Re: The CIA mentions us
Ted Lemon <mellon@fugue.com> Mon, 13 March 2017 15:02 UTC
Return-Path: <mellon@fugue.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 515281294AD for <ietf@ietfa.amsl.com>; Mon, 13 Mar 2017 08:02:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kILacCdqWJzO for <ietf@ietfa.amsl.com>; Mon, 13 Mar 2017 08:02:00 -0700 (PDT)
Received: from mail-qt0-x22e.google.com (mail-qt0-x22e.google.com [IPv6:2607:f8b0:400d:c0d::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 91B2B129418 for <ietf@ietf.org>; Mon, 13 Mar 2017 08:02:00 -0700 (PDT)
Received: by mail-qt0-x22e.google.com with SMTP id i34so33553321qtc.0 for <ietf@ietf.org>; Mon, 13 Mar 2017 08:02:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=9PM07QpsxILhAce5y1sgHSyzPf7H0EGzCEIVWELZxy0=; b=NE0ZgXMF+Q8QFNwbuHq0OsgUsMVkFfeYKQkJWIhUMRovHLdM10iGpFzekLxXKrXimI NjvHRFFVMma4K0wTrq6OXr/BEBLLK1UMGUYVA+fGLCCurAm4/Lc09Xr1/UcQetRyc/a0 /yr7RxSy1I7wR3YEZ2l3PwAeCemk4IN7Q+84d5g+8D32JVdBc3d+UeAQFK9+3KRyLR2A 6sUJW8RcoJMoJcXp0czbBdtFnTq2hrLs4MSurn1OaQdJ6mX0MB7FXW3B+gpCLMAgeTI+ 5RIQ3Bx8bCB1jVMyXM1aSgra83wYCNFU8TWvdAbU4hTTQnhZmOJhOvHnzEe6oBohBvQ6 LLMA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=9PM07QpsxILhAce5y1sgHSyzPf7H0EGzCEIVWELZxy0=; b=rHMLvdeEhXWsTkkHNvjdn5NGxeLlXa21sy19Jys5/dpXAmnmDFUEZfwnjcu7g6vOsf zRZv1gr1eZ09S/6VDXIyz2+aoiC35dduG0UKw9XeLb/46bfsLeYN/9wyS6LzwWFLuwdP CzpR+1aSEjy6j3pn45IfGgsQRyR8QvMohSCFshjUOQiM49/0/9Zyt6k0bjEvIY+kIVHV VlhZTkVlUDRDXsthKm9A7r9aXlJUd7tA5JEYuyh1mo5Hm0GaWQg2+6vVTgC04gfZobpC t9I6T3vga53oRDJ+cgOOuUYFzSJ62rlwexdMzfHIxwxhoMja7yKsHI3SjOlrfjVr2xFA 30DQ==
X-Gm-Message-State: AMke39kuITPC9R/dyCF7mjS3LvrBRb91L/gw9xuXWqffKm05ekUeA56nO4AjMT+xgASsqQ==
X-Received: by 10.200.52.65 with SMTP id v1mr35419364qtb.166.1489417319276; Mon, 13 Mar 2017 08:01:59 -0700 (PDT)
Received: from [10.0.20.202] (c-73-167-64-188.hsd1.nh.comcast.net. [73.167.64.188]) by smtp.gmail.com with ESMTPSA id j4sm12331361qkc.40.2017.03.13.08.01.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 13 Mar 2017 08:01:58 -0700 (PDT)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <CC5E2EDA-5533-4FA0-8350-CE45311DD8B4@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_FDE8B84A-470E-471D-A247-E4B7464CEF07"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Subject: Re: The CIA mentions us
Date: Mon, 13 Mar 2017 11:01:57 -0400
In-Reply-To: <47b7ee93-0fc7-1ae7-a3d7-cea0b4b4cd2a@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <20170307155346.fwhhpnsm4wl6zzoo@nic.fr> <CAMm+Lwh5E-NPXsVWQpK2tA8Rr+6SpvJJKxMbiks7_F1umxz2FQ@mail.gmail.com> <20170307160840.duv7wwg5sm23nrek@nic.fr> <44d06f90-0f38-f6de-8eb1-cf8262369cd5@bogus.com> <c6df6333-1a08-aa0c-c1de-55d335234f2a@si6networks.com> <alpine.LRH.2.01.1703071034050.3764@egate.xpasc.com> <CAMm+LwioHOJxDZudH8Ya9SYv5DT1fPMJ5ypDR8O5JGa4HwxPvg@mail.gmail.com> <F950C538-05E4-451B-8AC0-A42010DAA8D6@piuha.net> <56AC2362-AAF9-4103-AEC8-F4BD24288B94@piuha.net> <2B19E363-3C0C-409A-9FCE-078389B38106@fugue.com> <18048613-FD0F-419D-83AA-937D45F8900B@gmail.com> <47b7ee93-0fc7-1ae7-a3d7-cea0b4b4cd2a@cs.tcd.ie>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/eb7qm73aamlaTEvJtEDySEsOMkQ>
Cc: Bob Hinden <bob.hinden@gmail.com>, IETF <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Mar 2017 15:02:02 -0000
On Mar 10, 2017, at 9:02 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > I don't think your optimistic conclusion here follows, for two > reasons. Firstly, we've seen that the adversary here is not > driven by economic concerns and will attack not just a weakest > link, but all possible targets they can afford given their very > very large budgets. [...] > And while I do think that the actions that many people in the > Internet community and in the IETF have taken have probably > made pervasive monitoring harder and/or more costly, I do not > think that's really that relevant to this particular leak. In > this case, I think the much more interesting thing is that > this is yet another demonstration that attack code that is > intended to be used for attacks (as opposed to demonstration) > is in the end hugely counter-productive. (And immoral too IMO, > but I'd not claim that we all need to agree with that last;-) True OTOH, there's a good editorial in the NY Times recently that speaks to the points you've raised: https://www.nytimes.com/2017/03/09/opinion/the-truth-about-the-wikileaks-cia-cache.html <https://www.nytimes.com/2017/03/09/opinion/the-truth-about-the-wikileaks-cia-cache.html> I think the main thing is that yes, of course, a state actor with unlimited resources can hack every hackable device indiscriminately. But widespread encryption means that they have to do that. And doing that is _much_ harder than intercepting passively, and more importantly, it's more detectable. I am surprised that you find my response optimistic. I feel pretty cynical about the situation. I just believe that we have done some things that have improved matters, and that's worth mentioning.
- The CIA mentions us Stephane Bortzmeyer
- Re: The CIA mentions us Phillip Hallam-Baker
- Re: The CIA mentions us Phillip Hallam-Baker
- Re: The CIA mentions us Stephane Bortzmeyer
- Re: The CIA mentions us joel jaeggli
- Re: The CIA mentions us Fernando Gont
- Re: The CIA mentions us David Morris
- Re: The CIA mentions us Fernando Gont
- Re: The CIA mentions us Phillip Hallam-Baker
- Re: The CIA mentions us Phillip Hallam-Baker
- Re: The CIA mentions us Jari Arkko
- Re: The CIA mentions us John C Klensin
- Re: The CIA mentions us Phillip Hallam-Baker
- Re: The CIA mentions us Vinayak Hegde
- Re: The CIA mentions us willi uebelherr
- Re: The CIA mentions us Michael Richardson
- Re: The CIA mentions us Dave Cridland
- Re: The CIA mentions us Phillip Hallam-Baker
- Re: The CIA mentions us Jari Arkko
- Re: The CIA mentions us Ted Lemon
- Re: The CIA mentions us Bob Hinden
- Re: The CIA mentions us Jari Arkko
- Re: The CIA mentions us Stephen Farrell
- Re: The CIA mentions us Phillip Hallam-Baker
- Re: The CIA mentions us joel jaeggli
- Re: The CIA mentions us Rich Kulawiec
- Re: The CIA mentions us Ted Lemon
- Re: The CIA mentions us Phillip Hallam-Baker
- Re: The CIA mentions us willi uebelherr
- Re: The CIA mentions us Yoav Nir
- Re: The CIA mentions us willi uebelherr
- RE: The CIA mentions us Tony Hain