[FoRK] Fwd: [IP] What It’s Like to Get a National-Security Letter

Eugen Leitl eugen at leitl.org
Mon Jul 1 07:33:52 PDT 2013


On Mon, Jul 01, 2013 at 03:23:10PM +0100, David Edmondson wrote:
> On Mon, Jul 01 2013, Eugen Leitl wrote:
> > On Mon, Jul 01, 2013 at 12:40:31PM +1000, Noon Silk wrote:
> >> interesting read.
> >> 
> >> last line is also nice:
> >> 
> >> ------------------------------------------------------------------------------------------------------------
> >> 
> >> *Do you encrypt all your own e-mail, as a result of this stuff?*
> >> 
> >> No, that’s really hard.
> >
> > No, it isn't. Encryption is easy, key management is hard.
> 
> Maybe that explains "not verified"?

Self-signed certs between trusted end points are a lot better
than CAs that aid and abet the enemy.
 
> >         (Client CN "xent.com", Issuer "xent.com" (not verified))
> 
> Sure the bits between you and xent.com were encrypted, but you don't
> have assurance that they couldn't be trivially decrypted by someone at
> xent.com, or someone who could mess with xent.com's DNS records, or ...

I can tell you that in order to read the (not really secure, that's
just the point: everybody should be using weak methods so that
strong methods don't stand out, and searching for them is expensive)
you need to MITM or compromise the end points. 
 
> Then the messages are un-encrypted whilst at rest on the xent.com
> disks. Then they are un-encrypted whilst at rest on the recipients
> machine.

You don't know what. With a layered defense approach you would
be e.g. adding GPG encryption gateways, crypto fs, hardened
systems with working IDS, and so on. If you use enough layered
paper, it eventually will stop bullets.
 
> I'm in favour of what you've described, but it's not really that big a
> deal.

I think it is a very big deal, since such opportunistic, "weak" methods
make passive attacks like Narus prohibitively expensive, and require
the attacker to fall back to active methods, which are hard to scale
since not automatable, and are detectable in principle (and interceptors
need to be wary not stepping into a honeypot, and showing superior
capabilities, which are so far only in operation in targeted attacks
on dissidents in totalitarian regimes).


More information about the FoRK mailing list