top | item 28154390

(no title)

szc | 4 years ago

This thinking is based on trusting "encrypted" links. Did you build the hardware that drives these links? Did you audit the Verilog or code that operates this hardware?

I know of at least one way a to implement a "secure" TLS product that you could purchase and deploy in your datacenter that would leak all of the the keying material to compromise every data connection to the NSA. You would be 100% in compliance of all technical requirements, but your data would be utterly transparent. You would not be able to detect this using an internal or external audit.

Did you purchase your rack-to-rack equipment from the equivalently Trojaned "Solar Winds" vendor? The "Solar Winds" event was a "commercially" botched exploit.

Sorry, NSL(s) do not scale. It is an ever expanding "circle of trust".

Containing secrets is only effective if they are only shared within "your shared culture" and your culture is very stable -- nobody leaves because of a difference of opinion.

NSL can only be effective if nobody knows.

discuss

salawat|4 years ago

Mmmmhmmm. Guess who gets the NSL? Legal and exec team. Guess who are selected occupationally for the ability to keep one's mouth shut?

The velvet glove gets more mileage than you think.