[liberationtech] diseconomies of scale

Eugen Leitl eugen at leitl.org
Tue Jun 18 01:48:29 PDT 2013 

On Mon, Jun 17, 2013 at 02:35:36PM -0400, The Doctor wrote:

> There is a problem with that: Traffic to and from small providers has
> to traverse the networks of the tier-II and tier-I providers to go any
> appreciable distance.  We already know that at least some of the
> peering points are backdoored - Naurus hardware, if I recall

IIRC Narus is an FPGA box capable of up to layer 7 passive
(maybe active attacks?) sniffing at wire speed
(up to TBit/s?). Someone correct me if I remembered wrongly.

Notice that at least one leg of your message was protected
against passive sniffing by StartTLS:

Received: from smtp.stanford.edu (smtp1.Stanford.EDU [171.67.219.81])
        (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
        (Client did not present a certificate)
        by leitl.org (Postfix) with ESMTPS id 773E55443CC
        for <eugen at leitl.org>; Mon, 17 Jun 2013 20:35:45 +0200 (CEST)

In case of self-signed certs which secret key was never leaked,
according to publicly available inforformation (shops like NSA
are definitely somewhat, possibly considerably ahead of nonclassified
cryptography state of the art) you need an active (man in the middle) 
attack to disrupt the session, and get at the message cleartext.

Mail transport agents (MTAs, e.g. postfix) can be configured to
strictly enforce StartTLS message delivery.

> correctly.  So, even if someone sets up a status.net instance that,
> let's say for example a subset of this mailing list starts using
> instead of Twitter because it's smaller, all of that traffic is still
> probably going to pass through a location that's snaffling copies of
> every packet.  It might not see every bit of traffic to and from that
> site, but enough traffic might be picked up to get an idea of what's
> happening there and whether or not a closer look is warranted.

Obviously a mailing list is not about keeping secrets. 
But if an increasing fraction of all network traffic goes
dark to passive sniffing this presents a considerable challenge
to a global adversary. MITM is expensive, and can be detected
(and thus protected against) with finite effort.

It is we who make things unnecessarily easy.

More information about the liberationtech mailing list