Re: The CIA mentions us
Stephen Farrell <stephen.farrell@cs.tcd.ie> Sat, 11 March 2017 02:02 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59BDD129518 for <ietf@ietfa.amsl.com>; Fri, 10 Mar 2017 18:02:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XJSUuNdvjGFt for <ietf@ietfa.amsl.com>; Fri, 10 Mar 2017 18:02:14 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B4E71294CC for <ietf@ietf.org>; Fri, 10 Mar 2017 18:02:12 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 8D03FBE83; Sat, 11 Mar 2017 02:02:10 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XQ_AiOspXNeo; Sat, 11 Mar 2017 02:02:08 +0000 (GMT)
Received: from [10.244.2.100] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 16176BDCC; Sat, 11 Mar 2017 02:02:08 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1489197728; bh=ti5Z79OzQfE+BQG27YoPaASR51ZkADvZGEFZiwdx/oQ=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=zo2u1bFtpKEotvYTH6enxd9iHikvJdDgHH3o3aFAMVVXnormICMVgB8UBuP/k7Q7L cT2ifJGSt2sQHpM/NiLlHT+ajzk6wbJRf1flhl6F9Cgu2RJ+tbQIKu06dGsFG9XU4Z SF/lsp0em1cvnbRT4jsvLmnGFcFNKq1o9oRTjRI8=
Subject: Re: The CIA mentions us
To: Bob Hinden <bob.hinden@gmail.com>, Ted Lemon <mellon@fugue.com>
References: <20170307155346.fwhhpnsm4wl6zzoo@nic.fr> <CAMm+Lwh5E-NPXsVWQpK2tA8Rr+6SpvJJKxMbiks7_F1umxz2FQ@mail.gmail.com> <20170307160840.duv7wwg5sm23nrek@nic.fr> <44d06f90-0f38-f6de-8eb1-cf8262369cd5@bogus.com> <c6df6333-1a08-aa0c-c1de-55d335234f2a@si6networks.com> <alpine.LRH.2.01.1703071034050.3764@egate.xpasc.com> <CAMm+LwioHOJxDZudH8Ya9SYv5DT1fPMJ5ypDR8O5JGa4HwxPvg@mail.gmail.com> <F950C538-05E4-451B-8AC0-A42010DAA8D6@piuha.net> <56AC2362-AAF9-4103-AEC8-F4BD24288B94@piuha.net> <2B19E363-3C0C-409A-9FCE-078389B38106@fugue.com> <18048613-FD0F-419D-83AA-937D45F8900B@gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <47b7ee93-0fc7-1ae7-a3d7-cea0b4b4cd2a@cs.tcd.ie>
Date: Sat, 11 Mar 2017 02:02:07 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0
MIME-Version: 1.0
In-Reply-To: <18048613-FD0F-419D-83AA-937D45F8900B@gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="PqpT54mP6kWdQN2Q2LJUpcxuGO2kkuo93"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/WfbAh53oaQ1qNao2pH_hpvCODwY>
Cc: IETF <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Mar 2017 02:02:20 -0000
Hi Ted, Bob, On 10/03/17 22:53, Bob Hinden wrote: > Ted, > >> On Mar 10, 2017, at 1:46 PM, Ted Lemon <mellon@fugue.com> wrote: >> >> The one thing I wish you'd mentioned in this blog, but did not, is >> a point someone made earlier on this thread: that the fact that the >> CIA needs to hack individual devices to bypass end-to-end >> encryption means that what we are doing in promoting encryption is >> effective and worth doing: rather than everybody's communications >> being vulnerable, individuals must now be targeted. > > I think that’s a good point. > > To expand what you said, these tools are for targeted attacks, not > mass surveillance. I don't think your optimistic conclusion here follows, for two reasons. Firstly, we've seen that the adversary here is not driven by economic concerns and will attack not just a weakest link, but all possible targets they can afford given their very very large budgets. That I think means that these kinds of attacker will attempt both pervasive and targeted attacks, and the fact that they attempt the latter does not mean that the don't try both. Secondly, it may be that different kinds of attacker have different kinds of targets/goals and that some attackers here (such as the claimed source of these materials) are generally more interested in individuals and not in populations. So again, without further information, the interest in targeted attacks does not imply a technical or practical inability to mount pervasive monitoring attacks. And while I do think that the actions that many people in the Internet community and in the IETF have taken have probably made pervasive monitoring harder and/or more costly, I do not think that's really that relevant to this particular leak. In this case, I think the much more interesting thing is that this is yet another demonstration that attack code that is intended to be used for attacks (as opposed to demonstration) is in the end hugely counter-productive. (And immoral too IMO, but I'd not claim that we all need to agree with that last;-) > Encryption continues to be a strong protection > against mass surveillance. I totally agree encryption is a major tool in our armoury. But that's kind of orthogonal to issues arising from this incident I think. Cheers, S. > > Bob > >
- The CIA mentions us Stephane Bortzmeyer
- Re: The CIA mentions us Phillip Hallam-Baker
- Re: The CIA mentions us Phillip Hallam-Baker
- Re: The CIA mentions us Stephane Bortzmeyer
- Re: The CIA mentions us joel jaeggli
- Re: The CIA mentions us Fernando Gont
- Re: The CIA mentions us David Morris
- Re: The CIA mentions us Fernando Gont
- Re: The CIA mentions us Phillip Hallam-Baker
- Re: The CIA mentions us Phillip Hallam-Baker
- Re: The CIA mentions us Jari Arkko
- Re: The CIA mentions us John C Klensin
- Re: The CIA mentions us Phillip Hallam-Baker
- Re: The CIA mentions us Vinayak Hegde
- Re: The CIA mentions us willi uebelherr
- Re: The CIA mentions us Michael Richardson
- Re: The CIA mentions us Dave Cridland
- Re: The CIA mentions us Phillip Hallam-Baker
- Re: The CIA mentions us Jari Arkko
- Re: The CIA mentions us Ted Lemon
- Re: The CIA mentions us Bob Hinden
- Re: The CIA mentions us Jari Arkko
- Re: The CIA mentions us Stephen Farrell
- Re: The CIA mentions us Phillip Hallam-Baker
- Re: The CIA mentions us joel jaeggli
- Re: The CIA mentions us Rich Kulawiec
- Re: The CIA mentions us Ted Lemon
- Re: The CIA mentions us Phillip Hallam-Baker
- Re: The CIA mentions us willi uebelherr
- Re: The CIA mentions us Yoav Nir
- Re: The CIA mentions us willi uebelherr
- RE: The CIA mentions us Tony Hain