Google Welcomes Netflix to High Speed Networks
-
I think too much security, like encrypted everything, results in a situation similar to security through obscurity where we start to confuse people and they think that they are hidden when they are not and actually make them overall less secure.
-
I care less about the ISP than I do the feds... I do believe in the tenants of 1984. I do believe that perhaps some day I'll do something somewhere that will piss someone who is high and mighty off and they will go to their NSA buddies and say.. give me this guys life story for the past 20+ years... and they'll find some little really shouldn't matter BS that they'll use against me. Yes you can call me a bit paranoid...
But in light of Snowden's releases can you honestly tell me there is no possibility of that?Hell, even the 4th amendment is being trumped by the courts as long as the search and seizure is automated and not done by a computer... it's just horrible!
-
Plus, adding more encrypted data to the internet is just that much more work those intercepting that data has to do. So I'm all for slowing them down any way I can.
-
I think that they can see the traffic just fine. Just increasing the tax dollars spent on it
Especially since they see the endpoints most likely. So encrypting in the middle probably does little.
-
eh? are you implying that they have compromised most of the websites out there? or at least the big boys? if not, assuming it's encrypted from my desk to their server, how would they have unecrypted access?
-
@Dashrender said:
eh? are you implying that they have compromised most of the websites out there? or at least the big boys? if not, assuming it's encrypted from my desk to their server, how would they have unecrypted access?
Yes. I'm implying that they have access to pretty much everything of value. From network gear back doors to direct database dumps.
-
@Dashrender said:
eh? are you implying that they have compromised most of the websites out there? or at least the big boys? if not, assuming it's encrypted from my desk to their server, how would they have unecrypted access?
SSL decryption's pretty easy for a man-in-the-middle.
-
@alexntg said:
@Dashrender said:
eh? are you implying that they have compromised most of the websites out there? or at least the big boys? if not, assuming it's encrypted from my desk to their server, how would they have unecrypted access?
SSL decryption's pretty easy for a man-in-the-middle.
What? Please explain.
I have to give Scott his point that the hardware has already been compromised, so the encryption is potentially pointless since they have direct access to it pre encryption, but post SSL encryption being 'easy' to decryption... help me out here.
-
@Dashrender said:
@alexntg said:
@Dashrender said:
eh? are you implying that they have compromised most of the websites out there? or at least the big boys? if not, assuming it's encrypted from my desk to their server, how would they have unecrypted access?
SSL decryption's pretty easy for a man-in-the-middle.
What? Please explain.
I have to give Scott his point that the hardware has already been compromised, so the encryption is potentially pointless since they have direct access to it pre encryption, but post SSL encryption being 'easy' to decryption... help me out here.
It's fairly common now for content filters to decrypt SSL traffic. If enterprise-grade products can do it, why wouldn't government-grade ones do it too?
-
You're forgetting a major part. The only reason the enterprise devices can do it is because those enterprises have rolled out a trusted cert to their clients that allow the edge devices to create on the fly certificates that make the client device think they have end to end encryption.
Now.. of course.. if the NSA has a CA in their back pocket (and why wouldn't we think they do) or are a covert CA themselves (hell anyone can be a CA these days), then life is a bit easier for a man in the middle type attack. But you'd still have divert the traffic to your own servers that are using the 'fake' cert for the website in question, which would then act as a proxy for the real site (exactly like the enterprise systems).
This problem can be mostly solved by CA stapling. CA stapling can be seen here http://en.wikipedia.org/wiki/OCSP_stapling
Of course to really make this all work much more securely we need secure DNS, and I'm not sure how much longer that's going to take, if we ever get it.
