Phillip Hallam-Baker <phill@xxxxxxxxxxxxxxx> wrote: > However, it is not just the US agencies doing this work. There are now > 117 cyber commands and there is a real problem of 'loose > cyber-weapons'. It is to the interest of the US and to all the other > cyber-commands that a norm is established that cyber weapons are > secured end to end throughout their lifecyle and tools produced to > enable that to be achieved. I'm not really sure I understand what it means to secure a cyber weapon. You could be talking about keeping the source code in locked briefcases, or you could be talking about some kind of snake-oil DRM on the binaries, like the movie and game industries thinks they have "invented". Or something else completely. > Such tools do not currently exist. However some key patent expiries > that have occurred and will be complete in November this year make true > end to end data level encryption practical. I have proof of concept but > short of infringing code running in the lab which I will push out as > soon as I can together with the supporting specifications. Now here you seem to be talking about securing things in transit. if I may air some of my griping: tcpdump has recently dealt with some hundred potential vulnerabilities found by futzing. I was interested to find a file called "PCAP" in the Vault 7 archives, but it's not really released yet. What's annoying is that there is money for attack tools, and there are rewards for finding exploits, but not much for fixing bugs, and many serious disincentives to good design in the first place. -- Michael Richardson <mcr+IETF@xxxxxxxxxxxx>, Sandelman Software Works -= IPv6 IoT consulting =-
Attachment:
signature.asc
Description: PGP signature