Delivery-Date: Tue, 25 Nov 2014 22:58:18 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 9E2411E0ABE;
	Tue, 25 Nov 2014 22:58:16 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 52BD931C3F;
	Wed, 26 Nov 2014 03:58:11 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id F2F2F31C27
 for <tor-talk@lists.torproject.org>; Wed, 26 Nov 2014 03:58:07 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id X8alGmMtNXHE for <tor-talk@lists.torproject.org>;
 Wed, 26 Nov 2014 03:58:07 +0000 (UTC)
Received: from mail-wg0-x22e.google.com (mail-wg0-x22e.google.com
 [IPv6:2a00:1450:400c:c00::22e])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id A2C8331942
 for <tor-talk@lists.torproject.org>; Wed, 26 Nov 2014 03:58:07 +0000 (UTC)
Received: by mail-wg0-f46.google.com with SMTP id x12so2583697wgg.19
 for <tor-talk@lists.torproject.org>; Tue, 25 Nov 2014 19:58:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=Tr3oOYXH8Pyze6tHZcYwRqOTFaZws5FXSR5tV6kWfsk=;
 b=uHnndDKoDOR+J7bZ0doKVA4a3yDydrd/MJ2x8RbIOx6s/TGLinZLHAq98+Hn4RM9ez
 H60WCeZhIkoVU2tBUZZE7Glr9auQc6+TxHLw0fcONccnMTgk5G/aqlqR+QtkzcNkq3gD
 XL+xpLgk2s/AkUJsYDSKopnbeYJ+GLofHQLztQ0VPPxVk9GCfV7RNgrdy6imF6yT2sVV
 qoSFkOd5LFyJaYVyBgPWwI6ZnZikUeT+rdplbxweBu6V6ynBndTq5FaC7zPcMqkfyHNK
 SSL7uB66LDrVVSfKNVq93cv4Tns/zRlRhKAMNoLQILQH3xztloRJ7h5MG4PKJ+XSU7i7
 Iplg==
MIME-Version: 1.0
X-Received: by 10.180.198.164 with SMTP id jd4mr37189300wic.42.1416974284773; 
 Tue, 25 Nov 2014 19:58:04 -0800 (PST)
Received: by 10.217.57.69 with HTTP; Tue, 25 Nov 2014 19:58:04 -0800 (PST)
In-Reply-To: <5474AEC5.6090909@sonic.net>
References: <5473DA5F.3060901@sonic.net>
 <CAD2Ti2-b8TAT_r+KvCQW=2NgmG9dCZ6GUqPH6jLtvg8j1JfzBA@mail.gmail.com>
 <5474AEC5.6090909@sonic.net>
Date: Tue, 25 Nov 2014 22:58:04 -0500
Message-ID: <CAD2Ti28SbBWeFr=uQ6Qe6zqPssN7-q-yyOsEExCSbSKtgO-j+A@mail.gmail.com>
From: grarpamp <grarpamp@gmail.com>
To: cypherpunks@cpunks.org
Cc: tor-talk@lists.torproject.org, cryptography@metzdowd.com
Subject: Re: [tor-talk] [Cryptography] Blogpost: CITAS,
	a new FBI security program proposal
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

>>> http://www.metzdowd.com/pipermail/cryptography/2014-November/023693.html
>>> http://dillingers.com/blog/2014/11/24/citas-threat-assessment-system/
>> let alone biased LE
>> Heads up to Tor people, and cpunks to carve it up further.
> This isn't the usual LE proposal

Following on some related and technical comments...

While my analogy and definition of security may not have been best
suited, nor is this reply, the point remains that there is nothing
special here for you as a corp. Anything you say that LE can provide
for *you* with honeypots can also be sourced internally or from the
open market and your subsequent call to LE to mop up upon discovery
of badness therein.

What is unique here is that LE will be classifying things learned
from the HP's as gov't secrets. That's a hard problem. As opposed
to telling you all of what you need to know to secure your own net
under internal policies and vendor contracts that you would otherwise
remain in control of.

Further, technically, parking an HP on your net only tells you about
what happens regarding via that HP, nothing else. And since you
must distrust this other party HP [1], then all you've got is a
cracked HP outside your trust zone, no different than any other box
on the internet. It's limited vantage point and bogus security
metrics argument.

Sure, the US gov't might be able, on the whole from this, to correlate
and expose more nation-state/international crime sources against
the US and embarrass some foreign diplomats. That's always a good
and fun thing [2]. And the services of LE are indeed valuable.

However do not make the mistake of thinking that *you yourself*
will benefit *directly* from this program, that's not what it's
designed for or capable of. In fact, you will be left out as dog
food in case of 'national security priorities/secrets' arise.

The responsibility for securing your net still rests with you and
you alone as always. The better way to be more secure is to ignore
these silly sales schemes and look same effort at your own processes,
weaknesses, code, OS/hardware, compartmentalization, etc. Maybe
<=1% of that ends up being the use of HP's. Improve those own things
overall and you'll be far better off.

> This arrangement also strikes me as problematic in that it would also
> allow the FBI to set up a huge pool of Tor, Gnutella, Bittorrent, etc,
> nodes truly indistinguishable to users from genuine nodes run by people
> who support anonymity, uncensored journalism, whistleblowers, and free
> speech.

Last, what if one day *you* _need_ to use a freedom network and
they've sybil'd up their nodes *against you*? Be careful what you
ask for and invite into your home in the name of security, you might
just get it... applied against you in time of need.

> economic output if it didn't cost so damn much to keep MS boxes
> secure

Well then the solution there is clear... get rid of the MS boxes,
and those who sold and administer them. Like HP's, nothing special
about MS either.

Time limited I maybe not reply further.

[1] For reasons of both sanity and legal insufficiency of any
indemnity offered.

[2] Note that some megacorps follow their own allegience... claiming
the flag of whichever market suits them best at the moment.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

