Re: Tor exit nodes

To: [email protected]
Subject: Re: Tor exit nodes
From: Theodore Ts'o <[email protected]>
Date: Fri, 13 Oct 2017 10:38:13 -0400
Authentication-results: mail1.trendhosting.net; dkim=fail reason="verification failed; unprotected key" header.d=thunk.org [email protected] header.b=JDAtNWfF; dkim-adsp=none (unprotected policy); dkim-atps=neutral
Delivered-to: [email protected]
Delivered-to: [email protected]
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=thunk.org; s=ef5046eb; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID: Subject:To:From:Date:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=aKxPWbx5e4UDBbZSW2HPeT1850b6WMXpVt28SiF4gv8=; b=JDAtNWfFTYm/EmO3NcD+vKWrSW FxjbYqy4f2i6Gg9DNxF4qeP6imaNi45AAiaG7C5SHWYWoIpGxvZWa9UkDZ5vehntzpzg/7H/esla+ v4VDYd4s5npFEikcp20RHNwX3nwvlOKCNn8bAx1jLco35QrZ/s4yhsmv3Kxq4RojKwkg=;
In-reply-to: <[email protected]>
List-archive: <file://master.debian.org:~debian/archive/debian-private/>
List-help: <mailto:[email protected]?subject=help>
List-id: <debian-private.lists.debian.org>
List-post: <mailto:[email protected]>
List-url: <https://lists.debian.org/debian-private/>
Old-return-path: <[email protected]>
References: <[email protected]> <[email protected]> <A2A20EC3B8560D408356CAC2FC148E53BB448C67@SUN-DAG3.synchrotron-soleil.fr> <10860438.zDTZX8SP8J@xev> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]>
Resent-date: Fri, 13 Oct 2017 14:38:33 +0000 (UTC)
Resent-from: [email protected]
Resent-message-id: <gpYWZZwsAAB.A.t4.p_M4ZB@bendel>
Resent-sender: [email protected]
User-agent: NeoMutt/20170609 (1.8.3)

Something else you should consider is *why* you care about
closed-source hardware on things like Yubikey Nano's.  If the answer
is simply ideological, ala Richard Stallman --- that's a fine answer.
But then you should also be using a 9-10 year old laptop, such as the
T400, that can run Libreboot (but then the EC and battery firmware is
still not replaced, so you will *still* be running closed source
firmware).

If the answer is a security concern, OK --- but *what* security threat
are you worried about, exactly?  A yubikey does not have any external
I/O ports.  So it's not like it's going to be sending your private key
to NSA over WiFi.  The main reason why I use a Yubikey is so that if
someone hacks into my laptop they can't just steal my key right off my
hard drive.  *If* there is a backdoor which allows a bad guy (which in
your threat model, may include a state actor) to steal the key off the
Yubikey, there are two things that they could then do.  (a) they might
be able to decrypt messages sent to me that are encrypted in my
private key, or (b) they might be able to impersonate me and upload
backdoor'ed software into Debian or kernel.org.

(b) is my primary sorry --- and I would argue, should be Debian's
primary worry as well.  And in that case, if someone has gotten
physical control of my Yubikey, it's likely I will know that, and will
be able to upload a revocation certificate fairly quickly.  Even if I
don't find out for a few hours, once I *do* know when I last had
physical control of my Yubikey, I can contact the ftpmasters, and the
kernel.org admins, and they start going over the audit logs and taking
remedial action if my key was used to sign software after my key was
stolen.

So at least in my opinions, the concerns over "OMG! Yubikey is using
closed source software", is massively overblown.  If all things were
equal, sure, I would use the hardware that used open source.  But if
it is (a) slower, (b) larger, (c) much more inconvenient to use, (d)
vulnerable to environmental threats (e.g., it gets wet, and say good
bye to your keying material, all things are **not** equal.  The worst
kind of security is the security that doesn't get used because it's
too d*mned inconvenient.

						- Ted

P.S.  Nothing in this e-mail is private.  Feel free to quote me
publically, including in an LWN article.  :-)

Follow-Ups:
- Re: Tor exit nodes
  - From: Philipp Kern <[email protected]>

References:
- Dmitry Bogatov arrested in Moscow
  - From: Dmitry Shachnev <[email protected]>
- Re: Tor exit nodes
  - From: Gunnar Wolf <[email protected]>
- RE:Tor exit nodes
  - From: PICCA Frederic-Emmanuel <[email protected]>
- Re: Tor exit nodes
  - From: Russell Coker <[email protected]>
- Re: Tor exit nodes
  - From: Holger Levsen <[email protected]>
- Re: Tor exit nodes
  - From: Lars Wirzenius <[email protected]>
- Re: Tor exit nodes
  - From: Wouter Verhelst <[email protected]>
- Re: Tor exit nodes
  - From: Antoine Beaupré <[email protected]>
- Re: Tor exit nodes
  - From: Michael Stone <[email protected]>

Prev by Date: Re: Tor exit nodes
Next by Date: Re: Tor exit nodes
Previous by thread: Re: Tor exit nodes
Next by thread: Re: Tor exit nodes
Index(es):
- Date
- Thread