Could you clarify? Who is Alyssa Rowan to TrueCrypt? Sorry for my ignorance, I tried Googling a bit and just got links to this article.
It's someone who has been active in the crypto/security community for awhile now. Personal details are pretty scarce (i.e. it could be a front for the NSA for all anyone knows), but the persona has been active in crypto. If you want something to Google on try "alyssa rowan cryptography".
"Alyssa Rowan @AlyssaRowan
@munin @0xabad1dea @puellavulnerata I can confirm presence of TrueCrypt duress canary as per 2004 conversation"
Sorry, who the fuck are you?
If it's the real Alyssa Rowan tweeting that then it's a pretty reliable source.
You forgot the one where he knowingly and intentionally violated the law.
The US government knowingly and intentionally violated the law when it began to demand records of ALL calls made within the us and then began to LIE about it before congress where Alexander et al redefined the word "collect" and hoped nobody would parse his words carefully enough to notice.
The patriot act DOES NOT even authorize this. Collecting information on EVERYONE cannot possibly be relevant to a specific authorized investigation.
Don't shoot him. Life imprisonment should suffice. Or is there anybody here naive enough to believe that other nations don't do this?
The only thing that matters is the US government broke US law without any repercussion. Surely this is indefensible and any "but mommy johnny did it too" defense is worthless.
The same way the previous administrations "intelligence community" knowingly lied about the veracity of their Iraq WMD cover story prior to invasion of Iraq leading to hundreds of thousands of deaths with no repercussions.
I want to see US government officials go to jail.. hell in the case of Iraq no reason executions should not be on the table. Once that happens lets talk about Snowden's transgressions...
Legitimacy matters. If the state does not follow the law and is not held accountable it is foolish to expect the governed to show respect for law. I personally don't even care that what Snowden did is illegal... Wish I did but I don't.
I saw those slides. There were 17 levels of #ifdefs in the code.
Wouldn't surprise me if people commenting on hyperbole have never actually seen the source code to OpenSSL or any other open source library. They are all universally littered with ifdefs and compatibility layers from the dawn of civilization with entire suites of meta-programs (e.g. autotools) devoted to making it all work.
When managed properly these things are a non-issue.
seriously pumping openssl full of cash at this point is like buying new deck chairs for the titanic.
It is great to see interest in improving OpenSSL yet bug fixes and deletion of compatibility layers in my opinion is in much the same category as purchase of new deck chairs.
If "we" were serious we would re-architect it from scratch to be secure by design... endeavor in which nobody is currently publically known to be engaged. I hope one or both of the teams seriously considers it. I also hope "dino dung" bravado is replaced with realization everyone is on the same side.
The issue that I find, is that OpenSSL is the only Open Source Player out there.
Much like File Systems, we really should have at least a few popular choices, which are interchangeable. So if there is a security problem with one we can switch to an other one.
Several SSL implementations support the OpenSSL API including GnuTLS (open source)
NSS is also open source with shims available to help those porting from OpenSSL.
Having never used them I can't vouch for how useful they are in the real world... assume out of total ignorance they are worthless for anything but the basic SSL_* operations.
The whole security model is broken. How many CAs does your browser come with these days? Do you even know? How do you know they haven't already turned over their CA signing keys to 7 different governments?
There's no way to "fix" openssl. The entire thing is predicated on a false premise.
Nothing in OpenSSL forces you to trust any CA's you don't want to trust. Heck you don't even have to use certificates at all (TLS-PSK, TLS-SRP)
I think it is a mistake to confuse deployment failures with implementation failures with specification failure.. while there are often linkages between these things it is hard to accept that proliferation of hundreds of CA's all with overlapping global scope is anything but a deployment failure.
That is far, far, far out of scope for a standards discussion. That is an issue for activists to take up, not for the HTTP 2.0 discussion.
Your the one who brought up the idea consumers "do not care" as reason B) for dismissal of PHK's privacy concern.
None of what you describe is really an issue for HTTP to be solving. You could argue that cookies have to go, but they fulfill functions today
How many times do I have to repeat myself specifically re-stating my position with regards to cookies before this strawman factory is shuttered?
I really dont get how a discussion on a transport protocol is the proper place for political or content discussions
While formatting of bits have no political implications use of opportunistic encryption is entirely a political matter as is the nature of information exchanged between parties.
Protocols not designed to account for realities of political, social and financial realms are likely to either be harmful or worthless in the real world they are deployed into. Any yahoo can design a state machine and protocol fields.... it requires much thoughtfulness and skill to design something that benefits everyone.
How is the Auth1 scheme described above susceptible to offline dictionary attacks?
The supposed MITM would attempt to offline brute force the Passhash as they now know the inputs to the HMAC, and they know the correct Auth1 value?
Yes, Nonce1 + Nonce2 are pulled off wire by attacker.
Attacker keeps trying HMAC(bruteforce,Nonce1 + Nonce2) until it can successfully decode the "mother fucking stream cipher"
These CHAP digest schemes all have the same problem no matter what algorithm you use or how you jiggle parameters. Zero knowledge proof of possession is the future of password authentication.
Let me get this straight: You think it a good idea to attempt to subvert a standard to make it incredibly difficult for the biggest users of said standard to use it?
I agree only with the sentiment current state of affairs sucks. Although not stated earlier I personally disagree with idea of removing cookies.
Reread what I said in context. I am not arguing for or against
B) the primary consumers do not care
Do they have any idea what is going on? Are they properly informed?
If you're visiting websites with trackers, and youre upset that they are tracking you, I have bad news: Nothing will change the fact that the webhost has logs of your visit, and no standard can fix that.
Personally I assume every site I visit to log information about my visit the same way every person I interact with in public remembers conversations or observes me walking down the street. I have no problem with this.
Bumping into someone in public is quite a different matter from following them around everywhere they go. Stalking is illegal in the united states and most countries.
I consider third parties which sit in the middle and collect track, aggregate and sell data on virtually every site I visit online to be fundamentally no different than stalking. I find this unacceptable and refuse to accept this behavior as legitimate or legal and have taken measures to deny these firms the capability to track me.
This is why we should just use HTTP Auth, or update it so that we can. I mean, we already have pre-shared secrets with all the places we need secure.
Client sends: UserName, Nonce1
Server sends: Nonce2
Both perform: Auth1 = HMAC( Passhash, Nonce1 + Nonce2 ); Where + is concatenation and Passhash is PBKDF2 or keystretching, etc. of the user password. The server can store the hashed version. Hash because: Fuck length and special chars limits.
All of these crappy schemes are vulnerable to offline dictionary attack. We need to step away from our addiction to the CHAP garbage and move to zero-knowledge systems.
This shit really isn't rocket science folks. The truth is that the IETF is a bunch of morons or malicious bastards. Take your pick. Either way they've actively worked to make sure no connection on the web can be trusted not to have a potential MITM via CA system. Anything is better than that. The window for PW exchange is so small and if the MITM missed it or erased that, or the PW was exchanged out of band then they couldn't ever MITM your connection.
Last I checked the IETF isn't the one refusing to apply TLS-SRP patches sitting in their ticket systems. They did their job in 2007 (RFC5054)
It is the browser vendors sleeping on their feet. Support is included in most mainstream TLS toolkits, Apache and CURL already support it.
Nothing is NSA-proof,
NSA proof is possible unless NSA includes goons armed with $5 wrenches.
The whole point here is not to make the system undefeatable, just to increase the cost of breaking it, just like your door lock isn't perfect, but still useful.
If you can't view traffic then traffic is safe from you therefore it is not necessary to encrypt traffic.
If you can view traffic then you have everything necessary to own that traffic.. TCP initial sequence number and fast pipe is all you need... nobody is doing any of the filtering necessary to prevent source address spoofing so these attacks are trivial.
If your data is going through a "great firewall", CGN (everyone using a cellular network) or other bump in the wire there is no reason not to expect opportunistic encryption to be MITMd in realtime and in bulk.
it would require the NSA to man-in-the-middle every single connection if it wants to keep its pervasive monitoring.
So everyone in US is safe from NSA bulk collection of websites they visit except bulk collection of IP layer headers, certificate identities sent in the clear during TLS handshake and the zillions of US corporations engaged in cross site stalking compelled to hand over "any tangible thing".
What is the opportunity cost of an encryption solution which solves nothing? What resources and demand are no longer available to be applied to a solution with teeth?
How do you explain to the user well their data might be encrypted yet their data is not protected since it is not trusted? I can see the eyes rolling and roar of millions of swooshes... All people know is "encrypted" and this means "safe"
Does HTTP 2.0 implement any latching or fingerprinting that could be useful to retroactively detect compromise of security? Do they even try?
The cost of SSL certificates is not in the bits.
Back in the day you actually had to pick up the phone, speak with someone and provide corporate documentation. Now you purchase certs from a computer in an 100% automated process. Completely "just bits" worthless.
It's in the security of the private key, some validation in extended verification certs
Extended verification is a foolish scam to enrich CAs. Users hardly understand what the padlock icon means in URL bar after being intentionally inundated with fake padlock gifs and "we're secure" believe what we say assertions littering every online commerce and banking site on the planet.
I think following demonstrates reality participants in standards organizations are constrained by the market and while they do yield some power it must be exercised with extreme care and creativity to have any effect past L7.
As much as many people would like to get rid of Cookies -- something
you've proposed many times -- doing it in this effort would be counter-productive.
Counter-productive for *who* Mark ?
Counter-productive for FaceBook, Google, Microsoft, NSA and the other mastodons who use cookies and other mistakes in HTTP
(ie: user-agent) to deconstruct our personal identities, across the entire web ?
Even with "SSL/TLS everywhere", all those small blue 'f' icons will still tell FaceBook all about what websites you have visited.
The "don't track" fiasco has shown conclusively, that there is never going to be a good-faith attempt by these mastodons to improve personal privacy: It's against their business model.
And because this WG is 100% beholden to the privacy abusers and gives not a single shit for the privacy abused, fixing the problems would be "counter-productive".
If we cared about human rights, and privacy, being "counter-productive" for the privacy-abusing mastodons would be one of our primary goals.
It is impossible for me to disagree with this. Have several dozen tracking/market intelligence/stat gathering firms blackholed in DNS where creative use of DNS to implement tracking cookies do not work. I count on the fact they are all much too lazy to care about a few people screwing with DNS or operating browser privacy plugins.
I'm personally creeped out by hoards of stalkers following me everywhere I go...yet I see the same mistakes play out again and again... people looking to solve problems without consideration of second order effects of their solutions.
You could technically do something about those army of stalker creeps
While this would certainly work wonders for site performance and bandwidth usage... those limited feedback channels we did have for the stalked to watch the stalker are denied. On flipside of the ledger not collecting direct proof of access could disrupt some stalker creeps business models.
I think emotional half-assed reaction to NSA with established ability to "QUANTUM INSERT" ultimately encourages locally optimal solution having effect of affording no actual safety or privacy to anyone.
Not only does opportunistic encryption provide a false sense of security to the vast majority of people who simply do not understand relationship between encryption and trust such deceptions effectively work to relieve pressure on need for a real solution.. which I assume looks more like DANE and associated implosion of SSL CA market.
My own opinion HTTP 2.0 is only a marginal improvement with no particular pressing need... I think they should think hard and add something cool to it.. make me want to care...as is I'm not impressed.
An Argentinian chef is more likely to make great sushi than a Japanese automotive engineer.
There's an even closer-to-food analogy for this: If you want a good Italian pizza, get a Greek to make it. I have no idea why this works, but the best Italian pizzas always tend to be made by someone called Nikos or Costas.
It's a naive, domestic operating system without any breeding, but I think you'll be amused by its presumption.
