[Cryptography] A lot to learn from "Business Records FISA NSA Review"

Eugen Leitl eugen@leitl.org
Fri Sep 20 01:58:00 PDT 2013


----- Forwarded message from Ray Dillinger <bear@sonic.net> -----

Date: Thu, 19 Sep 2013 10:02:35 -0700
From: Ray Dillinger <bear@sonic.net>
To: cryptography@metzdowd.com
Subject: Re: [Cryptography] A lot to learn from "Business Records FISA NSA Review"
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130828 Icedove/17.0.8

On 09/16/2013 07:58 AM, Perry E. Metzger wrote:

> Well, we do know they created things like the (not very usable)
> seLinux MAC (Multilevel Access Control) system, so clearly they do
> some hacking on security infrastructure.

SeLinux seems to be targeted mostly at organizational security,
whereas the primary need these days is not organizational, but
uniform.

That is to say, we don't in practice see many situations where
different levels and departments of an organization have complex
and different rules for how and whether they can access each
other's information and complex requirements for audit trails.

What we see is simpler; we see systems used by people who have
more or less uniform requirements and don't much need routine
auditing, except for one or two administrators.

More useful than the complexity of SeLinux would be a relatively
simple system in which ordinary Unix file permissions were
cryptographically enforced.  If for example read permissions on
a file are exclusive to some user or some group, then that file
should be encrypted so that no one else, even if the bytes are
accessible to them by some means, should be able to make sense
of it, and the configuration options should include not storing
the key to it anywhere in the system -- let the user plug a
USB stick in to give the key for his session, and let the user
remove it to take that key away again whenever he's not using it,
rather than leave it around on the hard drive somewhere potentially
to be accessed by someone else at some other time.

We have spent years learning to protect the operating system from
damage by casual mistakes and even from most actual attacks,
because for years control of the computer itself was the only
notable asset that needed to be protected.  It is still true that
control of the computer is always at least as valuable as
everything else that it could be used to compromise, but with
unencrypted files it can compromise far too much.  And the value
of what is stored in individual accounts has gotten far too high
to *NOT* give protecting them at least as much thought as
protecting root's access rights. Photographs, banking records,
schedules, archived mail going back for years, browser histories,
"wallets" that contain many other keys, etc, etc.  This is far
different from old days when what was on a user's account
was basically a few programs the user used and some text or
code that the user had written.  We need to catch up.

Bear

_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20130920/af43381a/attachment.sig>


More information about the cypherpunks mailing list