
On 8 June 2013 12:12, Jimmy Hess <mysidia@gmail.com> wrote:
On 6/7/13, Måns Nilsson <mansaxel@besserwisser.org> wrote:
<tinfoilhat> Just wait until we find out dark and lit private fiber is getting vampired. </tinfoilhat> I'm not even assuming it, I'm convinced. In Sweden, we have a law,
Subject: Re: PRISM: NSA/FBI Internet data mining project Date: Fri, Jun 07, 2013 at 12:25:35AM -0500 Quoting jamie rishaw (j@arpa.com): that makes what NSA/FBI did illegal while at the same time legalising,
Perhaps strong crypto should be implemented on transceivers at each end of every link, so users could be protected from that without having to implement the crypto themselves at the application layer? :)
-- -JH
Encrypted wifi doesn't help if the access point is the one doing the sniffing. How often are 'wiretaps' done by tapping in to a physical line vs simply requesting a switch/router copy everything going through it to another port? the CIA might use physical taps to monitor the russian governments traffic, but within the US I imagine they normally just ask the targets ISP to copy the data to them. To be automatic and 'just work' would also mean not having to configure the identity of the devices at the other end of every link. In this case you'll just negotiate an encrypted link to the CIAs sniffer instead of the switch you thought you were talking to. End to end encryption with secure automatic authentication is needed, it's taking a while to gain traction but DANE looks like the solution. When SSL requires the overhead of getting a CA to re-sign everything every year you only use it when you have a reason to. When SSL is a single copy/paste operation to set it up and no maintenance it becomes much harder to justify why you're not doing it. Unfortunately I haven't come across any good ideas yet for p2p type applications were you don't have anywhere to securely publish your certificates. - Mike