Hi Nick, I had a look at the slides and while it's hard to know from just those, I didn't see too much that was new in that so far. But maybe when you build some n/w monitoring kit there may be more to report.
As far as using PGP goes, I'm nowhere near as pessimistic as it you appear to be (from the slides). Given that much SMTP is now transmitted over TLS, I think the opportunity for the likes of NSA to record all the PGP ciphertext has to be have been significantly diminished. (They can still do it since much SMTP/TLS is still opportunistic but I hope the significant transitions we have already seen from cleartext to opportunistic ciphertext to mutually-authenticated ciphertext continues to evolve in the right direction.) And there is work on PGP being done now in the revived PGP WG [1] - while that is starting with modest goals, (to just update crypto), if that goes well, then there are some folks who'd love to try extend the work to address the real issues that exist with exposed non-body content. (I'm not calling it meta-data, as there's really sooooo much in the envelope that it's more than meta-data). I am sure that your (and other's) assistance with that work would very much be appreciated. So my take-aways here are: - it'd be great if folks worked on measuring the proportion and kind(s) of plain and ciphertext leaving/entering their networks and developing tooling to help us figure out what is a good next target to try to protect - reports on that would be really interesting to see on this list - more work on interpersonal messaging is needed, (e.g. with PGP, but not only that), and any of us can help with that simply by doing it. Cheers, S. [1] http://tools.ietf.org/wg/openpgp On 30/01/16 19:52, Nicholas Weaver wrote: > >> On Jan 30, 2016, at 11:32 AM, Matthijs R. Koot <[email protected]> wrote: >> >> Hi Stephen, >> >>> Anyone got a link to Nick's slides/paper? >> >> Slides (38MB .pdf): >> http://www1.icsi.berkeley.edu/~nweaver/enigma_weaver.key.pdf >> >> Paper: does not exist ( >> https://twitter.com/ncweaver/status/693516094003281920 ). >> >> Video (20 min): https://www.youtube.com/watch?v=zqnKdGnzoh0 >> >> Regards, >> Matthijs > > And how the NSA can rip through PGP (like we know they rip through MS2) > > https://medium.com/@nweaver/extra-unofficial-xkeyscore-guide-b8513600ad24#.83bkhqx1v > > > -- > Nicholas Weaver it is a tale, told by an idiot, > [email protected] full of sound and fury, > 510-666-2903 .signifying nothing > PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
