On Fri, 2015-02-13 at 15:14 +0000, Ian Jackson wrote: > There are organisations with plenty of money, who would perhaps like > to infiltrate us, but for whom risk of exposure is the biggest cost of > trying. Which organisations would that be? It is the NSA, who was caught red-handed installing gear in AT&T telephone exchanges to illegally spy on US citizens? [0] (Was there really a chance the presence of such gear wouldn't eventually become public?) Is it Australia's ASIO, who was caught red handed having flooded a government building in East Timor with listening devices? [1] Or maybe it is Mossad, whose we apparently so unconcerned by the risk of exposure their agents didn't bother wearing disguises when assassinating Mahmoud Al-Mabhouh [2] In the end, a little embarrassment aside what is the effect of being expose trying to compromise Debian? Because if there is nothing else imaging a small risk of embarrassment will stop them sounds almost impossibility naive. And to me the risk looks to be very small indeed. All they need is a DD who is an employee of a loosely affiliated organisation who can be trusted keep his mouth shut. You can be sure they already will have some a plausible reason ready if their activity is discovered. Maybe something along the lines of "oh yes, we gave him a new laptop, but it appears the company we use to dispose of the old ones didn't reformat the disks, despite it being in the contact". In my mind there are only two possibilities. One is the Debian keyring isn't worth a spy agencies effort to infiltrate. The other is they have already done it. (I don't have a clue which it is - second guessing the decisions of a spy agency seems like mission impossible.) Either way, neither our current key signing procedures nor any of the replacements discussed here will have any effect outcome, as they are ridiculously weak against the resources of a nation state. Fortunately they aren't our only defence, they are just the moat that stops the unwashed rabble. Our main defence against this sort of attack is our transparency. Everything we do, we do in public. And everything we have done is checked by that wonderful band of the truly paranoid we occasionally have to tolerate on our mailing lists. Anything nefarious is going to be spotted, it's just a question of when. This places a limit on the lifetime of any compromise. Unlike Australia's bugged building, it won't go unnoticed for a decade. The limits the value of any compromise because it has to remain unnoticed until it gets into stable and is then be deployed by the target. Back to my original point, the job we ask of GPG is to ensure the keys we admit to the keyring are owned by entity who has proved he is competent at maintaining packages and is compatible with Debian's social fabric. I can't imagine a better way of doing that then proof of work. But yes, everybody is absolutely right in saying it won't stop spy agencies. [0] http://en.wikipedia.org/wiki/Room_641A [1] It's unlikely many outside of Australia will know what I referring to so here is a short history lesson. Australia paid for and built the said building, promoting it at the time as generous foreign aid to a neighbour in need. What East Timor really needed, in fact desperately needed, was a source of foreign income. That was a problem as East Timor is a new, tiny and very poor country, but nonetheless things looked hopeful because huge gas fields had been discovered in the East Timor sea. Minor problem: they were in a dispute with Australia over a border running through the middle of the gas fields. The East Timorese hired OECD professionals and and held lengthy planning meetings for the ensuring negotiations over the border (mostly held in the building Australia had provided), but it appears despite their efforts the amazingly skilled Australian diplomats out foxed them at every turn as at the end of the process most of the gas fields were on the Australian side. When the Australia’s shenanigans inevitably leaked East Timor took it all the way to the World Court. It's hard to overstate the embarrassment suffered by ASIO and their political masters had to endure at the time. Still, they must have known the odds were high it would leak, and in the end Australia still has the gas fields. http://en.wikipedia.org/wiki/Australia%E2%80%93East_Timor_spying_scandal [2] http://en.wikipedia.org/wiki/Assassination_of_Mahmoud_Al-Mabhouh
Attachment:
signature.asc
Description: This is a digitally signed message part