On 18/08/13 10:02 PM, John Young wrote: > Jon Callas writes recently that crypto is not the weakness, > it is by-passed to attack vulnerabilities of transmission. > > http://cryptome.org/2013/08/callas-snowden.htm Interesting, though not entirely surprising. > Corollaries: > > Crypto is a red flag inviting attack, aided by anonymizing and other > concealing methodologies. Of course. > The only trustworthy email is that which never leaves your box which > must be disconnected from everything else in a Faraday, in a bunker, > un-powered, out of your reach. Never used, no CPU, no chips, no > cards, no wiring, just the tin shell covered in bakelite. A > demagnetized rock will do. And at that point it is no longer useful as a means of communications. There's always a degree of compromise with such systems. > Humans leak far more than machines. Solipsists and hermits and > braggarts the leakiest. Right. The biggest problems being with those poeple who are all three of these (insert pointed look at Julian Assange here). > One thing is for sure after the history of computers of trying, > infallible digital security is impossible, only gradations of > cybernetic illusion. As with security in general. Yes and not just the history of computing. There have been plenty of examples throughout history. Every time a conspiracy is betrayed by the fear of a member, every time an individual makes a bid for their own power instead of whatever cause they were supposed to be loyal too and so on. > Attackers always win until they crow about prowess as strong > security for a marketing effort. Then they are taken down by the > weakest link. Exactly. Furthermore, since marketing is the construction of illusion, it introduces its own weaknesses in the form of deluding the target of the marketing campaign into believing there is greater substance present than really exists. > Ponder the invention of the word security. It isn't what it is > alleged to be, it means credible illusion, a brand. Right. Security is a feeling; people are not secure, they feel secure. It's one of the first rules of international relations. That security can never be achieved, it is a concept used to instil a sense of order and reliability in an ecosystem. > PKC is a brand which wizened cryptographers tinker with but > distrust beyond marketing. Read Callas and Zimmermann closely, not > their publicity. Always worth bearing in mind. Not being a Silent Circle user (because I don't have an Android phone or an iPhone), I haven't really paid as much attention to their recent stuff. As for my email, well, I'm sure the GPG signature gives that away. ;) Regards, Ben
Attachment:
signature.asc
Description: OpenPGP digital signature