On 9/13/13 9:39 AM, Dean Willis wrote: > > On Sep 9, 2013, at 1:15 PM, Phillip Hallam-Baker <[email protected] > <mailto:[email protected]>> wrote: >> >> When we first heard of PRISM it was assumed that the data was being >> voluntarily disclosed by Google etc. It now appears that it is >> plaintext traffic on the Internet trunks that is being intercepted. > > I recall that some of Vint's team at InternetMCI demoed a wire-speed > interceptor using an optical splitter tap back before they were sold to > Cable & Wireless. In my mind, optical splitter tap == a prism. And this > was in the late 90's, so it's gotten better since then. Much better. I > suspect that all that is needed is a slight kink in the fiber, and > enough signal leaks out that it can be recovered.
In the 90s that was OCxmon/DAG capture cards at oc3/oc12 and so rates in 64bit 66 mhz pci-x slots... That was heady stuff then but it's not super exciting when PC's can have 40Gb/s nics. >> While it is true that the NSA probably can't do the intercepts without >> any help, we can't build an Internet without intermediaries either. >> The question at issue should be not whether an intermediary can >> default but whether that default could be detected. > > Given that current belief is that both submarine and physical cables > have been tapped, cross-factored with what I believe of the capabilities > of multiple nations to perform undersea taps (you can read about in in > Wikipedia), I believe we can assume that surveillance can and does occur > without the assistance of intermediaries. > > http://en.wikipedia.org/wiki/Signals_intelligence_operational_platforms_by_nation > > > So I second PHB's suggestion that discussion of capability-by-attacker > be avoided, and we simply make the presumptions that wires leak, > intermediary nodes at all protocol layers are compromised, and that you > can be betrayed by anybody at any time, so no trust is absolute. > > yes, I had a large box of paranoia for breakfast. > > -- > Dean > > > _______________________________________________ > perpass mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/perpass > _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
