[Cryptography] WireGuard

Phillip Hallam-Baker phill at hallambaker.com
Tue Sep 4 10:31:33 EDT 2018

On Mon, Sep 3, 2018 at 1:45 PM Christian Huitema <huitema at huitema.net>

> On 9/2/2018 7:17 PM, Phillip Hallam-Baker wrote:
> And a design brief where a random nation state can create a
>> certificate for microsoft.com is a good one?!?
> It enabled Amazon and online commerce. It has worked for 20 years. Nation
> state attacks tend to be mitigated by their reluctance to get caught.
> Though not always. Skripal was obviously attacked with the nerve agent to
> leave no doubt as to who was behind it. Though that game is rather more
> desperate and higher stakes than most.
> There was a nation state, Iran, behind the Diginotar attack. The attack
> enabled them to create fake certs for Google, so as to spy on Gmail
> traffic. I would not say that all nation states exhibit "reluctance to get
> caught".

I said 'tend to be'. The US govt has been risk averse in this respect, the
Snowden papers clearly show that they did exactly what they thought they
could get away with without being caught. Which was a heck of a lot!

The Iranian govt had a different objective in that they wanted their
population to know that they were being watched. In fact that was their
chief goal above and beyond actually catching people. If they catch people,
they have to do something with them and that is actually rather hard in the
Shi'ia theology because the legitimacy of the ruler depends on how they

The problem with the Iranian approach is that it was externally visible and
didn't last very long as a result. It lasted for a critical period when the
regime was under huge pressure though.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180904/feffcfed/attachment.html>

More information about the cryptography mailing list