[cryptography] The consequences of DigiNotar's failure

Jeffrey Walton noloader at gmail.com
Sat Sep 17 18:38:40 EDT 2011

On Fri, Sep 16, 2011 at 1:07 PM, M.R. <makrober at gmail.com> wrote:
> On 16/09/11 09:16, Jeffrey Walton wrote:
>> The problem is that people will probably die
>> due Digitar's failure.
> I am not the one to defend DigiNotar, but I would not make such
> dramatic assumption.
I don't think DigiNotar has any defenders remaining :) As for the
dramatic assumptions, I believe past performance is indicative of
future expectations: http://en.wikipedia.org/wiki/SAVAK and
http://en.wikipedia.org/wiki/SAVAMA. (Sorry about the lame wiki
reference, I probably should have found a UN human rights report).

> No one actively working against a government that is known to engage
> in extra-legal killings will trust SSL secured e-mail to protect him
> or her from the government surveillance. If this particular case, if
> the most often repeated hypothesis of who did it and why is correct,
> it was probably done for some bottom net-fishing and will likely result
> with a whole bunch of "little people" with secret files that will make
> them "second-class" citizens for a long, long time, ineligible for
> government jobs and similar. (For instance, I'd expect them to end up
> on some oriental no-fly list).
Consider a person living under an oppressive regime. This person uses
a mail client which stores messages locally on a hidden volume. A
hidden TrueCrypt volume leaks a lot of information and will probably
get your tortured for the password if detected
(http://opensource.dyc.edu/random-vs-encrypted). If the local messages
are recovered and offensive, that person might not leave the Ministry
of Intelligence and National Security offices (alive).

Now consider a person who has two GMail accounts: a rather benign
account for communicating with Mom and friends, and a second account
for dissenting opinions and friends which might get you killed. Once
finished reading email, clear the cache, make a pass with sdelete or
srm, and then open the benign account. If tortured, the second person
could offer the benign account and retain some deniability.

Finally, consider fetching those email messages. Each scenario would
still need a secure transport. Service such as Tor are actively
attacked by the government, and using a service such as Tor might get
you tortured or killed. Since services such as Tor are dangerous to
use, I would expect to see a lot of folks using HTTPS.

Perhaps I don't appreciate all the pressure and options, but I believe
an [external] email service using HTTPS is one of the safer options
available when observing due dilligence. Its kind of like the poor
man's cloud (and corporate america is flocking to the cloud, in part
due to the additional layer of liability offload).


More information about the cryptography mailing list