On Mon, 2013-12-16 at 16:18 +1030, Glen Turner wrote: > On 14/12/2013, at 9:19 AM, Karl Auer wrote: > > entity. If there were a distributed mechanism in place (think Tor), > > these problems would go away. > > I don't know what that mechanism is - but it's the answer :-) > The problem with distributed mechanisms is that you don't know who > owns them. It's simple enough to NSA to own enough of them to have a > high probability of collecting the metadata it desires.
It's statistics - there are few major carriers, so corrupting one gets the bad guys (yes, I mean the NSA - is there any better description?) heaps and heaps of data. Spread stuff around, and it becomes statistically far less likely that any particular communication involves a corrupted node. Spread stuff around *enough* and it becomes pointless for the bad guys to even try. If the solution can spread *partial* keys around, it becomes hard even for a corrupted node to do much damage. The other point (I don't remember if I made it explicitly) is that any commercial solution will fail because it is trivially compromised - attack the corporate entity that owns it, force a backdoor into it, and it's game over. Any solution needs to be not only massively distributed, but also non-commercial. These are just necessary attributes of the system IMHO. I still have no idea what the actual mechanism is, but I think it will need those attributes. Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer ([email protected]) http://www.biplane.com.au/kauer http://twitter.com/kauer389 GPG fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A Old fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017 _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
