On Sun, Nov 17, 2013 at 3:09 AM, Masataka Ohta <
mohta(_at_)necom830(_dot_)hpcl(_dot_)titech(_dot_)ac(_dot_)jp> wrote:
Theodore Ts'o wrote:
Quibbling over numbers doesn't change the the fundamental premise,
which is that the certificate signing architecture for the web is
considered by some (including myself), to be pretty badly broken.
To say so, one CA under US legislation or one CA using key
handling hardware made by a company under US legislation
is a lot more than enough.
This discussion really belongs on the PERPASS list.
Remember that as far as the US is concerned, the only is covert
surveillance. The NSA is not going to attempt any operation if they believe
that the risk of getting caught.
This is why transparency schemes such as CT are interesting.They don't
prevent the attack but they deter it by raising the probability of being
caught to 1.
One of the reasons that we are in this situation is that the highest levels
of the NSA had a very shallow and ignorant understanding of what the
Internet is. They only seem to understand defense as a tactical move to
protect the ability to attack. Which is probably why they didn't bother to
take the rather trivial efforts it would have required to prevent
Snowdonia. They certainly have not been doing what they should have and
protecting critical infrastructure from attack.
They do understand that it will be at least two Congresses before they have
the chance for further increasing their legal authority. We have until 2017
to lock down the net and render any such capabilities moot.
But I think it very likely that by that time the organization of the NSA
will be very different.
--
Website: http://hallambaker.com/