's been nearly
fifteen years since Drew Gross enlightened me by saying, "I love crypto; it tells me
what part of the system not to bother attacking."
Look at it anthropicly. We know the crypto works because the adversary says
they're looking at metadata. To phrase that differently, they're looking at
metadata because the crypto works! Look at things like Fishbowl, even. It's
easy to get dazzled by the fact that Fishbowl is double encryption to miss that
it's really double *implementations*.
The crypto works. The software is crap.
Think like the adversary. Put yourself in their shoes. What's cheaper, buying a
'sploit or cracking a cipher? Once you start buying 'sploits, why not build
your own team to do them yourself, and cut out the middleman? Every other part
of the tech world has seen disintermediation, what makes you think this is
different.
On the other end of things, there's traffic analysis. We have seen -- stuff --
from them over the last decade. Papers on social graph analysis, pattern
analysis. Emphasis on malware, validation, and so on.
Here's another analogy. Imagine that you're looking at a huge, fantastically
complex marching band. You're trying to figure out who all is doing what to
what parts of the music and it's horribly complex. And then accidentally one
day, you lose the audio feed and then realize that it's *easier* to tell what
the band is doing when the sound is off.
Aphasiacs are (so I am told) good at telling truth from lies because they look
at the face rather than listen to the voice. They analyze the metadata, because
they can't hear the data and it works *better*.
Traffic analysis is what you do if your feed from the marching band loses its
audio. It's what you do if you're aphasiac -- which is *exactly* what happens
when the crypto works, by the way.
Thus with a large budget, you do both. With one hand, you crack the crypto by
cracking the software. When it works it works. When it doesn't, it doesn't.
Stop stressing. With the other hand, you revel in the glory of silence. In
silence you can think. You watch the band, you watch square dance. You just
watch who is pairing with whom, where the lines cross and the beats are.
Sometimes you can even guess the tune by watching the dance (which is also
cryptanalysis).
And all of that is why the problem in email isn't the crypto, it's SMTP.
Jon
