PGP/SSL/TLS really as secure as one thinks?

Joe Abley jabley at hopcount.ca
Fri Jun 7 15:25:36 UTC 2013


On 2013-06-07, at 11:14, Jeroen Massar <jeroen at massar.ch> wrote:

> On 2013-06-07 06:50, Dan White wrote:
> [..]
> 
> A nice 'it is Friday' kind of thought....
> 
>> OpenPGP and other end-to-end protocols protect against all nefarious
>> actors, including state entities.
> 
> If you can't trust the entities where your data is flowing through
> because you are unsure if and where they are tapping you, why do you
> trust any of the crypto out there that is allowed to exist? :)

Defence in depth. PGP-encrypt your transport stream and send it over TLS with client- and server-side certificate validation with a restricted CA list on each endpoint. Using IPSec. Through tor. With the plain-text littered with code words that are meaningless except to your intended recipient, taken from a pre-shared (in-person) code book that changes every day.

Then your facebook sessions will be secure.


Joe



More information about the NANOG mailing list