Interesting conjectures! But... What do they have to do with https everywhere that Eric mentioned? They're very general thoughts. And even if we only have 5 years, why not enforce https on .gov sites until then? Seems like a win to me, no matter how long government survives. Parker

Am 14.11.2014 um 09:06 schrieb Georgi Guninski :

Didn't know .gov dudes _openly_ post here.

For a discussion, let me make some conjectures about *us.gov.

Conjecture 1. USA is a pyramid, AKA Ponzi scheme Conjecture 2. USA will die in its present form in at most 5 years (possibly causing troubles to other nations too). Conjecture 3. USA will be bought by the People's Republic of China (PRC) in at most 5 years (possibly with other investors). [This already happened to some USA corporations].

Best of luck, -- gg

...

On Fri, Nov 14, 2014 at 11:13:41AM -0500, Eric Mill wrote: Hey,

I wrote a piece today for my organization, 18F, about our HTTPS-everywhere policy for the .gov websites we build inside the US government:

https://18f.gsa.gov/2014/11/13/why-we-use-https-in-every-gov-website-we-make...

I wanted to give this list some extra context, since I understand the US government is a big, complicated, freighted topic. Below is my *personal* attempt to describe my workplace and is not anything close to an official description or the voice of the government.

18F[1] is a team of ~70 people working as full time employees inside the US federal government. (The name comes from the street intersection -- 18th St & F St -- that its HQ is at in DC.) 18F as a unit was created around a year ago to be a competent, top class in-house technology team for the US federal government.

A driving idea here is that the government shouldn't need to outsource its *entire* technical brain to contractors, and that government services can be simple and even beautiful. If you've noticed what's happened over the last few years in the UK at https://www.gov.uk by the Government Digital Service[2], 18F takes a lot of inspiration from them.

18F is housed inside the General Services Administration, an independent federal agency[3] that does as many different things as its name implies, from running all the buildings to housing the nation's data catalog at Data.gov. It's an "independent" federal agency in that it's not subject to the same level of direct executive and White House control that cabinet agencies are. It's the same kind of "independent" that lets the FCC potentially disagree with the President on net neutrality, for example.

The team has people all over the country (it has a big SF office, for example), many of which have either never been in government before, or who came in after doing the Presidential Innovation Fellows[4] program.

I joined 18F after working for 5 years on open data apps, infrastructure, and policy at the Sunlight Foundation[5], a non-profit in DC that pushes for open government. I had also done a fair amount of work around privacy, HTTPS, and ongoing judicial activity around surveillance. I get to continue doing all of that work in my personal capacity.

I say this just to try to communicate that the 18F team has some very sincere people trying to make the US government work better for people all over the world, and to do right by technology in the process. We have substantial support and autonomy to make that happen.

When it comes to HTTPS, the .gov surface area is absolutely enormous, and moving it helps move the whole Internet forward. Bringing the government in line with the rest of the web/security community (and being loud about it) is one of my big priorities at 18F, and so I wanted to share this here with you all.

-- Eric

[1] https://18f.gsa.gov/ [2] https://gds.blog.gov.uk/ [3] https://en.wikipedia.org/wiki/Independent_agencies_of_the_United_States_gove... [4] https://en.wikipedia.org/wiki/Presidential_Innovation_Fellows [5] https://sunlightfoundation.com/

-- konklone.com | @konklone https://twitter.com/konklone

Dot gov subscribers have been around since the beginning. Some wear dual hats, some switch back and forth. Some use nyms, some use personal mail, some are open, some are hidden. This is how crypto has always worked, no other way to do it. Cannot be one-sided, cannot be perfect, snake oil as common as trustworthy, deception essential, honesty a sure sign of dishonesty. RTFM, RTF archives, filled with tips about using mail lists for FUD. Without FUD no need for crypto. Gov FUD is oxymoronic which is why crypto is basic to any regime. 70 people is about what the USG needs for comsec. 10 capable ones, 60 to pad the payroll and please Congressional earmarkers. 75,000 is shale-fracked snakeoil. Ft Meade better used for a Swedish massage spa. At 12:06 PM 11/14/2014, you wrote:

Didn't know .gov dudes _openly_ post here.

For a discussion, let me make some conjectures about *us.gov.

Conjecture 1. USA is a pyramid, AKA Ponzi scheme Conjecture 2. USA will die in its present form in at most 5 years (possibly causing troubles to other nations too). Conjecture 3. USA will be bought by the People's Republic of China (PRC) in at most 5 years (possibly with other investors). [This already happened to some USA corporations].

Best of luck, -- gg

On Fri, Nov 14, 2014 at 11:13:41AM -0500, Eric Mill wrote:

...

Hey,

I wrote a piece today for my organization, 18F, about our HTTPS-everywhere policy for the .gov websites we build inside the US government:

https://18f.gsa.gov/2014/11/13/why-we-use-https-in-every-gov-website-we-make...

...

I wanted to give this list some extra context, since I understand the US government is a big, complicated, freighted topic. Below is my *personal* attempt to describe my workplace and is not anything close to an official description or the voice of the government.

18F[1] is a team of ~70 people working as full time employees inside the US federal government. (The name comes from the street intersection -- 18th St & F St -- that its HQ is at in DC.) 18F as a unit was created around a year ago to be a competent, top class in-house technology team for the US federal government.

A driving idea here is that the government shouldn't need to outsource its *entire* technical brain to contractors, and that government services can be simple and even beautiful. If you've noticed what's happened over the last few years in the UK at https://www.gov.uk by the Government Digital Service[2], 18F takes a lot of inspiration from them.

18F is housed inside the General Services Administration, an independent federal agency[3] that does as many different things as its name implies, from running all the buildings to housing the nation's data catalog at Data.gov. It's an "independent" federal agency in that it's not subject to the same level of direct executive and White House control that cabinet agencies are. It's the same kind of "independent" that lets the FCC potentially disagree with the President on net neutrality, for example.

The team has people all over the country (it has a big SF office, for example), many of which have either never been in government before, or who came in after doing the Presidential Innovation Fellows[4] program.

I joined 18F after working for 5 years on open data apps, infrastructure, and policy at the Sunlight Foundation[5], a non-profit in DC that pushes for open government. I had also done a fair amount of work around privacy, HTTPS, and ongoing judicial activity around surveillance. I get to continue doing all of that work in my personal capacity.

I say this just to try to communicate that the 18F team has some very sincere people trying to make the US government work better for people all over the world, and to do right by technology in the process. We have substantial support and autonomy to make that happen.

When it comes to HTTPS, the .gov surface area is absolutely enormous, and moving it helps move the whole Internet forward. Bringing the government in line with the rest of the web/security community (and being loud about it) is one of my big priorities at 18F, and so I wanted to share this here with you all.

-- Eric

[1] https://18f.gsa.gov/ [2] https://gds.blog.gov.uk/ [3]

https://en.wikipedia.org/wiki/Independent_agencies_of_the_United_States_gove...

...

[4] https://en.wikipedia.org/wiki/Presidential_Innovation_Fellows [5] https://sunlightfoundation.com/

-- konklone.com | @konklone https://twitter.com/konklone

Governments doing a better job at government would be a great thing. Technology is pretty much the alfa and omega of service nowadays. I think a team of 80 has it's work cut out for it! Regarding security, the NSA has your back (not mine, hah!) so don't worry too much about it. (Also, 18f is more like a false and incomplete answer to "ASL?")

Why are you always so mad, Juan? On Nov 14, 2014 9:48 PM, "Juan" wrote:

On Fri, 14 Nov 2014 20:43:43 +0100 Lodewijk andré de la porte wrote:

...

Governments doing a better job at government would be a great thing.

Not sure what you mean by that. As far as I'm concered the only 'job' the government should be doing is disappearing from the face of the earth.

Let's leave governance to the free market, the bigger the capitalist the more righteous his decrees! Market competition will enforce 100% transparacy, else people will visit the competition for it! In any true free market economies of scale don't exist and competition is so closely tied any offense will cause disappearance! Finance is totally not already so unbalanced a free market cannot exist! I fiercely hate anyone telling me what to do or what to think. Vacuum reality arguments essential to capitalism, and the ease at which they're propagated, recently anger me about as much. We have true capitalism already Juan! Governments compete for posession of the mind! Ideologies live and die in an eternal struggle for superior infectiousness! Violence, justice, law, masscre, kindness, all these things are founded in an inherently "free market" reality! The truth is we're closing on the endgame. The one true ideological survivor. Some hybrid monster of many governments clustered into a supergovernment that spans mankind and directs all that is. It's inevitable; economies of scale at work. Slowly all our diversities will fade as we live in a completely artificially equalized reality, no ability to compete due to immense scale. In more ways than not, we're already there. My suggestion is to welcome our new robotic overlords. Or, steer the vehicle instead of denying you're in it. Just deal with it somehow. Maybe we can create such an overgovernment that all our desired freedoms and abilities are present in the future (unlike today!).

The motherfucking nazis from the US government use 'https'! That's so important! So relevant to the sort of values cypherpunks supposedly stand for.

lol

What are you badmouthing nazi's for? Easy on the US cool-aid, mate.

Not sure what you mean by that, but I'm not a subject of the US nazi sate. Unless by 'has my back' you mean they are likely to shoot me from behind...

http://vimeo.com/m/8991951 I meant USGOV protects USGOV. (Although not USGOV employees per se...) Cybersecurity wise USGOV probably doesn't/hardly need HTTPS, depending on the abilities of adversaries.

Dnia wtorek, 18 listopada 2014 02:34:47 Juan pisze:

On Tue, 18 Nov 2014 05:51:45 +0100

Lodewijk andré de la porte wrote:

...

Why are you always so mad, Juan?

I'm not mad. I simply don't bother with fake politeness.

Why bother with writing at all? :) -- Pozdr rysiek

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I, for one, think that security of any sort is a great improvement. There are plenty of reasons to be suspicious when handing data over to the government, but you might as well be guaranteed your privacy/security *while* doing it. William On 11/18/2014 02:23 PM, Eric Mill wrote:

...

I meant USGOV protects USGOV. (Although not USGOV employees per se...) Cybersecurity wise USGOV probably doesn't/hardly need HTTPS, depending on the abilities of adversaries.

Of course. US govt using https in their stupid propaganda websites is irrelant. What is weird is that some US govt employee bothered to advertise it here. Is he clueless? Was he trolling?

I wasn't trolling. I've been a member of this list, and paying close attention to the field, since well before I joined the US government (which happened back in May).

Before this, I worked for 5 years at a relatively adversarial non-profit group focused on government transparency, called the Sunlight Foundation.

I also did personal work on furthering encryption and drawing attention to government surveillance:

https://konklone.com/post/switch-to-https-now-for-free https://konklone.com/post/the-door-to-the-fisa-court https://twitter.com/fisacourt

I still work on them, and stuff like it, in my personal capacity. I'm on the record in all kinds of places, in my personal capacity, supporting what Edward Snowden did and pushing for technical changes and policy reform to curtail surveillance.

I completely expect (and find welcome and appropriate) high levels of skepticism for anything the US government does. All I can tell you is where I'm coming from, and the actions my team is taking.

In my government capacity, when https://letsencrypt.org is operational next year, I hope to get as many .gov domains to use their certificates as I can.

-- Eric

-- konklone.com https://konklone.com | @konklone https://twitter.com/konklone -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEcBAEBAgAGBQJUa7BhAAoJEFdZT8v9QYjyOyAH/3hsKBFs+INnAH0ahWm/Z7Yb Wd0cjlcLPE9eHHDZv4WXJgn3NVGisHSqqRnq7xJbIU8BIZXHp9euy1MUMPLVknoZ aksxZiNwLs9G94EjjcJQ8qi/0AjPZyHKrIKVd74bNsouODf0YzdTX48TLDzbLFd6 UyCmFKTjxK7Rp2mF84rvnaMjan0XU2sSxUeqpRCbzOgquh/CGHOQSQDuN6P+Qyce 8g9XQgZmeDO2dhTUiqw3zfGC1Kv45wIUbwhwVSnvF4nu1jA82GoooJpgDyzy4o7U kG6OKQQATfSLLLuc2SC0tJsGExz8chDa/PJChTy93UTRTy5KztzmC+M65yGyXr8= =T+wb -----END PGP SIGNATURE-----

Thanks for the update Eric. On Tue, 18 Nov 2014 14:23:10 -0500 Eric Mill wrote:

I wasn't trolling. I've been a member of this list, and paying close attention to the field, since well before I joined the US government (which happened back in May).

Before this, I worked for 5 years at a relatively adversarial non-profit group focused on government transparency, called the Sunlight Foundation.

I also did personal work on furthering encryption and drawing attention to government surveillance:

https://konklone.com/post/switch-to-https-now-for-free https://konklone.com/post/the-door-to-the-fisa-court https://twitter.com/fisacourt

I still work on them, and stuff like it, in my personal capacity. I'm on the record in all kinds of places, in my personal capacity, supporting what Edward Snowden did and pushing for technical changes and policy reform to curtail surveillance.

I completely expect (and find welcome and appropriate) high levels of skepticism for anything the US government does. All I can tell you is where I'm coming from, and the actions my team is taking.

In my government capacity, when https://letsencrypt.org is operational next year, I hope to get as many .gov domains to use their certificates as I can.

-- Eric

Dnia piątek, 14 listopada 2014 20:43:43 Lodewijk andré de la porte pisze:

Governments doing a better job at government would be a great thing. Technology is pretty much the alfa and omega of service nowadays. I think a team of 80 has it's work cut out for it!

Regarding security, the NSA has your back (not mine, hah!) so don't worry too much about it.

(Also, 18f is more like a false and incomplete answer to "ASL?")

18f.gsa.gov seems a complete answer to me. ;) -- Pozdr rysiek

On Fri, Nov 14, 2014 at 03:54:53PM -0300, Juan wrote:

On Fri, 14 Nov 2014 11:13:41 -0500 Eric Mill wrote:

...

Hey,

Is it possible for this mailing list to sink any lower?

As a true optimist, i believe this list can sink till minus infinity ;) Though as a pessimist, counter-trolling against .gov, doesn't appear a good sign for the list (probably just one less puppet acc.)

On Sun, Nov 16, 2014 at 08:11:34PM -0300, Juan wrote:

On Sun, 16 Nov 2014 20:35:29 +0200 Georgi Guninski wrote:

...

On Fri, Nov 14, 2014 at 03:54:53PM -0300, Juan wrote:

...

On Fri, 14 Nov 2014 11:13:41 -0500 Eric Mill wrote:

...

Hey,

Is it possible for this mailing list to sink any lower?

As a true optimist, i believe this list can sink till minus infinity ;)

that's the spirit! =)

well, i don't care much. few sinks don't hurt me much (there are a lot of whores). if i consider the list sinking, i will leave it and seek for a new one (i already left bugrtaq and fyodor's FD).

...

Though as a pessimist, counter-trolling against .gov, doesn't appear a good sign for the list (probably just one less puppet acc.)

On 11/17/14, rysiek wrote:

Dnia poniedziałek, 17 listopada 2014 19:59:01 Georgi Guninski pisze:

...

... well, i don't care much. few sinks don't hurt me much (there are a lot of whores). if i consider the list sinking, i will leave it and seek for a new one (i already left bugrtaq and fyodor's FD).

Cool! Now we have a "list is sinking canary"! ;)

you'll know it's over when i am moderated on cypherpunks. best regards, [ i can get behind an infinite mod delay on FD, but cpunks is sacred! ]