From nobody Sat Jan 30 08:51:20 2016 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA3F71B3C29 for ; Sat, 30 Jan 2016 08:51:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.5 X-Spam-Level: X-Spam-Status: No, score=-1.5 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1rbGgaBVYKgQ for ; Sat, 30 Jan 2016 08:51:17 -0800 (PST) Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8118A1B3C25 for ; Sat, 30 Jan 2016 08:51:17 -0800 (PST) Received: from [192.168.1.87] (76-218-10-206.lightspeed.sntcca.sbcglobal.net [76.218.10.206]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id u0UGpGvx001161 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT) for ; Sat, 30 Jan 2016 08:51:16 -0800 To: perpass@ietf.org From: Dave Crocker Organization: Brandenburg InternetWorking Message-ID: <56ACE9FF.3080606@dcrocker.net> Date: Sat, 30 Jan 2016 08:51:11 -0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.17]); Sat, 30 Jan 2016 08:51:17 -0800 (PST) Archived-At: Subject: [perpass] Cops hate encryption but the NSA loves it when you use PGP X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: dcrocker@bbiw.net List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Jan 2016 16:51:19 -0000 Cops hate encryption but the NSA loves it when you use PGP It lights you up like a Vegas casino, says compsci boffin By Iain Thomson Jan 27 2016 Although the cops and Feds wont stop banging on and on about encryption – the spies have a different take on the use of crypto. To be brutally blunt, they love it. Why? Because using detectable encryption technology like PGP, Tor, VPNs and so on, lights you up on the intelligence agencies' dashboards. Agents and analysts don't even have to see the contents of the communications – the metadata is enough for g-men to start making your life difficult. "To be honest, the spooks love PGP," Nicholas Weaver, a researcher at the International Computer Science Institute, told the Usenix Enigma conference in San Francisco on Wednesdy. "It's really chatty and it gives them a lot of metadata and communication records. PGP is the NSA's friend." Weaver, who has spent much of the last decade investigating NSA techniques, said that all PGP traffic, including who sent it and to whom, is automatically stored and backed up onto tape. This can then be searched as needed when matched with other surveillance data. Given that the NSA has taps on almost all of the internet's major trunk routes, the PGP records can be incredibly useful. It's a simple matter to build a script that can identify one PGP user and then track all their contacts to build a journal of their activities. Even better is the Mujahedeen Secrets encryption system, which was released by the Global Islamic Media Front to allow Al Qaeda supporters to communicate in private. Weaver said that not only was it even harder to use than PGP, but it was a boon for metadata – since almost anyone using it identified themselves as a potential terrorist. "It's brilliant!" enthused Weaver. "Whoever it was at the NSA or GCHQ who invented it give them a big Christmas bonus.” From nobody Sat Jan 30 10:24:48 2016 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB1831A6FB2 for ; Sat, 30 Jan 2016 10:24:46 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.302 X-Spam-Level: X-Spam-Status: No, score=-4.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BZbA6EMHHYtq for ; Sat, 30 Jan 2016 10:24:44 -0800 (PST) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 833461A6FB1 for ; Sat, 30 Jan 2016 10:24:44 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id C3161BE59; Sat, 30 Jan 2016 18:24:41 +0000 (GMT) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EuGpGIzfyB9p; Sat, 30 Jan 2016 18:24:40 +0000 (GMT) Received: from [10.87.48.75] (unknown [86.46.18.231]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id CF0F8BE58; Sat, 30 Jan 2016 18:24:39 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1454178280; bh=gBISP68p+i8ki5R4hSllPGmM1St6lwtNB4MwE0RcZ9w=; h=Subject:To:References:From:Date:In-Reply-To:From; b=0Tp4Viogz95gtzRtPYfOZJ859XKtnBZ7DNygalCfNbYa6boDbvCOojP94+eYjb/yg kDd7iLZ43N0usfy8OfR9MLu/DDXDm1SNtfq4CXaRyTxWaGlsoJLxjfuDlSypkjpvmu 0jqpoVNz6o+TVHWKqjdT2sR5POAhnDGyyRbII7zA= To: dcrocker@bbiw.net, perpass@ietf.org References: <56ACE9FF.3080606@dcrocker.net> From: Stephen Farrell Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url= Message-ID: <56ACFFE5.5000506@cs.tcd.ie> Date: Sat, 30 Jan 2016 18:24:37 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 MIME-Version: 1.0 In-Reply-To: <56ACE9FF.3080606@dcrocker.net> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Archived-At: Subject: Re: [perpass] Cops hate encryption but the NSA loves it when you use PGP X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Jan 2016 18:24:47 -0000 Anyone got a link to Nick's slides/paper? S. On 30/01/16 16:51, Dave Crocker wrote: > Cops hate encryption but the NSA loves it when you use PGP > It lights you up like a Vegas casino, says compsci boffin > > By Iain Thomson > Jan 27 2016 > > > Although the cops and Feds wont stop banging on and on about encryption > – the spies have a different take on the use of crypto. > > To be brutally blunt, they love it. Why? Because using detectable > encryption technology like PGP, Tor, VPNs and so on, lights you up on > the intelligence agencies' dashboards. Agents and analysts don't even > have to see the contents of the communications – the metadata is enough > for g-men to start making your life difficult. > > "To be honest, the spooks love PGP," Nicholas Weaver, a researcher at > the International Computer Science Institute, told the Usenix Enigma > conference in San Francisco on Wednesdy. "It's really chatty and it > gives them a lot of metadata and communication records. PGP is the NSA's > friend." > > Weaver, who has spent much of the last decade investigating NSA > techniques, said that all PGP traffic, including who sent it and to > whom, is automatically stored and backed up onto tape. This can then be > searched as needed when matched with other surveillance data. > > Given that the NSA has taps on almost all of the internet's major trunk > routes, the PGP records can be incredibly useful. It's a simple matter > to build a script that can identify one PGP user and then track all > their contacts to build a journal of their activities. > > Even better is the Mujahedeen Secrets encryption system, which was > released by the Global Islamic Media Front to allow Al Qaeda supporters > to communicate in private. Weaver said that not only was it even harder > to use than PGP, but it was a boon for metadata – since almost anyone > using it identified themselves as a potential terrorist. > > "It's brilliant!" enthused Weaver. "Whoever it was at the NSA or GCHQ > who invented it give them a big Christmas bonus.” > > > > _______________________________________________ > perpass mailing list > perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass From nobody Sat Jan 30 10:57:10 2016 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AAF851A873B for ; Sat, 30 Jan 2016 10:57:09 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.892 X-Spam-Level: X-Spam-Status: No, score=-0.892 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DK=1.009, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c3Nr2yw5cNZg for ; Sat, 30 Jan 2016 10:57:08 -0800 (PST) Received: from spamfilter2.dtu.dk (spamfilter2.dtu.dk [130.225.73.113]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F5921A873A for ; Sat, 30 Jan 2016 10:57:07 -0800 (PST) Received: from ait-pexedg02.win.dtu.dk (ait-pexedg02.win.dtu.dk [192.38.82.192]) by spamfilter2.dtu.dk with ESMTP id u0UIuqw5029497-u0UIuqw7029497 (version=TLSv1.0 cipher=AES256-SHA bits=256 verify=CAFAIL); Sat, 30 Jan 2016 19:56:52 +0100 Received: from ait-pex02mbx04.win.dtu.dk (192.38.82.184) by ait-pexedg02.win.dtu.dk (192.38.82.192) with Microsoft SMTP Server (TLS) id 14.3.266.1; Sat, 30 Jan 2016 19:56:41 +0100 Received: from ait-pex02mbx05.win.dtu.dk (192.38.82.185) by ait-pex02mbx04.win.dtu.dk (192.38.82.184) with Microsoft SMTP Server (TLS) id 14.3.266.1; Sat, 30 Jan 2016 19:56:51 +0100 Received: from 523x.env.dtu.dk (130.225.73.250) by ait-pex02mbx05.win.dtu.dk (192.38.82.185) with Microsoft SMTP Server id 14.3.266.1; Sat, 30 Jan 2016 19:56:51 +0100 Message-ID: <1454180211.2528.9.camel@env.dtu.dk> From: Hugo Connery To: Date: Sat, 30 Jan 2016 19:56:51 +0100 In-Reply-To: <56ACE9FF.3080606@dcrocker.net> References: <56ACE9FF.3080606@dcrocker.net> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.12.11 (3.12.11-1.fc21) MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Originating-IP: [130.225.73.250] Archived-At: Cc: perpass@ietf.org Subject: Re: [perpass] Cops hate encryption but the NSA loves it when you use PGP X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Jan 2016 18:57:09 -0000 Hi, Thanks Dave Crocker for posting this. It is useful to know who is running the standard anti-crypto arguments, and when. "You stand out like a sore thumb and they (archive it forever, focus on you more, ...)" goes with "only the 4 horsemen of the infopocalypse use encryption" as one of the standard arguments. Regards, Hugo Connery On Sat, 2016-01-30 at 08:51 -0800, Dave Crocker wrote: > Cops hate encryption but the NSA loves it when you use PGP > It lights you up like a Vegas casino, says compsci boffin > > By Iain Thomson > Jan 27 2016 > > > Although the cops and Feds wont stop banging on and on about encryption > – the spies have a different take on the use of crypto. > From matthijs@koot.biz Sat Jan 30 11:32:35 2016 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1F2F1A8833 for ; Sat, 30 Jan 2016 11:32:35 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.196 X-Spam-Level: X-Spam-Status: No, score=0.196 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545, UNPARSEABLE_RELAY=0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z-L4KlcslIaq for ; Sat, 30 Jan 2016 11:32:34 -0800 (PST) Received: from ns.cyberwar.nl (ns.cyberwar.nl [37.97.145.35]) by ietfa.amsl.com (Postfix) with ESMTP id 146361A882B for ; Sat, 30 Jan 2016 11:32:33 -0800 (PST) Received: from mrkoot.com (localhost [127.0.0.1]) by ns.cyberwar.nl (Postfix) with ESMTP id 09986527E5; Sat, 30 Jan 2016 20:32:30 +0100 (CET) Received: from (totally.not.spoofed [0.-1.-2.-3]) by numberstation with Gopher; Sat, 30 Jan 2016 19:32:30 -0000 X-Proposal: Your Ad Here? Better Call Saul! Message-ID: <5295c0797c43debce5367771cd87fdfb.w00t@mrkoot.com> In-Reply-To: <56ACFFE5.5000506@cs.tcd.ie> References: <56ACE9FF.3080606@dcrocker.net> <56ACFFE5.5000506@cs.tcd.ie> Date: Sat, 30 Jan 2016 19:32:30 -0000 From: "Matthijs R. Koot" To: "Stephen Farrell" User-Agent: SquirrelMail/1.4.22 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-milter-spamd: ham (-1.9/5.0 BAYES_00,UNPARSEABLE_RELAY,URIBL_BLOCKED) Archived-At: X-Mailman-Approved-At: Sat, 30 Jan 2016 11:51:48 -0800 Cc: perpass@ietf.org, dcrocker@bbiw.net Subject: Re: [perpass] Cops hate encryption but the NSA loves it when you use PGP X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Jan 2016 19:34:00 -0000 Hi Stephen, > Anyone got a link to Nick's slides/paper? Slides (38MB .pdf): http://www1.icsi.berkeley.edu/~nweaver/enigma_weaver.key.pdf Paper: does not exist ( https://twitter.com/ncweaver/status/693516094003281920 ). Video (20 min): https://www.youtube.com/watch?v=zqnKdGnzoh0 Regards, Matthijs > > S. > > On 30/01/16 16:51, Dave Crocker wrote: >> Cops hate encryption but the NSA loves it when you use PGP >> It lights you up like a Vegas casino, says compsci boffin >> >> By Iain Thomson >> Jan 27 2016 >> >> >> Although the cops and Feds wont stop banging on and on about encryption >> – the spies have a different take on the use of crypto. >> >> To be brutally blunt, they love it. Why? Because using detectable >> encryption technology like PGP, Tor, VPNs and so on, lights you up on >> the intelligence agencies' dashboards. Agents and analysts don't even >> have to see the contents of the communications – the metadata is >> enough >> for g-men to start making your life difficult. >> >> "To be honest, the spooks love PGP," Nicholas Weaver, a researcher at >> the International Computer Science Institute, told the Usenix Enigma >> conference in San Francisco on Wednesdy. "It's really chatty and it >> gives them a lot of metadata and communication records. PGP is the NSA's >> friend." >> >> Weaver, who has spent much of the last decade investigating NSA >> techniques, said that all PGP traffic, including who sent it and to >> whom, is automatically stored and backed up onto tape. This can then be >> searched as needed when matched with other surveillance data. >> >> Given that the NSA has taps on almost all of the internet's major trunk >> routes, the PGP records can be incredibly useful. It's a simple matter >> to build a script that can identify one PGP user and then track all >> their contacts to build a journal of their activities. >> >> Even better is the Mujahedeen Secrets encryption system, which was >> released by the Global Islamic Media Front to allow Al Qaeda supporters >> to communicate in private. Weaver said that not only was it even harder >> to use than PGP, but it was a boon for metadata – since almost anyone >> using it identified themselves as a potential terrorist. >> >> "It's brilliant!" enthused Weaver. "Whoever it was at the NSA or GCHQ >> who invented it give them a big Christmas bonus.” >> >> >> >> _______________________________________________ >> perpass mailing list >> perpass@ietf.org >> https://www.ietf.org/mailman/listinfo/perpass > > _______________________________________________ > perpass mailing list > perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass > From nobody Sat Jan 30 11:52:57 2016 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F40291A889A for ; Sat, 30 Jan 2016 11:52:55 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.902 X-Spam-Level: X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GBu9PrpQONKn for ; Sat, 30 Jan 2016 11:52:54 -0800 (PST) Received: from rock.ICSI.Berkeley.EDU (rock.ICSI.Berkeley.EDU [192.150.186.19]) by ietfa.amsl.com (Postfix) with ESMTP id 82DFE1A8894 for ; Sat, 30 Jan 2016 11:52:54 -0800 (PST) Received: from localhost (localhost.localdomain [127.0.0.1]) by rock.ICSI.Berkeley.EDU (Postfix) with ESMTP id 77FE72C400D; Sat, 30 Jan 2016 11:52:54 -0800 (PST) X-Virus-Scanned: amavisd-new at ICSI.Berkeley.EDU Received: from rock.ICSI.Berkeley.EDU ([127.0.0.1]) by localhost (maihub.ICSI.Berkeley.EDU [127.0.0.1]) (amavisd-new, port 10024) with LMTP id HwM-XLntzEja; Sat, 30 Jan 2016 11:52:54 -0800 (PST) Received: from [10.0.1.86] (c-76-103-162-14.hsd1.ca.comcast.net [76.103.162.14]) (Authenticated sender: nweaver) by rock.ICSI.Berkeley.EDU (Postfix) with ESMTP id AF5432C400A; Sat, 30 Jan 2016 11:52:53 -0800 (PST) Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\)) Content-Type: multipart/signed; boundary="Apple-Mail=_954665AB-D8A7-4D92-A011-51C829F75C42"; protocol="application/pgp-signature"; micalg=pgp-sha512 X-Pgp-Agent: GPGMail 2.6b2 From: Nicholas Weaver X-Priority: 3 (Normal) In-Reply-To: <5295c0797c43debce5367771cd87fdfb.w00t@mrkoot.com> Date: Sat, 30 Jan 2016 11:52:52 -0800 Message-Id: <394C9C42-5E56-4271-A90B-8486D4A16011@icsi.berkeley.edu> References: <56ACE9FF.3080606@dcrocker.net> <56ACFFE5.5000506@cs.tcd.ie> <5295c0797c43debce5367771cd87fdfb.w00t@mrkoot.com> To: "Matthijs R. Koot" X-Mailer: Apple Mail (2.3112) Archived-At: Cc: perpass@ietf.org, Nicholas Weaver , dcrocker@bbiw.net, Stephen Farrell Subject: Re: [perpass] Cops hate encryption but the NSA loves it when you use PGP X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Jan 2016 19:52:56 -0000 --Apple-Mail=_954665AB-D8A7-4D92-A011-51C829F75C42 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=iso-8859-1 > On Jan 30, 2016, at 11:32 AM, Matthijs R. Koot = wrote: >=20 > Hi Stephen, >=20 >> Anyone got a link to Nick's slides/paper? >=20 > Slides (38MB .pdf): > http://www1.icsi.berkeley.edu/~nweaver/enigma_weaver.key.pdf >=20 > Paper: does not exist ( > https://twitter.com/ncweaver/status/693516094003281920 ). >=20 > Video (20 min): https://www.youtube.com/watch?v=3DzqnKdGnzoh0 >=20 > Regards, > Matthijs And how the NSA can rip through PGP (like we know they rip through MS2) = https://medium.com/@nweaver/extra-unofficial-xkeyscore-guide-b8513600ad24#= .83bkhqx1v -- Nicholas Weaver it is a tale, told by an idiot, nweaver@icsi.berkeley.edu full of sound and fury, 510-666-2903 .signifying nothing PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc --Apple-Mail=_954665AB-D8A7-4D92-A011-51C829F75C42 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWrRSUAAoJEG2B1w+SDi/uTPAP/27GNUKDsvVQxDXcNVSld9Ii fxOYaxSNK0ouwTBWC/EZxWnyl8r8lfKmClkXm699YuyFfjFRfz4hcXfVXNoAV6wz dIX5C3BIsIMGL1Wi5SIOO3v781ETC09wDZlqpLxi0eYVwfywSIVrJKOkEJrBSUcv ETlaUX/KaFuJZFoz9TkvnfqYgC8+obVGqlpMWfF7oekufSdC7yTntUDUUE1+7QfY 3NWThiDWbMqaseywGPkRxxSEobG0hSXr5HOdy8ICR9YTrB5+i54Hln4HVal+Ots3 rmId4wvQWtU2MbLZ9PNsZN5e6FTZDgDK0e8YEXoAlOvJe28TtSPtBjF3d2fSugpK ocgSGNANG3AChB4a5Xx997PRcbss11k82t06+gBmd3MtZp+Gxm6LUD+KuDvt2tpG 1+gvDl0eGFT8+fm7zvF/WtuEtZ+JGHw86u0aho3Y5aBBS7YDCsTnaEgun5m+sb+y WfEzbQ65HFg3WtDfI+hAb7MLMAFyuqSghTOXH7CBtJRn9N/LsHXztcB7c50gMjBq rwjTqZLb/kudpnYJDFig7JQ0FDcacQ/D7t24ad7IsM5khfOzI/7yFUdb1YWPnzY6 LW09LyBObVf5/2vfKX49NjzNL6IUQncso/yogKJk9HTDe+uQzvHdNg2GTTTUrVy7 fLYKoyIIduEqgbExmgub =Zpad -----END PGP SIGNATURE----- --Apple-Mail=_954665AB-D8A7-4D92-A011-51C829F75C42-- From nobody Sun Jan 31 04:12:38 2016 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6294D1A014F for ; Sun, 31 Jan 2016 04:12:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.799 X-Spam-Level: X-Spam-Status: No, score=0.799 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fRLzu0LRoGNG for ; Sun, 31 Jan 2016 04:12:31 -0800 (PST) Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0060.outbound.protection.outlook.com [65.55.169.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C4E11A014E for ; Sun, 31 Jan 2016 04:12:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isoc.onmicrosoft.com; s=selector1-isoc-org; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=GevKVQkuiuxtmm4dDQq2Ks+FwRV0L7oRvtEBFviFcyQ=; b=xwolqYLgX2LiLVsCi0t4e3wwOQfJ8hy1FNvNMujyrlcNONsuRn/784lViUjEOi+lE7WYI3pUVXefxLdwB3Oadyn9wNoMAmZYWdi4ssfE4zRFSS6NL3g7CcadSlhNDCpXiFQCgUElWla0VDAUmPk8n3PZJTMPPDpyh9x/0SwHl/0= Received: from BLUPR06MB1828.namprd06.prod.outlook.com (10.162.225.18) by BLUPR06MB1826.namprd06.prod.outlook.com (10.162.225.16) with Microsoft SMTP Server (TLS) id 15.1.396.15; Sun, 31 Jan 2016 12:12:26 +0000 Received: from BLUPR06MB1828.namprd06.prod.outlook.com ([10.162.225.18]) by BLUPR06MB1828.namprd06.prod.outlook.com ([10.162.225.18]) with mapi id 15.01.0396.017; Sun, 31 Jan 2016 12:12:26 +0000 From: Robin Wilton To: Hugo Connery Thread-Topic: [perpass] Cops hate encryption but the NSA loves it when you use PGP Thread-Index: AQHRW354AzYxc6SiaEeZ9LBfBbKN9Z8UaPeAgAEhVyk= Date: Sun, 31 Jan 2016 12:12:26 +0000 Message-ID: <0AF45894-9AAF-4429-AF9F-3207E96D81AB@isoc.org> References: <56ACE9FF.3080606@dcrocker.net>, <1454180211.2528.9.camel@env.dtu.dk> In-Reply-To: <1454180211.2528.9.camel@env.dtu.dk> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: env.dtu.dk; dkim=none (message not signed) header.d=none;env.dtu.dk; dmarc=none action=none header.from=isoc.org; x-originating-ip: [94.174.34.240] x-microsoft-exchange-diagnostics: 1; BLUPR06MB1826; 5:CFY22SEKhy4/CNEjstK1ugy2Y1cT9pIRKjTXSJ2PX4Uu5IY3IP/6aqv4YmLiV6tssxDWKYEeCbAFqKdH4si9mirrC5byffbHW+QQ69BUUaBik89ngigsjdOlTvw+T377wWkekWg98TcE+3x0ooeHLw==; 24:PdiOlgrqrvKNd2rwMaEI9D4WEiIeYfBJumEfig91K7VijnzImtD+YOUemuhuWAnMdcxFQ6A7JderI+PEeRCMLsgomHgsInUsjTx1fdvojSs= x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BLUPR06MB1826; x-ms-office365-filtering-correlation-id: 984d5e34-7740-4313-2338-08d32a37c8c2 x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046); SRVR:BLUPR06MB1826; BCL:0; PCL:0; RULEID:; SRVR:BLUPR06MB1826; x-forefront-prvs: 08381C729B x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(377424004)(24454002)(36756003)(3280700002)(54356999)(76176999)(50986999)(66066001)(4326007)(5002640100001)(122556002)(5008740100001)(3470700001)(99286002)(106116001)(40100003)(3660700001)(1096002)(5001960100002)(87936001)(2906002)(3846002)(92566002)(102836003)(1220700001)(2900100001)(15975445007)(110136002)(189998001)(2950100001)(11100500001)(86362001)(77096005)(33656002)(19580395003)(19580405001)(82746002)(586003)(83716003)(6116002); DIR:OUT; SFP:1101; SCL:1; SRVR:BLUPR06MB1826; H:BLUPR06MB1828.namprd06.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en; spamdiagnosticoutput: 1:23 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: isoc.org X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Jan 2016 12:12:26.1449 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 89f84dfb-7285-4810-bc4d-8b9b5794554f X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR06MB1826 Archived-At: Cc: "perpass@ietf.org" , "dcrocker@bbiw.net" Subject: Re: [perpass] Cops hate encryption but the NSA loves it when you use PGP X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Jan 2016 12:12:36 -0000 It's a good piece by Dave. It won't change my intention of using more crypt= o, though, for a few reasons: 1 - regardless of archival and possible decryption by spooks, encryption wi= ll still help protect some of my data against some other threats*; 2 - the fact that I'm encrypting my traffic doesn't mean there's anything s= ensitive in it. In fact, it would be rather silly of me to only encrypt the= particularly confidential parts; 3 - as Dave and some of the commenters note, the real benefit here comes wh= en encryption becomes pervasive enough that encrypted traffic no longer sti= cks out like the proverbial sore thumb. *NB - that is still a rather cautious statement of benefit; I have intentio= nally qualified it in three ways: - encryption only helps protect data, it doesn't guarantee it's safety. For= instance, for communications, I want the other party to read what I sent t= hem! They will decrypt it, and at that point any confidentiality of the dat= a has to rely on other factors. - I can't realistically encrypt all my traffic. Some of the apps, devices a= nd services I want to use don't support encryption, and/or don't tell me if= they encrypt traffic. Nor can I realistically encrypt my metadata; fixing = things so that metadata, social graphs and traffic analysis reveal less inf= ormation about me is a hard problem, and one I don't really have the resour= ces, tools or rigour to solve. - Encryption (whether for confidentiality or integrity) doesn't help much a= gainst threats like malware (Trojans, key-loggers), tracking (pixel beacons= , non-browser cookies), denial of service attacks, etc.. But then again, *n= ot* using crypto doesn't keep me any safer against those either. That may all sound very pessimistic, but if Snowden has taught us anything,= it is that pessimism is justified at every level in this context - from th= e hardware up, and at every network node (device, domestic router, commerci= al/telco router, backbone, data centre, etc etc). Robin Wilton Technical Outreach Director - Identity and Privacy On 30 Jan 2016, at 18:57, "Hugo Connery" wrote: > Hi, >=20 > Thanks Dave Crocker for posting this. It is useful to know > who is running the standard anti-crypto arguments, and when. >=20 > "You stand out like a sore thumb and they (archive it forever, > focus on you more, ...)" goes with "only the 4 horsemen of the > infopocalypse use encryption" as one of the standard arguments. >=20 > Regards, Hugo Connery >=20 > On Sat, 2016-01-30 at 08:51 -0800, Dave Crocker wrote: >> Cops hate encryption but the NSA loves it when you use PGP >> It lights you up like a Vegas casino, says compsci boffin >>=20 >> By Iain Thomson >> Jan 27 2016 >> >>=20 >> Although the cops and Feds wont stop banging on and on about encryption= =20 >> =96 the spies have a different take on the use of crypto. >>=20 > >=20 > _______________________________________________ > perpass mailing list > perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass From nobody Sun Jan 31 10:53:27 2016 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B7EA1B2BC0 for ; Sun, 31 Jan 2016 10:53:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.602 X-Spam-Level: X-Spam-Status: No, score=-1.602 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id svVz75Y5w4s2 for ; Sun, 31 Jan 2016 10:53:23 -0800 (PST) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 968581B2BBF for ; Sun, 31 Jan 2016 10:53:23 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 99DBBBE59; Sun, 31 Jan 2016 18:53:21 +0000 (GMT) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YMeL73Fd9xwn; Sun, 31 Jan 2016 18:53:17 +0000 (GMT) Received: from [10.87.48.75] (unknown [86.42.24.192]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 4D459BE58; Sun, 31 Jan 2016 18:53:17 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1454266397; bh=fgOAdt2un1mMNgduoLtaywtMWrGB57c2cCL2Tu4hTXk=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=zZl05Lan6sqIifPeiWpLBJaOZKjcRlDJ91CZJj7iLDLnM8NxSYeN0DvUaVVc+0f99 AGFYiw/zTdZc5TjqKArViOjmsNdRvosGQlHb2MiqMBfavg/ClIjeXluPudUMIwy26A 5rbMMM3QxExQ5ng+M+zFyIasFJxY7cVuznlAfNEQ= To: Nicholas Weaver , "Matthijs R. Koot" References: <56ACE9FF.3080606@dcrocker.net> <56ACFFE5.5000506@cs.tcd.ie> <5295c0797c43debce5367771cd87fdfb.w00t@mrkoot.com> <394C9C42-5E56-4271-A90B-8486D4A16011@icsi.berkeley.edu> From: Stephen Farrell Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url= Message-ID: <56AE581B.7050507@cs.tcd.ie> Date: Sun, 31 Jan 2016 18:53:15 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 MIME-Version: 1.0 In-Reply-To: <394C9C42-5E56-4271-A90B-8486D4A16011@icsi.berkeley.edu> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="5MT8SQiLQjaTWR6I2SmV8uaab7OV12lAN" Archived-At: Cc: perpass@ietf.org, dcrocker@bbiw.net Subject: Re: [perpass] Cops hate encryption but the NSA loves it when you use PGP X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Jan 2016 18:53:26 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --5MT8SQiLQjaTWR6I2SmV8uaab7OV12lAN Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Nick, I had a look at the slides and while it's hard to know from just those, I didn't see too much that was new in that so far. But maybe when you build some n/w monitoring kit there may be more to report. As far as using PGP goes, I'm nowhere near as pessimistic as it you appear to be (from the slides). Given that much SMTP is now transmitted over TLS, I think the opportunity for the likes of NSA to record all the PGP ciphertext has to be have been significantly diminished. (They can still do it since much SMTP/TLS is still opportunistic but I hope the significant transitions we have already seen from cleartext to opportunistic ciphertext to mutually-authenticated ciphertext continues to evolve in the right direction.) And there is work on PGP being done now in the revived PGP WG [1] - while that is starting with modest goals, (to just update crypto), if that goes well, then there are some folks who'd love to try extend the work to address the real issues that exist with exposed non-body content. (I'm not calling it meta-data, as there's really sooooo much in the envelope that it's more than meta-data). I am sure that your (and other's) assistance with that work would very much be appreciated. So my take-aways here are: - it'd be great if folks worked on measuring the proportion and kind(s) of plain and ciphertext leaving/entering their networks and developing tooling to help us figure out what is a good next target to try to protect - reports on that would be really interesting to see on this list - more work on interpersonal messaging is needed, (e.g. with PGP, but not only that), and any of us can help with that simply by doing it. Cheers, S. [1] http://tools.ietf.org/wg/openpgp On 30/01/16 19:52, Nicholas Weaver wrote: >=20 >> On Jan 30, 2016, at 11:32 AM, Matthijs R. Koot wro= te: >> >> Hi Stephen, >> >>> Anyone got a link to Nick's slides/paper? >> >> Slides (38MB .pdf): >> http://www1.icsi.berkeley.edu/~nweaver/enigma_weaver.key.pdf >> >> Paper: does not exist ( >> https://twitter.com/ncweaver/status/693516094003281920 ). >> >> Video (20 min): https://www.youtube.com/watch?v=3DzqnKdGnzoh0 >> >> Regards, >> Matthijs >=20 > And how the NSA can rip through PGP (like we know they rip through MS2)= >=20 > https://medium.com/@nweaver/extra-unofficial-xkeyscore-guide-b8513600ad= 24#.83bkhqx1v >=20 >=20 > -- > Nicholas Weaver it is a tale, told by an idiot, > nweaver@icsi.berkeley.edu full of sound and fury, > 510-666-2903 .signifying nothing > PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc >=20 --5MT8SQiLQjaTWR6I2SmV8uaab7OV12lAN Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWrlgbAAoJEC88hzaAX42iXQ0IAJK4uWcDCboEemDuj7VUOLWL bxevNZ35NgSjSfbLo1hrUa7vbkVYTwRMSfmTX2zflfwh0rgkikp9TnPm0tDl/iXQ 17c7hLPsQzZlg7qoCSFapssExSJ2aCiZ3aS4rjhiki4/o5dQVTUb/Kti2JNAFXpO vxNA+wtmdRL35xPKwkObc+PBCiNfU+ZSKcAag3DoKgNsSKLf664XoMT722PWyzr7 qSLFgXeMZEtCkWdWT9UrdR1UdwZojJfwWRpSJPvTmZRyk9YzKm3czSchctID1gmL nnNWofL3WsTBunivSRocX92f02+/2g/vQWUx4EvQZI1CJ9D/Mp7B1rQ2wDLq3gw= =OZsv -----END PGP SIGNATURE----- --5MT8SQiLQjaTWR6I2SmV8uaab7OV12lAN-- From nobody Sun Jan 31 11:03:48 2016 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CA821B2BE4 for ; Sun, 31 Jan 2016 11:03:46 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fUGwGX-BnmWu for ; Sun, 31 Jan 2016 11:03:45 -0800 (PST) Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5DAFC1B2BE3 for ; Sun, 31 Jan 2016 11:03:45 -0800 (PST) Received: from [192.168.1.87] (76-218-10-206.lightspeed.sntcca.sbcglobal.net [76.218.10.206]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id u0VJ3Z0V024906 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT); Sun, 31 Jan 2016 11:03:35 -0800 To: Stephen Farrell , Nicholas Weaver , "Matthijs R. Koot" References: <56ACE9FF.3080606@dcrocker.net> <56ACFFE5.5000506@cs.tcd.ie> <5295c0797c43debce5367771cd87fdfb.w00t@mrkoot.com> <394C9C42-5E56-4271-A90B-8486D4A16011@icsi.berkeley.edu> <56AE581B.7050507@cs.tcd.ie> From: Dave Crocker Organization: Brandenburg InternetWorking Message-ID: <56AE5A81.4040805@dcrocker.net> Date: Sun, 31 Jan 2016 11:03:29 -0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 MIME-Version: 1.0 In-Reply-To: <56AE581B.7050507@cs.tcd.ie> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.17]); Sun, 31 Jan 2016 11:03:36 -0800 (PST) Archived-At: Cc: perpass@ietf.org Subject: Re: [perpass] Cops hate encryption but the NSA loves it when you use PGP X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: dcrocker@bbiw.net List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Jan 2016 19:03:46 -0000 On 1/31/2016 10:53 AM, Stephen Farrell wrote: > Given that much > SMTP is now transmitted over TLS, I think the opportunity > for the likes of NSA to record all the PGP ciphertext has > to be have been significantly diminished. This depends on the degree of cooperation they get from operators, since TLS is only for one hop and the messages is in the clear at any SMTP-level transit points. d/ From nobody Sun Jan 31 11:13:37 2016 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80FE81B2BDF for ; Sun, 31 Jan 2016 11:13:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.302 X-Spam-Level: X-Spam-Status: No, score=-4.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CTwayzNxNVEi for ; Sun, 31 Jan 2016 11:13:35 -0800 (PST) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04D1A1B2BDB for ; Sun, 31 Jan 2016 11:13:34 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 9C008BDF9; Sun, 31 Jan 2016 19:13:33 +0000 (GMT) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xnVCAtvKnDcx; Sun, 31 Jan 2016 19:13:32 +0000 (GMT) Received: from [10.87.48.75] (unknown [86.42.24.192]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 157C4BE64; Sun, 31 Jan 2016 19:13:30 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1454267610; bh=bbgRD+djs9o+G2mgKfFgpPnQ6tOBn4NdSInFofvuDlE=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=aRw5K8uN+dFghXju1HwUQm65tmGgoBi3qs+CXwSS3WSBc5VtxjgKcQIisfN62smkm uFxT1RsezjZO1ISee9GisoeOpHsw7KD/EljY9Td3VthlK9+Mrw9rytiaQnLIvxP+zI VW6uPslBltD5W4G2V4uhqVqrcqb4hOUYDbnfbxoA= To: dcrocker@bbiw.net, Nicholas Weaver , "Matthijs R. Koot" References: <56ACE9FF.3080606@dcrocker.net> <56ACFFE5.5000506@cs.tcd.ie> <5295c0797c43debce5367771cd87fdfb.w00t@mrkoot.com> <394C9C42-5E56-4271-A90B-8486D4A16011@icsi.berkeley.edu> <56AE581B.7050507@cs.tcd.ie> <56AE5A81.4040805@dcrocker.net> From: Stephen Farrell Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url= Message-ID: <56AE5CD9.50306@cs.tcd.ie> Date: Sun, 31 Jan 2016 19:13:29 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 MIME-Version: 1.0 In-Reply-To: <56AE5A81.4040805@dcrocker.net> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Archived-At: Cc: perpass@ietf.org Subject: Re: [perpass] Cops hate encryption but the NSA loves it when you use PGP X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Jan 2016 19:13:36 -0000 On 31/01/16 19:03, Dave Crocker wrote: > > On 1/31/2016 10:53 AM, Stephen Farrell wrote: >> Given that much >> SMTP is now transmitted over TLS, I think the opportunity >> for the likes of NSA to record all the PGP ciphertext has >> to be have been significantly diminished. > > > This depends on the degree of cooperation they get from operators, since > TLS is only for one hop and the messages is in the clear at any > SMTP-level transit points. Sure. OTOH, it also means that the PGP ciphertext can no longer be as easily extracted from almost any network tap, which used be the case. And (absent an attacker) doesn't most mail these days only tend to transit the public Internet in one hop? My point is not that the current situation is perfect (it is not) but that it is improving and vastly improved on what we had deployed that got used 3 years ago. (IOW, I'm an optimist but hopefully not a fansasticist:-) S. > > d/ > > _______________________________________________ > perpass mailing list > perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass > From nobody Sun Jan 31 12:23:23 2016 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C298C1B2CAF for ; Sun, 31 Jan 2016 12:23:22 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.235 X-Spam-Level: X-Spam-Status: No, score=-1.235 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_SOFTFAIL=0.665] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uAk4zILv4ZPb for ; Sun, 31 Jan 2016 12:23:21 -0800 (PST) Received: from resqmta-ch2-08v.sys.comcast.net (resqmta-ch2-08v.sys.comcast.net [IPv6:2001:558:fe21:29:69:252:207:40]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9D6E1B2CAE for ; Sun, 31 Jan 2016 12:23:21 -0800 (PST) Received: from resomta-ch2-09v.sys.comcast.net ([69.252.207.105]) by resqmta-ch2-08v.sys.comcast.net with comcast id CkNc1s0052GyhjZ01kPM9S; Sun, 31 Jan 2016 20:23:21 +0000 Received: from Paul-Kyzivats-MacBook-Pro.local ([73.218.51.154]) by resomta-ch2-09v.sys.comcast.net with comcast id CkPL1s00E3KdFy101kPLyS; Sun, 31 Jan 2016 20:23:20 +0000 To: perpass@ietf.org References: <56ACE9FF.3080606@dcrocker.net> From: Paul Kyzivat Message-ID: <56AE6D37.8010208@alum.mit.edu> Date: Sun, 31 Jan 2016 15:23:19 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 MIME-Version: 1.0 In-Reply-To: <56ACE9FF.3080606@dcrocker.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1454271801; bh=U3+5JubRm2CHVt1kGs78KZB+p2pSvteaW/5X3gQ9c/Q=; h=Received:Received:Subject:To:From:Message-ID:Date:MIME-Version: Content-Type; b=B3r3bJZc0A3+8MG9hLJCvJpPlt8k5eT/9y5pijtrkHU/tyTsiwqz5bG+QzZuJCd1q cfocuptIH/ye86ybLig8OpcQTNUha/VsacZCOzHmCq+iqAOKdwEZpP89v++5OMs0dJ EQs+HonrZ9MKaZqjmLWtRlVJ9uOd/4iYlTr1u29X7OnaaijvrDozZ5ikdTRxezj35M +ehUlnXpfh5VgMEhHzlSedrjwgTA8MqZ1qCdL3Cybzsu4Ekg20KHRcKVvrYM611oal 2K6HlHazhaI7Tme1//qRLiaTjUgCYc0PwwoxZVtUvueMyp8xYksqAglHBtgAklVNYC /vrL5qzvWXY3g== Archived-At: Subject: Re: [perpass] Cops hate encryption but the NSA loves it when you use PGP X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Jan 2016 20:23:22 -0000 On 1/30/16 11:51 AM, Dave Crocker wrote: > Given that the NSA has taps on almost all of the internet's major trunk > routes, the PGP records can be incredibly useful. It's a simple matter > to build a script that can identify one PGP user and then track all > their contacts to build a journal of their activities. > > Even better is the Mujahedeen Secrets encryption system, I guess they wouldn't like it so much if Apple started using it for *all* communications by Apple devices. Thanks, Paul From nobody Sun Jan 31 14:19:42 2016 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 230391B2DDE for ; Sun, 31 Jan 2016 14:19:41 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 2.829 X-Spam-Level: ** X-Spam-Status: No, score=2.829 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_EQ_DK=1.009, MISSING_HEADERS=1.021, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GM1U3ewGaksK for ; Sun, 31 Jan 2016 14:19:39 -0800 (PST) Received: from spamfilter2.dtu.dk (spamfilter2.dtu.dk [130.225.73.113]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5391A1B2DDD for ; Sun, 31 Jan 2016 14:19:38 -0800 (PST) Received: from ait-pexedg02.win.dtu.dk (ait-pexedg02.win.dtu.dk [192.38.82.192]) by spamfilter2.dtu.dk with ESMTP id u0VMJZVO011559-u0VMJZVQ011559 (version=TLSv1.0 cipher=AES256-SHA bits=256 verify=CAFAIL) for ; Sun, 31 Jan 2016 23:19:35 +0100 Received: from ait-pex02mbx04.win.dtu.dk (192.38.82.184) by ait-pexedg02.win.dtu.dk (192.38.82.192) with Microsoft SMTP Server (TLS) id 14.3.266.1; Sun, 31 Jan 2016 23:19:33 +0100 Received: from ait-pex01mbx01.win.dtu.dk ([169.254.1.238]) by ait-pex02mbx04.win.dtu.dk ([169.254.4.6]) with mapi id 14.03.0266.001; Sun, 31 Jan 2016 23:19:35 +0100 From: Hugo Maxwell Connery CC: "perpass@ietf.org" Thread-Topic: [perpass] Cops hate encryption but the NSA loves it when you use PGP Thread-Index: AQHRW35//Zhzbc8M6kq0P47Hz+a6zp8UTzKAgAAS+ACAAAWwAIABga2AgABHMoY= Date: Sun, 31 Jan 2016 22:19:34 +0000 Message-ID: <6CB05D82CE245B4083BBF3B97E2ED47016E34B7E@ait-pex01mbx01.win.dtu.dk> References: <56ACE9FF.3080606@dcrocker.net> <56ACFFE5.5000506@cs.tcd.ie> <5295c0797c43debce5367771cd87fdfb.w00t@mrkoot.com> <394C9C42-5E56-4271-A90B-8486D4A16011@icsi.berkeley.edu>, <56AE581B.7050507@cs.tcd.ie> In-Reply-To: <56AE581B.7050507@cs.tcd.ie> Accept-Language: en-AU, da-DK, en-US Content-Language: en-AU X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [130.225.73.250] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [perpass] Cops hate encryption but the NSA loves it when you use PGP X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Jan 2016 22:19:41 -0000 Hi, Out of rare curiosity I actually read the comments to the=20 article. The take out was that people are both generally pissed off about all the mass surveillance, and they were proposing/suggesting/arguing various reasonably considered response arguments. Of course there was a bit of flaming, but I was rather=20 satisfied to see a collection of reasonable responses to the "encryption is dangerous" contents of the article. Of note was the general complaint that the site only uses http. So, whilst the tech community does its best to respond to the challenge of human rights abusing mass surveillance, some parts of the general community are learning/thinking about the problem and conversing about it. This, I take as the most positive part of this standard "encryption is bad" rubbish. Regards, Hugo