[Cryptography] NSA and Tor was Updates on Durov charges in France
Jerry Leichter
leichter at lrw.com
Mon Sep 9 17:49:15 EDT 2024
> ...And where the origin address is spoofed each packet of each incoming
> stream or circuit still has to be identifiable as belonging to that
> stream so the server can do the right thing with it; and it's pretty
> much always done in some plaintext manner - servers ain't gonna do
> expensive PK operations on each packet, no sir, and they don't otherwise
> know which symmetric key to use....
This has been the accepted way of doing things forever, but ... does it *have* to be this way? The fact is that many of the links out there these days are shared, and rely on cryptography to maintain privacy. WiFi is the obvious one, but the fiber distribution standards are the same: Every endpoint has its own key and while it receives every packet it can only decrypt its own. (This is for downstream traffic - upstream is done differently.) So we're at the point where we can afford to do strong encryption at very high rates, and fairly low cost.
Now, as it happens, all of these systems are implemented to encrypt the user data, but leave the metadata - routing information - in the clear. That's an implementation choice going back to the days when nothing else was practical. Perhaps it's time to revisit the decisions.
Though ... I don't hold out much hope. While *theoretically* new protocols with much stronger protections are possible, *practically* there's way to little demand for anyone to want to rebuild stuff from the ground up in an incompatible way. And of course the spooks will find all kinds of ways to stymie such a change-over.
-- Jerry
More information about the cryptography
mailing list