[cryptography] Reply to Zooko (in Markdown)

Jon Callas jon at callas.org
Sat Aug 17 18:35:07 EDT 2013

Hash: SHA1

On Aug 17, 2013, at 11:00 AM, Ali-Reza Anghaie <ali at packetknife.com> wrote:

> On Sat, Aug 17, 2013 at 1:50 PM, Jon Callas <jon at callas.org> wrote:
>> I hope I don't sound like a broken record, but a smart attacker isn't going
>> to attack there, anyway. A smart attacker doesn't break crypto, or suborn
>> releases. They do traffic analysis and make custom malware. Really. Go look
>> at what Snowden is telling us. That is precisely what all the bad guys are
>> doing. Verification is important, but that's not where the attacks come from
>> (ignoring the notable exceptions, of course).
> Part of the problem is that most people can't even wrap their heads
> around what a State or non-State Tier 1 Actor would even look like.
> They bully, kill leaders, deny resources, .. heck, they kill ~users~
> to dissuade use of a given tool.
> Then on the flip side "we" think about design and architectural
> aspects that don't even ever get the chance to be used against ~any~
> adversary because we force too much philosophy down into a hole that
> may have just one device, maybe just an iPhone - and limited to
> connectivity to even use it.
> I've called this the problem of "Western Sensibilities" where we seem
> to forget the economics and geopolitics of the rest of the world.
> Before getting heads wrapped around all these poles that are pretty
> exclusive to the "haves" - go out to truly hostile territory and live
> like a "have not" and try to build up the OPSEC routine you want,
> complete with FOSS only and full audits, and work from the field that
> way. It's non-trivial to say the least - even if you've done it a
> hundred times from a hundred different American and European venues.

I've had the privilege on several occasions to talk to people who really do this stuff. A couple of things really stuck with me:

* "Don't patronize us. We know what we're doing, we know what we're up against." The guy who told me this had his brother murdered horribly. His tradecraft was basic and elegant.

* Simple, usable countermeasures are best because they have to be used by the sort of person who decided yesterday that they're not going to take it any more. They're newly-minted heroes who a threat to themselves and others if they screw up what they're doing. We asked them what they'd like most and the answer was SSL on websites. This was after Diginotar and we'd been talking about advanced threats, so we were a bit taken aback. They explained that the biggest problems are people putting stuff on websites as well as mistakes like making calendar entries for times and places of meetings. 

That put a fine point on the admonition not to patronize them. Heck, the adversaries don't have to crack anything sophisticated when they can just sniff CalDAV.


Version: PGP Universal 3.2.0 (Build 1672)
Charset: us-ascii


More information about the cryptography mailing list