Re: MLS or TLS? There is more than one encryption option.

In message <>, Bruce Perens writes:

>>>Now that we are going to be going for preventing pervasive surveillance,

>>I hate to be the one to bring this up, but that is not in any way
>>shape or form inside the WG charter

>This is no surprise.
>I am approaching the conclusion that it's impossible, anyway. Given
>that a government subverts even one CA with a certificate
>that is honored by the browser, a man-in-the-middle attack that
>would fool the naive user becomes trivial.

I reached that conclusion some time ago, and tried to explain it
for my ACM audience:

The Surveillance State is a political issue that must be solved by
political means.  As long as NSA, GCHQ and other similar have a
mandate, funds and political support for what they are doing, adding
more encryption simply only means that more encryption will be broken.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Friday, 15 November 2013 22:27:39 UTC