Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

[Martin Millnert <martin@xxxxxxxxxxx>]

On 6 sep 2013, at 05:39, jnc@xxxxxxxxxxxxxxxxxxx (Noel Chiappa) wrote:

From: Phillip Hallam-Baker <hallam@xxxxxxxxx>

S/MIME is almost what we need to secure email.

If by "secure email" you mean 'render email impervious to being looked at
while on the wire', perhaps. If, however, you mean 'render it secure from
ever being looked at by anyone else', no way.

Even if it's stored on the destination host in encrypted form, if that host is
compromised, the contents of that email are now at risk. Even if the key is
not stored on that machine, the next time it's entered into that machine (or,
more broadly, the encrypted email and the key are brought near each other), it
can be lifted, _if that computer has been compromised_.

This and several other comments about the endpoint threat thus far in this thread does not seem to understand a very vital point:

Bruce was in http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance not suggesting that more encryption on the wire by open protocols can starve off attacks on endpoints.

He was not suggesting that backdoors in eg. network driver's firmwares cannot provide special access to host memory, extremely hard to detect and never utilized in friendly territories where raw opto tapping provides cheaper access anyway.

But he IS suggesting that encrypting everything on the wire makes both metadata and payload collection from wires less valuable.

Here comes the key point:

Encrypting everything on the wire raises the cost for untargeted mass surveillance significantly. And that is what it is all about.

And best is of course if this can be end to end, though hiding metadata requires either something onion like or transport encryption by layers below said metadata.

/M