Re: Tor exit nodes

To: [email protected]
Subject: Re: Tor exit nodes
From: Russell Coker <[email protected]>
Date: Tue, 10 Oct 2017 23:39:11 +1100
Authentication-results: mail1.trendhosting.net; dkim=pass reason="1024-bit key; unprotected key" header.d=coker.com.au [email protected] header.b=v4hqo3YT; dkim-adsp=pass; dkim-atps=neutral
Cc: Adam Borowski <[email protected]>
Delivered-to: [email protected]
Delivered-to: [email protected]
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=coker.com.au; s=2008; t=1507639194; bh=iXpvEUk+dcKFd2uQJqQXY+W+cMS1Z3K6D3jYWVWP/SU=; l=2009; h=From:To:Reply-To:Cc:Subject:Date:In-Reply-To:References:From; b=v4hqo3YTG+kyeE5jh2yBLgHSIcGZLyCGR1Edv4DeRrclKaMG2HbTvXwnRJ8Sr0uL2 SxdPHd1f42cMLsVXOb2NM6/oRQuYMnlX+cfk1VerLMWCOe2rIz/HhsxTwtVbdJc6Be FPK74ririqm1RZ4sdsdgF3fvXyey3oWjRfXXdMHs=
In-reply-to: <[email protected]>
List-archive: <file://master.debian.org:~debian/archive/debian-private/>
List-help: <mailto:[email protected]?subject=help>
List-id: <debian-private.lists.debian.org>
List-post: <mailto:[email protected]>
List-url: <https://lists.debian.org/debian-private/>
Old-return-path: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]>
Reply-to: [email protected]
Resent-date: Tue, 10 Oct 2017 12:39:43 +0000 (UTC)
Resent-from: [email protected]
Resent-message-id: <ZMVl8aGuMzG.A.zgF.P-L3ZB@bendel>
Resent-sender: [email protected]
User-agent: KMail/5.2.3 (Linux/4.12.0-1-amd64; KDE/5.37.0; x86_64; ; )

On Monday, 9 October 2017 10:56:58 PM AEDT Adam Borowski wrote:
> On Mon, Oct 09, 2017 at 12:47:47PM -0700, Russ Allbery wrote:
> > Adam Borowski <[email protected]> writes:
> > > I for one concluded there's enough ways for a government to screw me,
> > > thus I bought a Yubikey 4 (most convenient, durable and fast).  But if I
> > > suddenly receive the Bogatov treatment, my secret key will be not
> > > trustworthy.
> > 
> > Please do not attempt to protect your Debian keys against such treatment!
> > If you're arrested or coerced by authorities, please look after your own
> > safety, even if that means giving them what they want.  The project will
> > find other ways to cope.
> 
> I don't recall ever receiving a gpg-encrypted mail that warranted strong
> forward secrecy.  Thus, the only harm to the project would be using my
> signature.  And there's enough ways for bad guys to obtain _a_ DD's
> signature that there's no point in caring that much.

Yes.  Remember that supposed "exploit" against a bug in sshd that required 
running as root but which actually emailed /etc/shadow /etc/passwd and other 
interesting files to Germany?

> > We have to assume that threat model will compromise keys anyway, since few
> > people would be able to resist that sort of pressure.  And I would hate to
> > see someone seriously injured trying to protect project keys.  You are not
> > a personal single point of failure -- there are still multiple
> > opportunities to later detect such an attacker and mitigate the threat.
> 
> We have ~1000[1] DDs from various backgrounds and allegiances.  For most
> governments you'll find a DD ready to sign something nasty because of
> "patriotism" or other personal convinction, with full free will, without
> even an incentive, much less being forced.

That sounds plausible.  I am not one of those DDs, but I know that some of you 
won't believe it.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/

References:
- Dmitry Bogatov arrested in Moscow
  - From: Dmitry Shachnev <[email protected]>
- Re: Tor exit nodes
  - From: Russ Allbery <[email protected]>
- Re: Tor exit nodes
  - From: Adam Borowski <[email protected]>

Prev by Date: Re: Tor exit nodes
Next by Date: Re: Tor exit nodes
Previous by thread: Re: Tor exit nodes
Next by thread: Re: Tor exit nodes
Index(es):
- Date
- Thread