IETF Logo Mail Archive

Re: not really pgp signing in van

Phillip Hallam-Baker <hallam@gmail.com> Tue, 10 September 2013 22:50 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AAE4E11E81CA for <ietf@ietfa.amsl.com>; Tue, 10 Sep 2013 15:50:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B95XQQN4ToKh for <ietf@ietfa.amsl.com>; Tue, 10 Sep 2013 15:50:05 -0700 (PDT)
Received: from mail-lb0-x236.google.com (mail-lb0-x236.google.com [IPv6:2a00:1450:4010:c04::236]) by ietfa.amsl.com (Postfix) with ESMTP id 859D411E811D for <ietf@ietf.org>; Tue, 10 Sep 2013 15:50:03 -0700 (PDT)
Received: by mail-lb0-f182.google.com with SMTP id c11so6890731lbj.13 for <ietf@ietf.org>; Tue, 10 Sep 2013 15:50:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=7VRRV9yUyLJRrIBEDBosqosH/X37Cwx5HBsr8ldUk9s=; b=H0HXuNQ4ZvZ2CPdqogsUB3PqYyiFVW52LlXxF3wfVk7ZCyZqW2uAIXCwEio2+rH1VT kpnt4I/vTPcbBltRgJRaVnw5/AWg34+cWpE+qZp9LCNJYm0OL4cpAuHnAPU5f+nsnhDo 0FizCcogMV7iOvB0h8cPwCjhC8otck7ewTZ+Zbr1J/d0+J4E9lZXVTXTSvBqIj48PgxX w68eGpOL0mVO7XiXGUMiVr3qQyfMh1QKm4sPGo4j6QdogYUdXZCYXu0/vbu4w07QuwKt vhvSJVYtjG4i4P8kGpwNRP7JfrJ1VfYRNhq2UNRnu0Vpl4F2W4vmGbzIEDrmuT9pERGe k8uA==
MIME-Version: 1.0
X-Received: by 10.112.52.225 with SMTP id w1mr87107lbo.31.1378853402433; Tue, 10 Sep 2013 15:50:02 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Tue, 10 Sep 2013 15:50:02 -0700 (PDT)
In-Reply-To: <B27CD2F3-D71E-446A-9166-AC05B49718F4@nominum.com>
References: <20130910010719.33978.qmail@joyce.lan> <8D23D4052ABE7A4490E77B1A012B63077527E234@mbx-01.win.nominum.com> <alpine.BSF.2.00.1309092125360.34090@joyce.lan> <8D23D4052ABE7A4490E77B1A012B63077527E488@mbx-01.win.nominum.com> <CAMm+LwhZ9OKesZW+kFct5Gps6_JBzcNUUBQ-y5J21zMcxmL6EQ@mail.gmail.com> <241D1DD6-C096-49D6-A05B-33638846BF15@nominum.com> <CAMm+LwhhUzDX=AaJXSCkqJofHQ9ZiN11GmCw-reO0OPmNC4fyA@mail.gmail.com> <E2ECE63C-D8E4-4A5A-BEA3-295C027D0E71@nominum.com> <alpine.BSF.2.00.1309101745410.46654@joyce.lan> <B27CD2F3-D71E-446A-9166-AC05B49718F4@nominum.com>
Date: Tue, 10 Sep 2013 18:50:02 -0400
Message-ID: <CAMm+LwiDCA1-KCm_Sj757Ty67qn1y0QFNoCd76qMxTAhOMXj7w@mail.gmail.com>
Subject: Re: not really pgp signing in van
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Ted Lemon <Ted.Lemon@nominum.com>
Content-Type: multipart/alternative; boundary="001a11c3fe903fde0304e60f5389"
Cc: John R Levine <johnl@taugh.com>, "<ietf@ietf.org>" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Sep 2013 22:50:06 -0000

On Tue, Sep 10, 2013 at 6:06 PM, Ted Lemon <Ted.Lemon@nominum.com> wrote:

> On Sep 10, 2013, at 5:47 PM, John R Levine <johnl@taugh.com> wrote:
> > How likely is it that they would risk their reputation and hence their
> entire business by screwing around with free promo S/MIME certs?
>
> I don't know.   What happens if they are served with an NSL?


Well I do not have access to the operational side of Comodo so I do not
have direct knowledge. However I have no need of the money so if I had
knowledge of an NSL that I found unconscionable then I would stop working
for them.



>   I certainly don't think they'd *choose* to do anything like this, but
> what if it's that or jail?   Remember, we know of at least one case of a
> business owner being threatened with jail because he closed his business
> rather than do precisely what we are discussing.
>

I don't think an NSL can require me to work for a company and since I am a
foreign national I am not obliged to live in the country.

Low level government functionaries rarely attempt goon tactics on people
who are relatives of cabinet ministers and have personal friends on both
front benches in parliament.



> Remember too that the NSL doesn't even have to be served to the CEO—it
> could as easily be served to a geek on staff.   It's horrible to
> contemplate that such a thing might happen, but based on what we know at
> this point, it's not unreasonable to include this in our risk model.   It
> is _definitely_ not in the tin foil hat zone anymore.
>


Could be but I have been working through what we know versus what would be
required and I really can't see how a group of people who would let Snowden
loose on their innermost secrets would be able to keep a conspiracy that
required CAs or Gmail staff or the like to participate on the scale
required.

All they would need to achieve the results as we know them from PRISM is
the knowledge of where the fiber optic cables run and a large back hoe.

-- 
Website: http://hallambaker.com/

v2.23.0 | Report a Bug | By Email