[Cryptography] Digital Certificate Forensics: Clinton Email Server

Phillip Hallam-Baker phill at hallambaker.com
Thu Mar 12 08:53:41 EDT 2015

I have been reading the various pronouncements on the email server. It
seems that a lot of people are making statements that are idiotic and wrong.

As a general rule, I don't comment on other people's security issues unless
they have asked me to or it affects the rest of the community directly.

I have seen many people comment on the situation and in every case the
money quote from the techie is that Clinton's email server suffered from a
particular security problem that just happens to be the one that their
product fixes. And none of the journalists have picked up on that.

It is generally agreed that penetration testing servers is quite difficult.
Anyone who thinks they can pen-test an email server five years after it was
installed should quit the industry and become a psychic. There is a
vacancy, Sylvia Brown died a couple of years back. And she made more money
than most folk in our line of work.

These statements are not just unprofessional, they are career limiting and
can cost business. Venafi is now on record having made a partisan political
statement attacking the person generally considered the front runner in the
2016 Presidential race.

Someone might think that running Microsoft IIS without their security
product makes them woefully insecure. But saying so in this context is
self-serving marketing rather than an objective expert opinion.

When I was working with the Executive Office of the President on some of
the whitehouse.gov systems, an individual known to us all here was in
Congress being asked about security scanners. He claimed that he had
scanned the whitehouse.gov domain and found the systems to be vulnerable.
Five minutes later they were slammed by people launching probes.

Someone who does not know what is behind the fence has very little way to
know what is inside. And when the systems in question are running Open
Genera (the lisp machine O/S) over a stripped down version of ULTRIX,
chances are that any holes are not going to be uncovered by the typical
probe. Since there was no reason to let people on the outside know what was
inside, the servers intentionally reported false server version

What makes this whole situation even more ridiculous is that we know for a
fact that the official state dept systems that 'should' have been used were
completely insecure because Chelsea Manning has provided us with copies of
all the cables.

Clinton was working within the paradigm set by gwb43.com. If it was legal
for members of the Bush administration to use non-government email then it
was legal for members of the Clinton administration to do so. The question
then is why both parties would want to do such a thing.

In general, politicians are very aware of and concerned about security
because they are highly visible targets for attack. But the form of attack
they are most concerned about comes from their political opponents.

Being aware of this issue, it is normal practice for politicians to avoid
ever committing statements they know might be incriminating to paper. I do
the same. Even though I have secure email and my telephone conversations
can be intercepted fairly easily, I use the telephone for a lot of
sensitive conversations because they are less likely to be stored and

Without end-to-end security, SMTP email puts users totally within the power
of the network managers, many of who are likely to support the other party.
The state dept classified cables were in fact attacked in this way but this
is discounted because the perpetrator was opposed to both political

Disclosure under FOIA is not at all the same thing as having a partisan
investigator like an Issa or an O'Keefe publish a subset of the messages
that intentionally misleads.

The solution then is to develop and deploy security systems that meet the
needs of both the politicians and the public. We already have pervasive
deployment of S/MIME capable clients, all we need is to solve the usability
problems so that people can use them in practice. S/MIME is capable of
solving the disclosure issue. If we combine that with an extension of the
Certificate Transparency technology, we can address much of the records
issue concern as well.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150312/a56b9cf3/attachment.html>

More information about the cryptography mailing list