|
> It used to be easy to dismiss opportunistic security as a waste of time, it is now clear to most that it is .... [BA] Merely a waste of money. "Opportunistic unauthenticated encryption" that does not defend against man-in-the-middle attacks has no value against targeted surveillance. So if the goal is to protect dissidents, look elsewhere. Unfortunately, the line between "targeted surveillance" and "mass surveillance" is a thin one. The value against mass surveillance is predicated on the assumption that "large scale targeted surveillance" is infeasible or that the cost of large scale meta-data collection can be increased to the point where it is too costly even for a nation-state. The first assertion, is likely to be proven false by the first gear to include built-in man-in-the-middle attack support. Care to wager which appears first, carrier-class gear supporting man-in-the-middle attacks, or significant deployment of "opportunistic" encryption? The second assertion is likely to be proven false as soon as "opportunistic" is deployed widely enough to necessitate a surveillance budget increase (based on purchases of the above gear) necessary to defeat it. |