IETF Logo Mail Archive

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

David Conrad <drc@virtualized.org> Fri, 06 September 2013 21:34 UTC

Return-Path: <drc@virtualized.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F000911E8119 for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 14:34:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.449
X-Spam-Level:
X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[AWL=-0.150, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wElGCzwlvDMw for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 14:34:50 -0700 (PDT)
Received: from alpha.virtualized.org (alpha.virtualized.org [199.233.229.186]) by ietfa.amsl.com (Postfix) with ESMTP id 2F7E811E8108 for <ietf@ietf.org>; Fri, 6 Sep 2013 14:34:49 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by alpha.virtualized.org (Postfix) with ESMTP id 6916A87128; Fri, 6 Sep 2013 17:34:48 -0400 (EDT)
Received: from alpha.virtualized.org ([127.0.0.1]) by localhost (alpha.virtualized.org [127.0.0.1]) (maiad, port 10024) with ESMTP id 45517-07; Fri, 6 Sep 2013 17:34:48 -0400 (EDT)
Received: from [10.0.1.6] (c-24-4-109-25.hsd1.ca.comcast.net [24.4.109.25]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: drc@virtualized.org) by alpha.virtualized.org (Postfix) with ESMTPSA id CE2D5868D4; Fri, 6 Sep 2013 17:34:47 -0400 (EDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_097F753E-546C-4905-AC72-06E63CE3FF24"; protocol="application/pgp-signature"; micalg="pgp-sha1"
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
Subject: Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA
From: David Conrad <drc@virtualized.org>
In-Reply-To: <20130906210638.GC3428@besserwisser.org>
Date: Fri, 06 Sep 2013 14:34:45 -0700
Message-Id: <158C3418-AE87-4843-BFD5-3E2AC3495631@virtualized.org>
References: <alpine.BSF.2.00.1309051743130.47262@hiroshima.bogus.com> <52293197.1060809@gmail.com> <5C7FECAB-8A22-4AF1-B023-456458E1B288@nominum.com> <522949C2.8010206@gmail.com> <52294C6D.7090206@gmail.com> <m2ppsmzgs5.wl%randy@psg.com> <5229686A.5090308@gmail.com> <31078634-5AEA-4FC9-80A8-2E77650BA530@piuha.net> <20130906072539.GJ5700@besserwisser.org> <9AC2A86F-250C-4B3C-B9BA-8DF44C937B41@nominum.com> <20130906210638.GC3428@besserwisser.org>
To: Måns Nilsson <mansaxel@besserwisser.org>
X-Mailer: Apple Mail (2.1508)
Cc: "ietf@ietf.org list" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2013 21:34:56 -0000

On Sep 6, 2013, at 2:06 PM, Måns Nilsson <mansaxel@besserwisser.org> wrote:
>> Right, because there's no way the NSA could ever pwn the DNS root key.
> It is probably easier for NSA or similar agencies in other countries
> to coerce X.509 root CA providers that operate on a competetive market
> than fooling the entire international DNS black helicopter cabal. 

Probably the wrong place to apply the paranoia. How much do you trust the AEP Keyper HSM tamperproof blackbox hasn't had a backdoor installed into it at the factory?

> Audit and open source seem to be good starting points. 

Where feasible, sure. Unfortunately, the rabbit hole is deep.  How many billions of transistors are there in commodity chips these days?

Regards,
-drc

v2.23.0 | Report a Bug | By Email