Only one comment I do not trust treacheours computing or (un)trusted computing as I would call it. Personally I focus on the inabilty to prevent installation and detect if there ever was spyware in the "trusted" space. But just as there is no way to ensure a specific instance of hardware is what it claims to be (without opening it) there is no way for 3rd parties to assert if a certain modifiable space is untampered. It is a nasty problem.
In my view, this logically leads us to external likely wireless hardware tokens which we of course need to have a healthy distrust towards (as there is no way to ensure there is no hidden mechanisms) and keep constantly monitoring and do random checks on all data leakage. To create key devices, we can trust - even on Debian, Iphone and Windows computers - of course there need to be source code review especially assuring the key devices are actually ensuring you have identity control. But it is a two-way street. If 3rd parties (incl. DG ITEC) have to trust your keys, they also need to have assurances about the integrity of keys against e.g. identity renting, lending or id theft. Meaning you as a user CANNOT have key access as that would violate integrity including your ability to protect your keys (which 3rd parties shouldn´t trust). And of course we would trust code that are under continous scrutiny more than "closed" code whereas the more institutional structures likely require other institutional structure to assert (even through we wouldnt trust them - e.g. NIST). More than one independantly need to have that access and provide their assurances in a traceable manor - open source or not. An untrusted Debian session could then be authorized using the hardware token. The main thing is - as stated - to ensure you do not identify personally or any of the devices in the sessions even if DG Itec require authroization and accountability. So we need to use blinding and conditional mechanisms in the key device whereas we can leave the channel anonymization to the Debian device. Fine Stephan Engberg - - - - - - - - - - - - - - - - - Stephan J. Engberg Priway - Security in Context [email protected] 26-11-2014 14:12 To: [email protected] cc: [email protected], [email protected], [email protected] Fax to: Subject: Re: Is there a VERY minimalist "Pure Blend" On Wed, Nov 26, 2014 at 01:50:13PM +0100, [email protected] wrote: > 1) It exclude the 99,9999% of the population that have no chance in hell > of doing so. For all practical purposes there is litte difference to them > what license, their devices operate. Oh no, Stephan's logic again! You really have a talent for that! You should be a politician! 99,9999% of the population have no idea how to find out whether Iranian nuclear facilities are suitable for producing weaponry, yet it makes a difference to us whether the UN is permitted to oversee such facilities or not. I find the trustworthiness of debian binaries more important for western democracies than whether Iran can produce weapons or not, considering the immense number of critical systems based on them. How can we allow EU inspectors to ensure that those binaries are produced from the correct source codes? I know everyone is operating in best intentions, but so is the Iranian government. We need to get beyond the trust thing. Trust in technology is the essence of evil. > 3) Just because something is self-complied does not mean that it is good > or adabted to your needs - and most of what you depend on is operated by > technology and providers outside your control. Yes, but it is pointless to even start looking at source codes if most people will execute somebody else's binary anyway. [removed off-topic rambling] -- http://youbroketheinternet.org ircs://psyced.org/youbroketheinternet
