Re: not really pgp signing in van
Yoav Nir <ynir@checkpoint.com> Wed, 11 September 2013 10:29 UTC
Return-Path: <ynir@checkpoint.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E660621E80B1 for <ietf@ietfa.amsl.com>; Wed, 11 Sep 2013 03:29:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.29
X-Spam-Level:
X-Spam-Status: No, score=-8.29 tagged_above=-999 required=5 tests=[AWL=-0.291, BAYES_50=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IG+Wb1wV-rcw for <ietf@ietfa.amsl.com>; Wed, 11 Sep 2013 03:28:59 -0700 (PDT)
Received: from smtp.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id 486F011E8209 for <ietf@ietf.org>; Wed, 11 Sep 2013 03:28:55 -0700 (PDT)
Received: from IL-EX10.ad.checkpoint.com ([194.29.34.147]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id r8BASpMB003435; Wed, 11 Sep 2013 13:28:52 +0300
X-CheckPoint: {523045E3-18-1B221DC2-1FFFF}
Received: from DAG-EX10.ad.checkpoint.com ([169.254.3.173]) by IL-EX10.ad.checkpoint.com ([169.254.2.246]) with mapi id 14.02.0347.000; Wed, 11 Sep 2013 13:28:51 +0300
From: Yoav Nir <ynir@checkpoint.com>
To: Ted Lemon <Ted.Lemon@nominum.com>
Subject: Re: not really pgp signing in van
Thread-Topic: not really pgp signing in van
Thread-Index: AQHOqpqEjBIP/2g1CkqG7PeMKpCUVZm4woAAgABaqICAABiYAIAAA0aAgAANQYCAABNogIAC1QKAgAAEoYCAAPmWgIAAFPEAgABoNACAAAGyAIAAFfqAgAAJLoCAADHKgIAAAaMAgAADyACAAARAgIAA+LOAgAAM5ICAABExgIAABM+AgAA1XYCAAAUcAIAADD8AgAAPiQCAALO2gA==
Date: Wed, 11 Sep 2013 10:28:51 +0000
Message-ID: <F6A860A8-BB7C-46F4-9AEB-D39237C6585A@checkpoint.com>
References: <20130910010719.33978.qmail@joyce.lan> <8D23D4052ABE7A4490E77B1A012B63077527E234@mbx-01.win.nominum.com> <alpine.BSF.2.00.1309092125360.34090@joyce.lan> <8D23D4052ABE7A4490E77B1A012B63077527E488@mbx-01.win.nominum.com> <CAMm+LwhZ9OKesZW+kFct5Gps6_JBzcNUUBQ-y5J21zMcxmL6EQ@mail.gmail.com> <241D1DD6-C096-49D6-A05B-33638846BF15@nominum.com> <CAMm+LwhhUzDX=AaJXSCkqJofHQ9ZiN11GmCw-reO0OPmNC4fyA@mail.gmail.com> <E2ECE63C-D8E4-4A5A-BEA3-295C027D0E71@nominum.com> <alpine.BSF.2.00.1309101745410.46654@joyce.lan> <B27CD2F3-D71E-446A-9166-AC05B49718F4@nominum.com> <CAMm+LwiDCA1-KCm_Sj757Ty67qn1y0QFNoCd76qMxTAhOMXj7w@mail.gmail.com> <31D54C08-0246-4CE3-A958-18BAAE59FA0C@nominum.com>
In-Reply-To: <31D54C08-0246-4CE3-A958-18BAAE59FA0C@nominum.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.31.20.176]
x-kse-antivirus-interceptor-info: protection disabled
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <67B3888C867C484AB4272EC876E47590@ad.checkpoint.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Sep 2013 10:29:20 -0000
On Sep 11, 2013, at 2:45 AM, Ted Lemon <Ted.Lemon@nominum.com> wrote: > On Sep 10, 2013, at 6:50 PM, Phillip Hallam-Baker <hallam@gmail.com> wrote: >> Could be but I have been working through what we know versus what would be required and I really can't see how a group of people who would let Snowden loose on their innermost secrets would be able to keep a conspiracy that required CAs or Gmail staff or the like to participate on the scale required. > > You don't need a conspiracy. You just need to threaten the right person with jail. I don't think you'd even need the threats. "Hello, Mr. Lemon. Thank you for taking the time to see us. As you know, there are a lot of terrorists who as we speak are planning attacks against our country. Let me ask you something. Do you love your country? You know what, don't answer that. I don't go much for all that flag-waving myself. But you remember 9/11? 3000 people died there. And in Iraq 170 were killed in the last few months. Those are the same people, and they're as determined as ever. And do you think they're all in Iraq and Syria? I'm not supposed to tell you this" (looks around the room to make sure you're alone) "but just last month we arrested <insert Arab-sounding name here> right in Virginia with bomb components in his basement and plans for some key buildings in DC. You know how they coordinated their attacks? They used your mail service. And that is why we've come to you. Not so that America can win. What's winning, anyway? But because we're saving lives, hundreds of lives, both here and abroad. We need your help. Will you do this for America? For the innocent victims?" Notice the important parts of that pitch. A sense of danger; Making the target feel either patriotic or a humanitarian; Sharing a "secret" with the target, making him part of the "inner circle". Making the target feel important, like "only your cooperation can help us stop the next attack". If this pitch is executed correctly, by the end, the target is asking for an NSL as CYA. I've seen this kind of thing done once years ago, but it was done very poorly and didn't work. > Nevertheless, your optimism about this problem is not an optimism that I share, and apparently I am not alone in my pessimism. You can certainly argue that the IETF need not address this threat model, but I don't agree with you, and your assurances that it's all perfectly okay are not swaying me... :) Yeah, I don't get those references to the NSA being in hot water. Polls get different results depending on how the question is asked, but they either show a slim majority against massive snooping or a very slim majority accepting massive snooping "if it's to fight terrorism". I don't see much in the way of massive pressure on the legislative or executive branch to stop it. Yoav
- Re: pgp signing in van Scott Kitterman
- Re: pgp signing in van Scott Kitterman
- Re: pgp signing in van Melinda Shore
- pgp signing in van Randy Bush
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Dave Crocker
- Re: pgp signing in van Scott Kitterman
- RE: pgp signing in van l.wood
- Re: pgp signing in van Russ Housley
- Re: pgp signing in van Michael Richardson
- Re: pgp signing in van Peter Saint-Andre
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Joe Touch
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Melinda Shore
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Melinda Shore
- Re: pgp signing in van Joe Touch
- Re: pgp signing in van Scott Kitterman
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Scott Brim
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Melinda Shore
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Melinda Shore
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Pete Resnick
- Re: pgp signing in van Theodore Ts'o
- Re: pgp signing in van Hector Santos
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Hector Santos
- Re: pgp signing in van John C Klensin
- Re: pgp signing in van Michael Richardson
- Re: pgp signing in van Michael Richardson
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Peter Saint-Andre
- Re: pgp signing in van Hector Santos
- Re: pgp signing in van Peter Saint-Andre
- Re: pgp signing in van Måns Nilsson
- RE: pgp signing in van l.wood
- Re: pgp signing in van Anshuman Pratap Chaudhary
- Re: pgp signing in van Måns Nilsson
- Re: pgp signing in van Brian Trammell
- Re: pgp signing in van Andrew Sullivan
- Re: pgp signing in van Cyrus Daboo
- Re: pgp signing in van Peter Saint-Andre
- Re: pgp signing in van Michael Richardson
- Re: pgp signing in van John Levine
- Re: pgp signing in van David Conrad
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Peter Saint-Andre
- Re: pgp signing in van Richard Barnes
- Re: pgp signing in van Scott Brim
- Re: [IETF] Re: pgp signing in van Warren Kumari
- What real users think [was: Re: pgp signing in va… Brian E Carpenter
- Re: pgp signing in van Dan York
- Re: What real users think [was: Re: pgp signing i… Dave Crocker
- Re: pgp signing in van Ted Lemon
- Re: What real users think [was: Re: pgp signing i… Steve Crocker
- Re: What real users think [was: Re: pgp signing i… Ted Lemon
- Re: What real users think [was: Re: pgp signing i… Dave Crocker
- Re: What real users think [was: Re: pgp signing i… Hector Santos
- Re: What real users think [was: Re: pgp signing i… Steve Crocker
- Re: pgp signing in van Ted Lemon
- Re: What real users think [was: Re: pgp signing i… Brian E Carpenter
- Re: What real users think [was: Re: pgp signing i… John C Klensin
- Re: What real users think [was: Re: pgp signing i… Ted Lemon
- Re: pgp signing in van David Morris
- Re: What real users think [was: Re: pgp signing i… SM
- Re: What real users think [was: Re: pgp signing i… Dave Crocker
- Re: pgp signing in van Ted Lemon
- Re: What real users think [was: Re: pgp signing i… Ted Lemon
- Re: What real users think [was: Re: pgp signing i… Ted Lemon
- Re: not really pgp signing in van John Levine
- Re: not really pgp signing in van Ted Lemon
- Re: What real users think [was: Re: pgp signing i… John R. Levine
- Re: pgp signing in van Arturo Servin
- Re: not really pgp signing in van Scott Kitterman
- Re: What real users think [was: Re: pgp signing i… Phillip Hallam-Baker
- Re: not really pgp signing in van John Levine
- Re: What real users think [was: Re: pgp signing i… John Levine
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van John R Levine
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van John R Levine
- Re: What real users think [was: Re: pgp signing i… Fernando Gont
- Re: pgp signing in van Fernando Gont
- Re: pgp signing in van Ted Lemon
- Re: not really pgp signing in van Brian Trammell
- Re: pgp signing in van t.p.
- Re: not really pgp signing in van Måns Nilsson
- Re: pgp signing in van Ted Lemon
- the evil of html was Re: pgp signing in van t.p.
- Re: not really pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Paul Wouters
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van Phillip Hallam-Baker
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van Martin Thomson
- Re: not really pgp signing in van Phillip Hallam-Baker
- Re: not really pgp signing in van John R Levine
- Re: not really pgp signing in van manning bill
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van Theodore Ts'o
- Re: not really pgp signing in van Phillip Hallam-Baker
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van Yoav Nir
- was: not really pgp signing in van SM
- Re: was: not really pgp signing in van Phillip Hallam-Baker