On Fri, 2015-02-13 at 15:14 +0000, Ian Jackson wrote:
> There are organisations with plenty of money, who would perhaps like
> to infiltrate us, but for whom risk of exposure is the biggest cost of
> trying.
Which organisations would that be?
It is the NSA, who was caught red-handed installing gear in AT&T
telephone exchanges to illegally spy on US citizens? [0] (Was there
really a chance the presence of such gear wouldn't eventually become
public?) Is it Australia's ASIO, who was caught red handed having
flooded a government building in East Timor with listening devices? [1]
Or maybe it is Mossad, whose we apparently so unconcerned by the risk of
exposure their agents didn't bother wearing disguises when assassinating
Mahmoud Al-Mabhouh [2]
In the end, a little embarrassment aside what is the effect of being
expose trying to compromise Debian? Because if there is nothing else
imaging a small risk of embarrassment will stop them sounds almost
impossibility naive. And to me the risk looks to be very small indeed.
All they need is a DD who is an employee of a loosely affiliated
organisation who can be trusted keep his mouth shut. You can be sure
they already will have some a plausible reason ready if their activity
is discovered. Maybe something along the lines of "oh yes, we gave him
a new laptop, but it appears the company we use to dispose of the old
ones didn't reformat the disks, despite it being in the contact".
In my mind there are only two possibilities. One is the Debian keyring
isn't worth a spy agencies effort to infiltrate. The other is they have
already done it. (I don't have a clue which it is - second guessing the
decisions of a spy agency seems like mission impossible.) Either way,
neither our current key signing procedures nor any of the replacements
discussed here will have any effect outcome, as they are ridiculously
weak against the resources of a nation state.
Fortunately they aren't our only defence, they are just the moat that
stops the unwashed rabble. Our main defence against this sort of attack
is our transparency. Everything we do, we do in public. And everything
we have done is checked by that wonderful band of the truly paranoid we
occasionally have to tolerate on our mailing lists. Anything nefarious
is going to be spotted, it's just a question of when. This places a
limit on the lifetime of any compromise. Unlike Australia's bugged
building, it won't go unnoticed for a decade. The limits the value of
any compromise because it has to remain unnoticed until it gets into
stable and is then be deployed by the target.
Back to my original point, the job we ask of GPG is to ensure the keys
we admit to the keyring are owned by entity who has proved he is
competent at maintaining packages and is compatible with Debian's social
fabric. I can't imagine a better way of doing that then proof of work.
But yes, everybody is absolutely right in saying it won't stop spy
agencies.
[0] http://en.wikipedia.org/wiki/Room_641A
[1] It's unlikely many outside of Australia will know what I referring
to so here is a short history lesson. Australia paid for and built
the said building, promoting it at the time as generous foreign aid
to a neighbour in need. What East Timor really needed, in fact
desperately needed, was a source of foreign income. That was a
problem as East Timor is a new, tiny and very poor country, but
nonetheless things looked hopeful because huge gas fields had been
discovered in the East Timor sea. Minor problem: they were in a
dispute with Australia over a border running through the middle of
the gas fields. The East Timorese hired OECD professionals and
and held lengthy planning meetings for the ensuring negotiations
over the border (mostly held in the building Australia had
provided), but it appears despite their efforts the amazingly
skilled Australian diplomats out foxed them at every turn as at the
end of the process most of the gas fields were on the Australian
side. When the Australia’s shenanigans inevitably leaked East
Timor took it all the way to the World Court. It's hard to
overstate the embarrassment suffered by ASIO and their political
masters had to endure at the time. Still, they must have known the
odds were high it would leak, and in the end Australia still has
the gas fields.
http://en.wikipedia.org/wiki/Australia%E2%80%93East_Timor_spying_scandal
[2] http://en.wikipedia.org/wiki/Assassination_of_Mahmoud_Al-Mabhouh
Attachment:
signature.asc
Description: This is a digitally signed message part