[LINK] GCHQ Forced Secure Email Service PrivateSky to Shut Down

Karl Auer kauer at biplane.com.au
Mon Dec 16 18:02:35 AEDT 2013


On Mon, 2013-12-16 at 16:18 +1030, Glen Turner wrote:
> On 14/12/2013, at 9:19 AM, Karl Auer wrote:
> > entity. If there were a distributed mechanism in place (think Tor),
> > these problems would go away.
> > I don't know what that mechanism is - but it's the answer :-)
> The problem with distributed mechanisms is that you don't know who
> owns them. It's simple enough to NSA to own enough of them to have a
> high probability of collecting the metadata it desires.

It's statistics - there are few major carriers, so corrupting one gets
the bad guys (yes, I mean the NSA - is there any better description?)
heaps and heaps of data. Spread stuff around, and it becomes
statistically far less likely that any particular communication involves
a corrupted node. Spread stuff around *enough* and it becomes pointless
for the bad guys to even try. If the solution can spread *partial* keys
around, it becomes hard even for a corrupted node to do much damage.

The other point (I don't remember if I made it explicitly) is that any
commercial solution will fail because it is trivially compromised -
attack the corporate entity that owns it, force a backdoor into it, and
it's game over. Any solution needs to be not only massively distributed,
but also non-commercial.

These are just necessary attributes of the system IMHO. I still have no
idea what the actual mechanism is, but I think it will need those
attributes.

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A
Old fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017




More information about the Link mailing list