Linked by Thom Holwerda on Fri 21st Jun 2013 19:08 UTC
Legal "Britain's spy agency GCHQ has secretly gained access to the network of cables which carry the world's phone calls and internet traffic and has started to process vast streams of sensitive personal information which it is sharing with its American partner, the National Security Agency. The sheer scale of the agency's ambition is reflected in the titles of its two principal components: Mastering the Internet and Global Telecoms Exploitation, aimed at scooping up as much online and telephone traffic as possible. This is all being carried out without any form of public acknowledgement or debate." Woah.
Thread beginning with comment 565598
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[13]: Enough already
by Alfman on Tue 25th Jun 2013 12:30 UTC in reply to "RE[12]: Enough already"
Alfman
Member since:
2011-01-28

Lennie,

"They can't get undetected access to the root key signing key. They would need to create some kind of fake emergency."

It may be true, or it may not be true, but you should realize that the actual truth is not dependent upon what either of us say. That's the thing about proving a spy agency has no knowledge of secrets. It's like proving there are no aliens in the universe; absence of positive proof isn't negative proof.

The fact that the US government is responsible for commissioning this is a concern because they arguably have a bigger motive and capability to plant "inside guys" and use bugged hardware. The official DNSSEC guidelines only excluded from key-holder candidacy employees from verisign, ICANN and US Commerce Department. They don't even claim to exclude NSA agents from the root keyholder position.


"Sure we can leave it an open question if you don't want to discus it further."

Yes I would like to leave it an open question, I don't think it's possible to *prove* otherwise.

Edited 2013-06-25 12:33 UTC

Reply Parent Score: 2

RE[14]: Enough already
by Lennie on Tue 25th Jun 2013 12:40 in reply to "RE[13]: Enough already"
Lennie Member since:
2007-09-22

Let's get back to the important question, what would a system that the general public can use look like.

Reply Parent Score: 2

RE[15]: Enough already
by Alfman on Tue 25th Jun 2013 15:08 in reply to "RE[14]: Enough already"
Alfman Member since:
2011-01-28

Lennie,

"Let's get back to the important question, what would a system that the general public can use look like."

Haha, good idea.

I started to articulate a direct response to this question, but it quickly blew up in scope. Instead I'll cop out and respond with one interesting decentralized DNS variant...

https://dot-bit.org/Main_Page

I don't endorse it per say, but I never the less find it interesting and I believe the concept could be used to distribute crypto-keys without any centralized "root" management over the system at all.

Reply Parent Score: 2