Interview with Phil Zimmerman

← Back to Stories (view on slashdot.org)

Interview with Phil Zimmerman

Posted by Hemos on Wednesday September 6, 2000 @08:16AM from the a-man-the-MAN-hates dept.

A reader writes "PGP's creator is participating in an online interview this week. Phil is mainly interested in clearing the air about the recently discovered ADK bug, but the larger topics of encryption and worldwide organized snoop rings (Echelon) have already come up. The interview is open to questions from anyone; runs through Friday 9/8."

3 of 72 comments (clear)

Min score:

Reason:

Sort:

We need secure protocols, not content. by Tackhead · 2000-09-06 03:55 · Score: 5

The evidence we're seeing - Carnivore being the best example - indicates that The Powers That Be are more interested in traffic analysis than in terms of decrypting your content.
In other words, all the strong crypto in the DATA segment of the SMTP transaction isn't gonna save you if an FBI agent decides he wants to forge a "From: kiddypr0narchive@fbi.gov" in an email to you. For mail to truly be secure, it's clear that we now need to encrypt all headers in the SMTP and/or POP transactions.
Likewise, for safe browsing, SSL on the content of the pages isn't enough; all the metadata in the HTTP GET requests have to be encrypted too.
Traffic analysis makes sense; it's machine-readable data, machine-parsable, and very easy to inject into a database for profiling purposes. Scanning a database for all From: addresses associated with To: fields of osama_bin_laden@secretterroristcamp.iq, or IP addresses associated with Referrer-ID: fields matching the regexp *janetreno*goat*pr0n* is a lot easier than actually trying to examine a terabyte of .JPGs.
We've seen it in the public domain with the "auto-sue" programs used against Napster users.
We're seeing the gummint getting into the act with Carnivore. Whaddyawannabet that 5 years from now, when Jaz and ZIP drives are no longer available, the "physical evidence" ceases to be a piddly 120M disk (which can probably only hold the sniffed headers from a handful of users before it has to be swapped for another disc) and becomes a 200G hard drive (which can hold everyone's traffic for a few days)? Hell, the cost of the "removable hard drive Carnivore" isn't much more than the ZIP drive one today.
At what point will we redesign our basic communications protocols to be snoop-resistant?
DON'T POST QUESTIONS HERE by 64.28.67.48 · 2000-09-06 03:31 · Score: 5

Go to the actual site (http://forums.itworld.com/webx?14@@.ee6 caf5) to post a question. /. is not hosting the interview.

Thrashing...please wait...

-------------

--

-------------
The truth is out th- oh, wait, here it is...
Re:should everything on the internet be encrypted by prak · 2000-09-06 03:33 · Score: 5

Come on.. you know the answer to this one. If only "interesting" traffic is encrypted there is a lot less encrypted traffic flying across the lines to confuse big brother like organizations. You encrypt everything to make it more difficult to figure out which encrypted packets are the ones you should be interested in brute forcing.

If big brother like organizations waste a week trying to decrypt your mother's letter about a new recipe she just tried, that is a week they don't have to decrypt the message you reply with explaining why your family has to go into hiding. We need to inject more noise into the system.

-prak

--
-prak