<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 9/8/12 11:09 PM, Jonathan Lassoff
wrote:<br>
</div>
<blockquote
cite="mid:CAHsqw9vNCNfH_tEr_NRtceny0fwuVUQSVrEQY6r-Zrw4s3ksmA@mail.gmail.com"
type="cite">
<pre wrap="">On Sat, Sep 8, 2012 at 3:01 PM, Quinn Norton <a class="moz-txt-link-rfc2396E" href="mailto:quinn@quinnnorton.com"><quinn@quinnnorton.com></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">On 9/8/12 8:23 PM, Jonathan Lassoff wrote:
</pre>
<blockquote type="cite">
<pre wrap="">
Yeah, in more seriousness, I'm interested in more keysigning and
preparation for a { present where we want to | future where we may
need to } use more crypto.
</pre>
</blockquote>
<pre wrap="">I'm just going to point out that keysigning is a terrible idea. ARGUMENT:
BEGIN! :)
</pre>
</blockquote>
<pre wrap="">
What's so bad about them?
</pre>
</blockquote>
They create a social network. For me, this means they create a
convenient way for an attacker to hunt down and kill or arrest my
sources. And since they're persistent in time, if I have <i>ever</i>
been connected to you, well, it means if anyone in the chain becomes
interesting, it puts the whole chain in danger. <br>
<blockquote
cite="mid:CAHsqw9vNCNfH_tEr_NRtceny0fwuVUQSVrEQY6r-Zrw4s3ksmA@mail.gmail.com"
type="cite">
<blockquote type="cite">
<pre wrap="">But you know what would be awesome to add in to a cryptoparty? Discussions
of threat modelling!
</pre>
</blockquote>
<pre wrap="">
This is always fun to theorize and imagine about, but doesn't seem
very productive.
</pre>
</blockquote>
Threat modeling is the start point to any good security culture. If
you don't even try to understand threats, you can learn all the
tools you want, you won't know when to use what. Threat modeling is
a skill, but it's a mental and cultural skill. It's learning about
the environment and updating your tools and tactics. Otherwise,
we're all like surgeons with a lot of cool knives and a patient, but
no diagnose. Let's just cut that fucker 'til he gets better!<br>
<br>
But it's not saying "what if..." over a bottle of scotch until the
sun comes up (which is also fun and i recommend it, even though it's
not threat modeling) it's looking at the possible avenues of attack,
figuring out which attackers you care about and why, and designing a
security culture around that. For instance, whether you're in US
jurisdiction or not makes a big difference on whether you should be
guarding against the administrative subpoena. That's going to lead
you to tools that aren't so much cryptographic as non-logging. If
we use gchat OTR the gov can still find out every time we talked. if
we use chat in a Decent game, it may not be encrypted, but it's also
not persistent -- no persistence, no subpoena. <br>
<blockquote
cite="mid:CAHsqw9vNCNfH_tEr_NRtceny0fwuVUQSVrEQY6r-Zrw4s3ksmA@mail.gmail.com"
type="cite">
<pre wrap="">
</pre>
<blockquote type="cite">
<pre wrap="">seewhatididthere?
</pre>
</blockquote>
<pre wrap="">
Troll detected? I can't tell.
</pre>
</blockquote>
By questioning keysigning, I kicked off a discussion about modeling
when and where threats come from. We should talk and think about
what makes some technologies good, and how or where they
structurally fail for our situation. Crypto is great, I fucking <i>love</i>
the idea of cryptoparties, precisely because they are a chance to
not just download packages, but learn about and share security
culture.<br>
</body>
</html>