None of the Above (![[info]](http://klab.lv/img/userinfo.gif){kind=small} artis) rakstīja,@ 2013-07-26 10:19:00 |
 |
 |
 |
|
|
|
|
|
|
 |
|
 |
Kopsavilkums
The whole PRISM scheme worked because people supposed the government respected their privacy. Now that it's been proven false, I expect people to use local encryption schemes, were third parties can't give a key they don't have. I expect people to become careful about which certification authority signed their SSL key, and to use self-signed certificates whenever practical. Targeted spying will remain possible, but indiscriminate surveillance PRISM-style would become impractical.
Today, nobody in the business can pretend with a straight face that top-level certification authorities are trustworthy; so I expect the next generation of security protocols, the successors of the (transparent and enabled by default) SSL, to treat governments as opponents.
I also believe that companies will change their security patterns, e.g. stop trusting American third parties such as Microsoft if they have competitors with political connections in Washington.
That's the great thing about software, especially Free software - all it takes is a handful of us to make systems where strong security is transparent and enabled by default and it will proliferate to all the regular people.
Since terrorism is maybe 1k people with any connection to the US per year, it's pretty easy to justify deploying privacy enhancing technologies to the remaining 300 million people, and there wouldn't be a politically feasible way to stop it.
Hardware? More than One Billion people are walking around with computers in their pockets running closed source, proprietary, binary blobs. These computers constantly track their owners while being connected to most (if not all) of their private communications services.
The trust model of HTTPS was always broken from the start. This whole story "only" reinforces the point that key distribution and management is hard, and a central list of certificate authorities is not a good solution. On the negative side, good systems don't really exist. On the plus side, this story might help push the development of good systems.
The whole PRISM scheme worked because people supposed the government respected their privacy. Now that it's been proven false, I expect people to use local encryption schemes, were third parties can't give a key they don't have. I expect people to become careful about which certification authority signed their SSL key, and to use self-signed certificates whenever practical. Targeted spying will remain possible, but indiscriminate surveillance PRISM-style would become impractical.
Today, nobody in the business can pretend with a straight face that top-level certification authorities are trustworthy; so I expect the next generation of security protocols, the successors of the (transparent and enabled by default) SSL, to treat governments as opponents.
I also believe that companies will change their security patterns, e.g. stop trusting American third parties such as Microsoft if they have competitors with political connections in Washington.
That's the great thing about software, especially Free software - all it takes is a handful of us to make systems where strong security is transparent and enabled by default and it will proliferate to all the regular people.
Since terrorism is maybe 1k people with any connection to the US per year, it's pretty easy to justify deploying privacy enhancing technologies to the remaining 300 million people, and there wouldn't be a politically feasible way to stop it.
Hardware? More than One Billion people are walking around with computers in their pockets running closed source, proprietary, binary blobs. These computers constantly track their owners while being connected to most (if not all) of their private communications services.
The trust model of HTTPS was always broken from the start. This whole story "only" reinforces the point that key distribution and management is hard, and a central list of certificate authorities is not a good solution. On the negative side, good systems don't really exist. On the plus side, this story might help push the development of good systems.
