nanog mailing list archives

Re: PRISM: NSA/FBI Internet data mining project

From: Mike Jones <mike () mikejones in>
Date: Sat, 8 Jun 2013 13:06:14 +0100

On 8 June 2013 12:12, Jimmy Hess <mysidia () gmail com> wrote:

On 6/7/13, Måns Nilsson <mansaxel () besserwisser org> wrote:

Subject: Re: PRISM: NSA/FBI Internet data mining project Date: Fri, Jun

07,

2013 at 12:25:35AM -0500 Quoting jamie rishaw (j () arpa com):

<tinfoilhat>
Just wait until we find out dark and lit private fiber is getting
vampired.
</tinfoilhat>

I'm not even assuming it, I'm convinced. In Sweden, we have a law,
that makes what NSA/FBI did illegal while at the same time legalising,


Perhaps  strong crypto should be implemented on transceivers  at each
end of every link,  so users could be protected from that without
having to implement the crypto themselves at the application layer? :)

--
-JH

Encrypted wifi doesn't help if the access point is the one doing the
sniffing. How often are 'wiretaps' done by tapping in to a physical line vs
simply requesting a switch/router copy everything going through it to
another port? the CIA might use physical taps to monitor the russian
governments traffic, but within the US I imagine they normally just ask the
targets ISP to copy the data to them.

To be automatic and 'just work' would also mean not having to configure the
identity of the devices at the other end of every link. In this case you'll
just negotiate an encrypted link to the CIAs sniffer instead of the switch
you thought you were talking to.

End to end encryption with secure automatic authentication is needed, it's
taking a while to gain traction but DANE looks like the solution. When SSL
requires the overhead of getting a CA to re-sign everything every year you
only use it when you have a reason to. When SSL is a single copy/paste
operation to set it up and no maintenance it becomes much harder to justify
why you're not doing it. Unfortunately I haven't come across any good ideas
yet for p2p type applications were you don't have anywhere to securely
publish your certificates.

- Mike

Current thread:

PGP/SSL/TLS really as secure as one thinks?, (continued)
- - - PGP/SSL/TLS really as secure as one thinks? Jeroen Massar (Jun 07)
    - Re: PGP/SSL/TLS really as secure as one thinks? Leo Bicknell (Jun 07)
    - Re: PGP/SSL/TLS really as secure as one thinks? David Walker (Jun 07)
    - Re: PGP/SSL/TLS really as secure as one thinks? Joe Abley (Jun 10)
    - Re: PGP/SSL/TLS really as secure as one thinks? Matthew Petach (Jun 10)
    - Re: PRISM: NSA/FBI Internet data mining project Måns Nilsson (Jun 06)
    - Re: PRISM: NSA/FBI Internet data mining project Jimmy Hess (Jun 08)
    - Re: PRISM: NSA/FBI Internet data mining project Matthew Petach (Jun 08)
    - Re: PRISM: NSA/FBI Internet data mining project Jay Ashworth (Jun 08)
    - Re: PRISM: NSA/FBI Internet data mining project Tom Taylor (Jun 09)
    - Re: PRISM: NSA/FBI Internet data mining project Mike Jones (Jun 08)
    - Re: PRISM: NSA/FBI Internet data mining project Warren Bailey (Jun 08)
    - Re: PRISM: NSA/FBI Internet data mining project Eugen Leitl (Jun 07)
    - RE: PRISM: NSA/FBI Internet data mining project Alex Rubenstein (Jun 07)
    - RE: PRISM: NSA/FBI Internet data mining project Adam Vitkovsky (Jun 10)
    - Re: PRISM: NSA/FBI Internet data mining project William Herrin (Jun 08)
    - Re: PRISM: NSA/FBI Internet data mining project James Harrison (Jun 08)
    - Re: PRISM: NSA/FBI Internet data mining project ku po (Jun 08)
    - Re: PRISM: NSA/FBI Internet data mining project ku po (Jun 08)
    - Re: PRISM: NSA/FBI Internet data mining project Jason L. Sparks (Jun 09)
    - RE: PRISM: NSA/FBI Internet data mining project Keith Medcalf (Jun 09)

(Thread continues...)