On Tue, Sep 10, 2013 at 1:31 PM, Dean Willis <[email protected]>wrote:
> > On Sep 9, 2013, at 11:39 AM, Peter Saint-Andre <[email protected]> wrote: > > Signed PGP part > On 9/9/13 9:58 AM, Stephen Farrell wrote: > > > So, this is a call for: > > > > a) suggestions as to how to best use some face-to-face time, b) > > agenda proposals, and, > > We'll want to use the high-bandwidth time wisely, and we know that > security-related discussions (well, all discussions) can easily go off > track. Staying focused on the core issues, and on problems that might > have engineering solutions, will be paramount. > > > That makes me wonder if a second session should be allocated for the > obligatory hand-wringing and mic-ranting, or if we're planning to do that > at the plenary level. > > You know > http://en.wikipedia.org/wiki/K%C3%BCbler-Ross_model<http://en.wikipedia.org/wiki/Kübler-Ross_model> > ... > > Denial, anger, bargaining, depression, acceptance. > > We don't have a surveillance problem. > I'm angry that we've been surveilled and that they planted people in our > organization to make it easier. > Maybe if we just use TLS everywhere, it'll be OK. > This isn't going to work, and I'm sad and giving up on the Internet. > Oh well, the NSA reads my email, so I don't have to. Beer! > Well welcome to the club. But another point that makes me rather angrier is that we are all now potential NSA plants. Or rather would if not for the fact that pretty much everyone feels free to accuse CAs of being tools of the NSA anyway. The point is that everyone is now in the same boat I have been in these past 20 years. And just as nobody ever thinks much about my feelings when accusing me of being an NSA plant I am going to feel free to throw it all back. I really don't think it likely the NSA cryptanalytic capabilities are based on CA compromise because I really can't see how the EFF and co could have missed the evidence of a program as large as the one revealed by Snowden. Even without CT, a CA compromise leaves marks. I don't think the point of compromise is in Google etc. either. Too many people would have to know. But I certainly won't rule out that as a possibility. Looks to me as if PRISM is an old school attack and involves back hoes and splicing fiber optic cables. That would certainly be consistent with what we know of the cost of bringing companies into the program. It is the way I would do it. -- Website: http://hallambaker.com/
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
