Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Subject: Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA Date: Fri, Sep 06, 2013 at 11:46:17AM -0400 Quoting Ted Lemon (ted.lemon@xxxxxxxxxxx):
> On Sep 6, 2013, at 3:25 AM, Måns Nilsson <mansaxel@xxxxxxxxxxxxxxxx> wrote:
> > I do think that more distributed technoligies like DANE play an important
> > rôle here.
> 
> Right, because there's no way the NSA could ever pwn the DNS root key.

It is probably easier for NSA or similar agencies in other countries
to coerce X.509 root CA providers that operate on a competetive market
than fooling the entire international DNS black helicopter cabal. But
that is -- I admit -- an educated guess, based on personal relations.

> What we should probably be thinking about here is:
> 
>   - Mitigating single points of failure (IOW, we _cannot_ rely
>     on just the root key)

In effect, DANE exchanges one trust model for another. I happen
to believe that the damage risque is lower with DNSSEC + DANE than the
traditional "any CA can issue a certificate for any domain name" setup.

>   - Hybrid solutions (more trust sources means more work to
>     compromise)
>   - Sanity checking (if a key changes unexpectedly, we should
>     be able to notice)
>   - Multiple trust anchors (for stuff that really matters, we
>     can't rely on the root or on a third party CA)
>   - Trust anchor establishment for sensitive communications
>     (e.g. with banks)

agree on all. 
 
> The threat model isn't really the NSA per se—if they really want to bug you, they will, and you can't stop them, and that's not a uniformly bad thing.   The problem is the breathtakingly irresponsible weakening of crypto systems that has been alleged here, and what we can do to mitigate that.   Even if we aren't sure that it's happened, or precisely what's happened, it's likely that it has happened, or will happen in the near future.  We should be thinking in those terms, not crossing our fingers and hoping for the best.
 
Audit and open source seem to be good starting points. 

-- 
Måns Nilsson     primary/secondary/besserwisser/machina
MN-1334-RIPE                             +46 705 989668
Yow!  It's some people inside the wall!  This is better than mopping!

Attachment: signature.asc
Description: Digital signature

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]