[Cryptography] Hyper-V claims to protect tenant secrets ??
Ray Dillinger
bear at sonic.net
Sat Oct 3 17:31:41 EDT 2015
On 10/02/2015 06:46 PM, Jerry Leichter wrote:
> Frankly, if you want to protect yourself from a serious attack by the three-letter agencies ... you'd better start of with a budget comparable to theirs. Good luck with that.
Agreed in terms of financial and economic risk. If governments
were the only malefactors whom we had to worry about, then we
wouldn't actually need to worry about keeping clients secure
nearly as much as we do - nor mostly from the same set of
threats.
A bit of corporate espionage by government agencies in China
and Japan, the odd attack by North Korea on someone who
embarrassed them, routers and chips compromised for access
to the nations that manufactured them, sabotage of uranium
enrichment plants by the US, etc, are *probably* less damaging
to infrastructure and economies in real terms. Sure, they cost
a few billion dollars, mostly from American companies, but
that's nowhere near the amount lost to plain old criminal
fraud and theft each year.
But not agreed in terms of the risk to freedom. What we're
looking at right now is essentially our ONE opportunity to
establish a precedent that says nations respecting human
rights to any extent do not deliberately weaken security,
do not require their manufacturers to produce deliberately
defective hardware and software, and do not create total
surveillance societies nor tolerate mass surveillance of
their citizens by others.
If we can't get the USA and some other first-world "free"
nations to hold the line on this point, then there is no
differentiation (or at least none on this point) between
free and unfree nations, and will never be.
The fifth amendment, and the first, like the Magna Carta and
the UN Declaration on Human Rights, are there for good reasons
and in order to be a free nation, we need them to apply to
individual people's electronic data in exactly the same way
they apply to searching individual people's homes.
We're used to thinking of security in technical terms or about
cryptographic security, so we're thinking about ways to deny
such attackers the *ability* to steal or destroy information;
but in fact this fight can only be won if we win it in
political rather than technical terms.
TLDR: It is more relevant to write your representatives in
congress (or parliament/etc) about whether free nations have
the RIGHT to conduct such attacks on their own people, than
it is to consider cryptographic security against government
attackers.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151003/167d77bd/attachment.sig>
More information about the cryptography
mailing list