[Ach] filippo on SSL SMTP encryption

Aaron Zauner azet at azet.org
Wed Apr 1 23:03:55 CEST 2015



Aaron Zauner wrote:
> Hi Manuel,
> 
> Manuel Kraus wrote:
>> Ever heard about the "killswitch" idea of the USG? HSTS invites for low
>> effort, high gain attacks and there comes a time where the advisory
>> won't need to stay undetected. Consider following example: If there's no
>> official change on NSA network intelligence policy in the next future
>> they'll start to operate in the open field with no regret and no mercy.
>> Simply saying: You folks know already how it works, so what? There will
>> be no need for them to do such things only in a stealthy way. Losing the
>> ground for this argument has begun with the Snowden leaks. That's
>> somehow a drawback of the leaks itself, we could say.
> 
> Sorry but that's handwaving. Also not how intelligence operations work.

Added to that; it's neither low effort nor high gain. If you want to
effectively fuck with the internet: attack BGP and be done with it.

Aaron

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20150401/60a9a331/attachment.sig>


More information about the Ach mailing list