Re: Tor exit nodes

To: Adam Borowski <[email protected]>
Subject: Re: Tor exit nodes
From: Gunnar Wolf <[email protected]>
Date: Mon, 9 Oct 2017 11:35:35 -0500
Cc: [email protected]
Delivered-to: [email protected]
Delivered-to: [email protected]
In-reply-to: <[email protected]>
List-archive: <file://master.debian.org:~debian/archive/debian-private/>
List-help: <mailto:[email protected]?subject=help>
List-id: <debian-private.lists.debian.org>
List-post: <mailto:[email protected]>
List-url: <https://lists.debian.org/debian-private/>
Old-return-path: <[email protected]>
References: <[email protected]> <[email protected]> <A2A20EC3B8560D408356CAC2FC148E53BB448C67@SUN-DAG3.synchrotron-soleil.fr> <10860438.zDTZX8SP8J@xev> <[email protected]> <[email protected]> <[email protected]>
Resent-date: Mon, 9 Oct 2017 16:35:55 +0000 (UTC)
Resent-from: [email protected]
Resent-message-id: <07Gx7krDq6M.A.qGF.rV62ZB@bendel>
Resent-sender: [email protected]
User-agent: NeoMutt/20170113 (1.7.2)

Adam Borowski dijo [Mon, Oct 09, 2017 at 06:13:02PM +0200]:
> Let's discuss the threat model.  If I would be a three letter agency, I'd
> order Yubico (there's so many ways to force a company to do something) to
> introduce a backdoor: when a secret handshake (cryptographically signed :p)
> is entered, the keycard spills its storage.  This can be programmed into the
> kit low-paid goons on the border have, and instruct them to apply to all
> storage devices they search on a person.  Such an instruction is already a
> part of their orders, thus no knowledge or skills on the side of the goons
> are required.  Your secret key will then stay on file, without you being
> aware of this.
> 
> I for one concluded there's enough ways for a government to screw me, thus I
> bought a Yubikey 4 (most convenient, durable and fast).  But if I suddenly
> receive the Bogatov treatment, my secret key will be not trustworthy.

The first part of your message makes complete sense — I do not
currently believe a state-nation wanting to infiltrate our keyring is
what we should care _most_ about, but it is not something to forget
about either. But the second part is outside the threat model we can
cater for: Most of us would break _way_ before the point of being
incarcerated (even home-incarcerated) for several months. Physical
coercion, violence, imprisonment are outside what we seek to protect
from.

References:
- Dmitry Bogatov arrested in Moscow
  - From: Dmitry Shachnev <[email protected]>
- Re: Tor exit nodes
  - From: Gunnar Wolf <[email protected]>
- RE:Tor exit nodes
  - From: PICCA Frederic-Emmanuel <[email protected]>
- Re: Tor exit nodes
  - From: Russell Coker <[email protected]>
- Re: Tor exit nodes
  - From: Holger Levsen <[email protected]>
- Re: Tor exit nodes
  - From: Lars Wirzenius <[email protected]>
- Re: Tor exit nodes
  - From: Adam Borowski <[email protected]>

Prev by Date: Re: Tor exit nodes
Next by Date: Re: Tor exit nodes
Previous by thread: Re: Tor exit nodes
Next by thread: Re: Tor exit nodes
Index(es):
- Date
- Thread