[GTALUG] NAT [was Re: Linux hardening question]

Russell rreiter91 at gmail.com
Wed Jul 5 07:27:42 EDT 2017 

On July 4, 2017 9:03:36 PM EDT, "Stewart C. Russell via talk" <talk at gtalug.org> wrote:
>On 2017-07-03 08:56 AM, Russell via talk wrote:
>> 
>> Its open to everyone to generate or use a keysigning authority. 
>
>Unfortunately, that's a technical solution for a social problem: keys
>and authorities need to be something a user (almost) never needs to
>worry about. Mail clients need to

As a kid I never had a key to our front door. It was never locked.

Our entire legal system of governance is a technial solution to social problems. Most people don't realize that ISO standards compliance is voluntary and only enforceable in measures of associated trust, as you point out in your examples below.

I think that when James raised X.509 certificate authority, within the scope of email hacking of politicians, he was saying that the lack of understanding of established trust mechanism, is a weak link in government process's.

Individual freedom to not generate keys for personal email is quit a bit different than email used in business and in government.

>come with relevant keys to verify
>most
>other users' identity, or the uptake of secure e-mail will be too low
>to
>reach critical mass.
>
>I've worked with X.509-based signing in two very different domains, and
>in each there have been deep problems that limit the value of the
>process incredibly:
>
>* in the construction industry, X.509-signed secure PDFs are used to
>move final drawings and contractual communications (‘transmittals’)
>around. Unfortunately, many of

Not to be trite, but these types of documents are limited in scope and the loss of security is trivial to the national interest. Any breaches which are discovered to be a result of these insecure transmission are dealt with in civil courts.

>these are only verifiable within the
>issuer's company or between members of the same trade associations, as
>companies and associations act as signing authorities. Many users
>aren't
>aware that scans of electronically signed documents are no longer
>electronically signed.
>
>* in amateur radio, the US hobbyist/lobby group ARRL maintains a full
>X.509 infrastructure for secure collection and verification of radio
>contest logs. The maintainers of this system (‘Logbook of the World’)
>have done a lot to make the process simple, but there are still
>roadblocks such as keys expiring every few years. It doesn't help that
>the majority of radio hams who do radio contests are very
>technologically conservative, and received wisdom has it that Logbook
>of
>the World is hard to use and unreliable.
>
>So while everyone could get secure keys, too few people do it to make
>the process worthwhile.

If a friend emailed me something and I was worried, I could say, this is sensitive, delete it, we have to deal with it face to face.

In business or government I could say HUSH, you're leaking secrets and inform SYSOPS, who would then review the incident and either remind us of policy or move to remediate the factors which allowed the potential leak.

I think in all cases its about economy of scale. Groups of people using internet networks all either set or ignore threat levels for themselves.

You would hope that COMSEC in government is somewhat higher than; gee I left the front door wide open, I hope no one goes in and takes something important from me before I get back. 

For a sitting US president that COMSEC process is impeachment. 

Any grifter could tell you the problem with Trumps twitter bloviation. Its not so much what he says, but that he speaks without knowledge or understanding, thus revealing his personality. Couple that with known past issues relating to emails and leaks and they have an understanding of the topology they are going to grift.

Its been pointed out that if Nixon lied the way Trump is lying he would never have been impeached.

I'm a trained typist. I have used dictatype tape devices. I have accidentally erased bits of recordings cycling back and forth on the tape while working on a research project.

If I have done that, you can be sure that I believe that it could also have happened to Rosemary Woods while she was transcribing Nixon.

Blockchain government communication over ipv6. I wonder what the edgepoint of trust is in that case? 
>
>cheers,
> Stewart
>---
>Talk Mailing List
>talk at gtalug.org
>https://gtalug.org/mailman/listinfo/talk


-- 
Russell
Sent by K-9 Mail

More information about the talk mailing list