Jari,
Let me suggest one addition to your list (with which I otherwise
agree):
5. No matter how strong the in-transit encryption or other
measures, they doesn't mean much if the relevant endpoint hosts,
or intermediate hosts that have the traffic in the clear, can be
compromised. We all know that, but we seem to sometimes need
reminding. In particular, while it is definitely not an
argument against link encryption, we need to be cautious that we
are not protecting things in a way that inadvertently shifts the
points of vunerability from one place to another (especially
another that is either more easily compromised or that
constitutes larger and more concentrated single point of
failure) and then assume that it makes things more secure
overall.
best,
john
--On Thursday, March 9, 2017 22:36 +0200 Jari Arkko
<jari(_dot_)arkko(_at_)piuha(_dot_)net> wrote:
Up-leveling a bit from the discussion of best practices for
surveillance organisations and virus builders (who apparently
are partly the same crowd). We can make some more general
observations, I think, maybe a bit more relevant for the rest
of us.
I don't think the reported findings are particularly
surprising. But they seem to support what I think we knew
already:
1. Security isn't a single feature, but needs to be thought
in terms of the whole. Comms security and devices and ...
2. There is no such thing as privileged access to the good
guys. It will leak / break / be shared.
3. Secretly held vulnerabilities make us all less safe.
4. The security of our communications and applications matters
a lot. Lives are at stake, not just your browsing history.
Jari