[Cryptography] "we need to protect [our dox] by at least encrypting them"

Tom Mitchell mitch at niftyegg.com
Fri Nov 4 13:21:46 EDT 2016 

On Thu, Nov 3, 2016 at 4:06 PM, Henry Baker <hbaker1 at pipeline.com> wrote:

> FYI --
>
> https://wikileaks.org/podesta-emails/emailid/43625
>
> Fw: hey

......

>
>    I was struck by the memo partly because it was first I had heard of it
> but much more because it was a sensitive doc bumping around on public email
> addresses.
>
>    There is a very real threat to the security of our documents
> (particularly sensitive ones like the one you worked up), and we need to
> protect them by at least encrypting them.




So what did this wiki leak message tell us that we did not suspect or know?

I wonder what sensitive implies?
I also wonder what the option to public email addresses is?

It sounds to me as if he might have known about the big slurp in Yahoo.com
and perhaps Google.  A public email would also be *.gov server to me.

The news is hot after private email servers like HC but this WL document
 implies
to me that private servers have the potential to be more appropriate
for sensitive messages.  The news would have it be .gov to allow
a FOI request to come to play but that might be self serving for FoX and
CNN.

Option example:  If Henry and I wished to have private communications I
might
setup a private server (local only) that we would connect to via
ssh or VPN.

i.e. Security could be done completely inside of barackobama-dot-com
with well chosen aliases and account names.

I have often speculated that the state department understood that their
dot-gov servers were insecure and that would have justified one or more
personal server
behind famous domain names or IP-address.  Aliases allow the translation of
an
incoming name at domain to become diff-name at machine.subdomain.domain
behind a firewall and that be connected to via firewall pin holes.  Alias
changes
and subdomains behind a firewall are invisible and ephemeral.

Classified documents via electronic channels and US Mail  are a tangle.
An invoice for toilet paper could (would) be marked: classified, secret,
top secret
the instant the envelope is opened in a federal  payment facility.
Yet it originated with the vendor with no clearance who still retains an
unmarked copy.

Cryptography complicates the classification game.   It is likely that a
message encrypted with
a specific key be classified because of the key used not the content of the
message.
In addition to the key used the method used might be classified.   i.e. The
changes
to method as the availability of quantum tools on the horizon will prove
interesting as
expected availability of tools in the future and the security window of the
content sensitivity
cross.


-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161104/bb6d1fb7/attachment.html>

More information about the cryptography mailing list