On Tue, Oct 29, 2013 at 2:42 AM, Yoav Nir <[email protected]> wrote:
> > On Oct 29, 2013, at 4:43 AM, Phillip Hallam-Baker <[email protected]> > wrote: > > > I am at a workshop on Cyber Metrics at MIT. > > > > When we are talking about protection against targeted surveillance then > we look for the cost of a single attack to be prohibitive and we accept a > certain set of costs to the user. > > > > But for stopping pervasive surveillance we can't always bear those > costs. Significantly increasing the per message work factor is still a > benefit even if the work factor is not prohibitive for single messages. > > Absolutely. If we can get the cost of surveillance to be such that the NSA > can only afford to spy on 10,000 people, it's likely that most of us will > not be under surveillance. I believe that I don't rank anywhere on the list > of 10,000 most dangerous terrorists or criminals. Security researchers will always be targets because people tell us about exploits. I avoid any contact with dissident groups precisely because there is a risk that I am being watched for other reasons. > That doesn't necessarily have to be measured in bits. If reading my email > required breaking into my home and stealing the private key off of my > computer, that would severely limit the scale. > Please don't limit the threat model to the NSA. Yes they have goofed and they understand that. And every public and private piece of information I have on the matter points to a massive editing session taking place on the senior ranks of the entire intel apparatus of the US right now. But the new threat model includes all the governments aspiring to copy the Snowden era NSA. And pretty soon quite a few governments besides the US govt. are going to realize that they are now in a decidedly negative sum game. Cryptography is not about defending secrets, it is about enabling. Think of all the Internet commerce happening today because of cryptography. That is what, a trillion dollars of global activity a year? So far we have only secured the Web to create the Internet equivalent of shops. We still don't have secure mail to compliment that. I don't know how much economic value we can generate with the next generation of Internet crypto but I will bet it is in the tens or the hundreds of billions. -- Website: http://hallambaker.com/
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
