nanog mailing list archives
Re: PRISM: NSA/FBI Internet data mining project
From: Mike Jones <mike () mikejones in>
Date: Sat, 8 Jun 2013 13:06:14 +0100
On 8 June 2013 12:12, Jimmy Hess <mysidia () gmail com> wrote:
On 6/7/13, Måns Nilsson <mansaxel () besserwisser org> wrote:Subject: Re: PRISM: NSA/FBI Internet data mining project Date: Fri, Jun07,2013 at 12:25:35AM -0500 Quoting jamie rishaw (j () arpa com):<tinfoilhat> Just wait until we find out dark and lit private fiber is getting vampired. </tinfoilhat>I'm not even assuming it, I'm convinced. In Sweden, we have a law, that makes what NSA/FBI did illegal while at the same time legalising,Perhaps strong crypto should be implemented on transceivers at each end of every link, so users could be protected from that without having to implement the crypto themselves at the application layer? :) -- -JH
Encrypted wifi doesn't help if the access point is the one doing the sniffing. How often are 'wiretaps' done by tapping in to a physical line vs simply requesting a switch/router copy everything going through it to another port? the CIA might use physical taps to monitor the russian governments traffic, but within the US I imagine they normally just ask the targets ISP to copy the data to them. To be automatic and 'just work' would also mean not having to configure the identity of the devices at the other end of every link. In this case you'll just negotiate an encrypted link to the CIAs sniffer instead of the switch you thought you were talking to. End to end encryption with secure automatic authentication is needed, it's taking a while to gain traction but DANE looks like the solution. When SSL requires the overhead of getting a CA to re-sign everything every year you only use it when you have a reason to. When SSL is a single copy/paste operation to set it up and no maintenance it becomes much harder to justify why you're not doing it. Unfortunately I haven't come across any good ideas yet for p2p type applications were you don't have anywhere to securely publish your certificates. - Mike
Current thread:
- PGP/SSL/TLS really as secure as one thinks?, (continued)
- PGP/SSL/TLS really as secure as one thinks? Jeroen Massar (Jun 07)
- Re: PGP/SSL/TLS really as secure as one thinks? Leo Bicknell (Jun 07)
- Re: PGP/SSL/TLS really as secure as one thinks? David Walker (Jun 07)
- Re: PGP/SSL/TLS really as secure as one thinks? Joe Abley (Jun 10)
- Re: PGP/SSL/TLS really as secure as one thinks? Matthew Petach (Jun 10)
- Re: PRISM: NSA/FBI Internet data mining project Måns Nilsson (Jun 06)
- Re: PRISM: NSA/FBI Internet data mining project Jimmy Hess (Jun 08)
- Re: PRISM: NSA/FBI Internet data mining project Matthew Petach (Jun 08)
- Re: PRISM: NSA/FBI Internet data mining project Jay Ashworth (Jun 08)
- Re: PRISM: NSA/FBI Internet data mining project Tom Taylor (Jun 09)
- Re: PRISM: NSA/FBI Internet data mining project Mike Jones (Jun 08)
- Re: PRISM: NSA/FBI Internet data mining project Warren Bailey (Jun 08)
- Re: PRISM: NSA/FBI Internet data mining project Eugen Leitl (Jun 07)
- RE: PRISM: NSA/FBI Internet data mining project Alex Rubenstein (Jun 07)
- RE: PRISM: NSA/FBI Internet data mining project Adam Vitkovsky (Jun 10)
- Re: PRISM: NSA/FBI Internet data mining project William Herrin (Jun 08)
- Re: PRISM: NSA/FBI Internet data mining project James Harrison (Jun 08)
- Re: PRISM: NSA/FBI Internet data mining project ku po (Jun 08)
- Re: PRISM: NSA/FBI Internet data mining project ku po (Jun 08)
- Re: PRISM: NSA/FBI Internet data mining project Jason L. Sparks (Jun 09)
- RE: PRISM: NSA/FBI Internet data mining project Keith Medcalf (Jun 09)