[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: goals for hardening Debian: ideas and help wanted

On Wed, 30 Apr 2014 18:33:56 +0200
Aaron Zauner wrote:

> > It adds a lot of complexity for privacy benefit. Integrity is often
> > muddled into security too. As far as I am concerned they can actually
> > counter each other and are seperate entities.   
> No they are not. Integrity should be part of your understanding of
> security. Basics of information security suggest confidentiality,
> integrity and availability. [0]

Suggested Basics, yes and good to remember they may influence each
other but I don't like mixing them up once that is understood
personally. The desired level of "Information security" *may* have next
to nothing to do with integrity and conversely availability can often
be everything in a specific situation. It makes much more practical
sense to keep integrity and availability as their own seperate
entities. All too often the word secure is confused and abused or
marketed. All too often I have witnessed it being said that X is more
secure when actually it may be more exploitable but increases
availability or integrity.

Debian developers not being able to upload security fixes is part of
the mix but then I would guess you could more easily bring down the TOR
network too than a private VPN and filtering would be much more
difficult so I would say TOR is not *optimum* for security or
availability and obscurity is no real security though perhaps very 
occasionally the best possible ;-).

> > Obscuring from targetted attack is highly questionable to me when a
> > secure VPN from a lightly used machine (no web browsing) can offer real
> > security. You may just be giving a way in otherwise.  
> First I don't understand your first sentence. Second how does a VPN
> provide more "security" than say Tor?

Tor is more complex, less proven, had more past exploits and crucially I
believe? generally more reliant on external infrastructure. It's
primary aim is privacy and not a simply secure protocol. I include SSH
when I say VPN too but host security is paramount in any case.

Devs avoiding html mail clients on machines with keys or access etc..
might be another idea. Was there a resolution on binary uploads?

Reply to: