Re: [PLUG] news

Rich Freeman via plug on 27 Aug 2020 10:40:45 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] news

From: Rich Freeman via plug <plug@lists.phillylinux.org>
To: Rich Kulawiec <rsk@gsp.org>
Subject: Re: [PLUG] news
Date: Thu, 27 Aug 2020 13:40:00 -0400
Cc: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Reply-to: Rich Freeman <r-plug@thefreemanclan.net>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

On Thu, Aug 27, 2020 at 12:32 PM Rich Kulawiec via plug
<plug@lists.phillylinux.org> wrote:
>
> By February 2020, they'd issued a billion certificates.  What's the value,
> on the open market, of control of that?  I'm asking that not-really-rhetorical
> question because that number, whatever it is, gives us a clue about what
> the potential attacker budget is and who they might be.
>

Sure, but if they're compromised the end result for users is the same
as if they didn't use encryption in the first place.

> 2. Encryption doesn't solve all privacy issues.

Of course.

> 3. Encryption doesn't necessarily make things more secure.  One side
> effect of encryption is that it makes things more interesting.  It is
> well known, for example, that PGP-encrypted email traffic is much more
> interesting than non-PGP-encrypted email traffic.  Consider how this
> observation, combined with consolidation of thousands of email systems
> into centralized ones, combined with the presence of insiders, yield
> an effective outcome that's, shall we say, less than optimal.
>
> Note that even if the encryption can't be cracked that this may still
> be an effective attack - because it facilitates traffic analysis.

How is the encrypted traffic not more secure than sending the same
exact traffic unencrypted?

Consolidation/etc seems like a completely different issue.  You can
consolidate your unencrypted traffic too, with all the same downsides.

> 4. Encryption can make some things less secure.  Consider the case
> of correspondents A and B who are encrypting the email messages
> they're exchanging.  One of the side effects of this is that neither
> A's nor B's MTAs can check the content of those messages.

It isn't encryption that is making things less secure here, but
removal of a layer of security.  You can screen message content while
still using encryption.  Obviously you need to do it at a point where
things are unencrypted.

This is really only an issue with E2E encryption.  For transport-layer
encryption this shouldn't be a problem, and that is what I was mostly
talking about here.

-- 
Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] news
  - From: Charlie Li via plug <plug@lists.phillylinux.org>

References:
- [PLUG] news
  - From: jeff via plug <plug@lists.phillylinux.org>
- Re: [PLUG] news
  - From: Michael Lazin via plug <plug@lists.phillylinux.org>
- Re: [PLUG] news
  - From: brent timothy saner via plug <plug@lists.phillylinux.org>
- Re: [PLUG] news
  - From: Rich Freeman via plug <plug@lists.phillylinux.org>
- Re: [PLUG] news
  - From: brent timothy saner via plug <plug@lists.phillylinux.org>
- Re: [PLUG] news
  - From: Rich Freeman via plug <plug@lists.phillylinux.org>
- Re: [PLUG] news
  - From: brent timothy saner via plug <plug@lists.phillylinux.org>
- Re: [PLUG] news
  - From: Rich Freeman via plug <plug@lists.phillylinux.org>
- Re: [PLUG] news
  - From: Rich Kulawiec via plug <plug@lists.phillylinux.org>

Prev by Date: [PLUG] stuff wanted: volunteers, network, old accounts
Next by Date: Re: [PLUG] code 10 years old
Previous by thread: Re: [PLUG] news
Next by thread: Re: [PLUG] news
Index(es):
- Date
- Thread