Re: Tor exit nodes

[Adam Borowski <kilobyte@angband.pl>]

On Mon, Oct 09, 2017 at 12:47:47PM -0700, Russ Allbery wrote:
> Adam Borowski <kilobyte@angband.pl> writes:
> 
> > I for one concluded there's enough ways for a government to screw me,
> > thus I bought a Yubikey 4 (most convenient, durable and fast).  But if I
> > suddenly receive the Bogatov treatment, my secret key will be not
> > trustworthy.
> 
> Please do not attempt to protect your Debian keys against such treatment!
> If you're arrested or coerced by authorities, please look after your own
> safety, even if that means giving them what they want.  The project will
> find other ways to cope.

I don't recall ever receiving a gpg-encrypted mail that warranted strong
forward secrecy.  Thus, the only harm to the project would be using my
signature.  And there's enough ways for bad guys to obtain _a_ DD's
signature that there's no point in caring that much.

> We have to assume that threat model will compromise keys anyway, since few
> people would be able to resist that sort of pressure.  And I would hate to
> see someone seriously injured trying to protect project keys.  You are not
> a personal single point of failure -- there are still multiple
> opportunities to later detect such an attacker and mitigate the threat.

We have ~1000[1] DDs from various backgrounds and allegiances.  For most
governments you'll find a DD ready to sign something nasty because of
"patriotism" or other personal convinction, with full free will, without
even an incentive, much less being forced.

Also, Debian makes the majority of server installs: RPM was the king in
2000s, today it's Debian+derivatives.  And most of us seem to favour
"subversive" people like Snowden.  For both of these reasons, I can't
imagine a traditionally-minded spook to fail to send someone to keep an eye
on us from the inside.  It doesn't take much resources: there's no dearth of
already technically-skilled people, and you can stay a DD on a single
contribution per several years.  And I'm not talking on a random government
employee who might be merely inclined to help such an agency, but about an
agent paid specifically to do something if a need arises.

Or, you can see if any of those 1000 DDs fails to handle his or her secret
key properly.  There's no way not a single one among us doesn't do something
in an eggregiously unsafe way.  Just google for "-----BEGIN PGP PRIVATE KEY
BLOCK-----" and see if any DDs pop up. :p  Only if that fails, send them a
game or something that leaves a process which reads the passphrase from
/dev/input/ and sends it to you together with the secret key.  Or, for those
pesky keycard users, wait until the keycard is inserted then sign what you
wanted (no one's going to notice a bump of the counter).

Thus: the gpg model has way too many holes to risk your life for it.


Meow!

[1]. Although Mattia Rizzolo has an evil scheme to destroy Debian by
bringing that number to 0. :þ
-- 
⢀⣴⠾⠻⢶⣦⠀ We domesticated dogs 36000 years ago; together we chased
⣾⠁⢰⠒⠀⣿⡁ animals, hung out and licked or scratched our private parts.
⢿⡄⠘⠷⠚⠋⠀ Cats domesticated us 9500 years ago, and immediately we got
⠈⠳⣄⠀⠀⠀⠀ agriculture, towns then cities.     -- whitroth on /.