I do not trust treacheours computing or (un)trusted computing as I would call it. Personally I focus on the inabilty to prevent installation and detect if there ever was spyware in the "trusted" space.
But just as there is no way to ensure a specific instance of hardware is what it claims to be (without opening it) there is no way for 3rd parties to assert if a certain modifiable space is untampered. It is a nasty problem.
In my view, this logically leads us to external likely wireless hardware tokens which we of course need to have a healthy distrust towards (as there is no way to ensure there is no hidden mechanisms) and keep constantly monitoring and do random checks on all data leakage.
To create key devices, we can trust - even on Debian, Iphone and Windows computers - of course there need to be source code review especially assuring the key devices are actually ensuring you have identity control.
But it is a two-way street. If 3rd parties (incl. DG ITEC) have to trust your keys, they also need to have assurances about the integrity of keys against e.g. identity renting, lending or id theft. Meaning you as a user CANNOT have key access as that would violate integrity including your ability to protect your keys (which 3rd parties shouldn´t trust).
And of course we would trust code that are under continous scrutiny more than "closed" code whereas the more institutional structures likely require other institutional structure to assert (even through we wouldnt trust them - e.g. NIST). More than one independantly need to have that access and provide their assurances in a traceable manor - open source or not.
An untrusted Debian session could then be authorized using the hardware token.
The main thing is - as stated - to ensure you do not identify personally or any of the devices in the sessions even if DG Itec require authroization and accountability.
So we need to use blinding and conditional mechanisms in the key device whereas we can leave the channel anonymization to the Debian device. Fine
Stephan Engberg
- - - - - - - - - - - - - - - - -
Stephan J. Engberg
Priway - Security in Context
lynX@the.internet.is.psyced.org
26-11-2014 14:12
To: stephan.engberg@obivision.com
cc: erik.josefsson@europarl.europa.eu, debian-blends@lists.debian.org, dr@jones.dk
Fax to:
Subject: Re: Is there a VERY minimalist "Pure Blend"
On Wed, Nov 26, 2014 at 01:50:13PM +0100, stephan.engberg@obivision.com wrote:
> 1) It exclude the 99,9999% of the population that have no chance in hell
> of doing so. For all practical purposes there is litte difference to them
> what license, their devices operate.
Oh no, Stephan's logic again!
You really have a talent for that!
You should be a politician!
99,9999% of the population have no idea how to find out whether
Iranian nuclear facilities are suitable for producing weaponry,
yet it makes a difference to us whether the UN is permitted to
oversee such facilities or not.
I find the trustworthiness of debian binaries more important
for western democracies than whether Iran can produce weapons
or not, considering the immense number of critical systems based
on them. How can we allow EU inspectors to ensure that those
binaries are produced from the correct source codes?
I know everyone is operating in best intentions, but so is
the Iranian government. We need to get beyond the trust thing.
Trust in technology is the essence of evil.
> 3) Just because something is self-complied does not mean that it is good
> or adabted to your needs - and most of what you depend on is operated by
> technology and providers outside your control.
Yes, but it is pointless to even start looking at source codes
if most people will execute somebody else's binary anyway.