[Cryptography] Other obvious issues being ignored?
John Denker
jsd at av8n.com
Tue Oct 20 15:16:01 EDT 2015
On 10/19/2015 06:10 AM, Thierry Moreau wrote:
>
> What other "obvious" questions are we ignoring?
Yet another item to add to the list:
As I like to say:
* Metadata is data.
* A cryptosystem that leaks metadata is a cryptosystem that leaks.
This is an obvious problem. The fact that I don't entirely
know how to fix it doesn't make it any less obvious, or any
less problematic.
In particular, in email, a lot of stuff that should be
encrypted isn't. For example, PGP doesn't even try to
encrypt the Date: and Subject: lines ... for no good reason.
Onion routing helps, but the TOR network seems to be rather
inefficient and rather low capacity at the moment.
There exist "secure messaging" apps, but they seem at the
moment limited to a rather small niche market ... which
might make them worse than nothing, insofar as using them
raises red flags.
One of the main tools for defeating traffic analysis is
/cover traffic/. There has been a little bit of nice
discussion of that recently, in this forum and elsewhere,
but not much rubber is meeting the road AFAICT. A search
for
https://www.google.com/search?q=%22cover+traffic%22+%22rfc%22+site%3Aietf.org
turns up almost nothing.
Another thing that might help is legislation:
* Metadata is data.
* You can't get the data without a warrant.
* You can't get the metadata without a warrant.
In the US, the idea that metadata is somehow not covered
by the 4th amendment is a legal fiction. It is a loophole
that could be closed, or at least narrowed to stop ginormous
trucks from driving through it.
More information about the cryptography
mailing list