Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

[Stefan Winter <stefan.winter@restena.lu>]

+1. I'd +10 if I could :-)

> One thing that would be helpful is to encourage the use of
> Diffie-Hellman everywhere.  Even without certificates that can be
> trusted, we can eliminate the ability of casual, dragnet-style
> surveillance.  Sure, an attacker can still do a MITM attack.  But (a)
> people who are more clueful can do certificate pinning/verification,
> and (b) if the NSA is really putting data taps into tier 1 providers'
> high speed interconnects, they can only carry out MITM attacks on a
> bulk scale by placing racks and racks of servers, which will require
> significant amounts of cooling and power, in places that are much more
> likely where they would be noticed.  It's no longer a data tap hidden
> away somewhere in a closet near a tier 1's NAP.
> 
> For too long, I think, we've let the perfect be the enemy of the good.
> Using TLS with DH to secure SMTP connections is valuable even if it is
> subject to MITM attacks, and even if the NSA/FBI can hand a National
> Security Letter to the cloud provider.  At least this way they will be
> forced to go the NSL route (and it will show up in whatever
> transparency reports that Google or Microsoft or Facebook are allowed
> to show to the public), or spend $$$ on huge racks of servers in
> public data centers, which maybe means less money to subvert standards
> setting activities.
> 
> Although perfect security is ideal, increasing the cost of casual
> style dragnet surveillance is still a Good Thing.
> 
> 						- Ted
> 


-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66