Has nothing to do with you and everything to do with the fact that you can be compelled to act and cant tell anyone about it. Its not 'you' we lack trust in, but the fact remains you can be turned at any second and there is nothing anyone can do to stop it.
That's a separate issue from caring about user privacy.
And, actually, there is something that can be done to stop it: we need to fix our damned government. There are and always will be situations in which it makes sense to allow government to compel private organizations to hand over data in response to warrants, subpoenas, etc., but those should all occur under appropriate supervision to combat abuses. We need to shut down this business of warrantless surveillance, unappealable secret warrants issued in ex parte proceedings, government agencies deliberately subverting security infrastructure, etc.
FWIW, Google and other Internet companies have been applying their lobbying resources towards these ends, but as long as voters continue to care more about "fighting terrorism" than preserving their own civil liberties, what they can accomplish is limited.
RIght now all the internet companies are pissed off at the NSA because they have hurt online trust. They dont give a shit about privacy
You won't believe me, but I can tell you that's not true of Google (where I work). I doubt it's true of the others, either. Internet companies are composed of people, and most of those people do care about user privacy. Google in particular takes it very seriously, and not only because it's important for the business.
Yahoo is a defunct site anymore, the EFF gave it "Trust Ratings" and Yahoo topped the list. But because they've dropped down in the internet world, the NSA and others can get what they want from Gaagle (Google), Asshole (Apple), Microshit (its got Micro in it) , ect....... Yahoo, at this point is of little interest to the NSA, except they do still have users that haven't registered to Google, MS's, network,s bla bla, you get the point..
If Yahoo had/has the popularity of the other companies, they would be right there in NOT PROTECTING YOUR PRIVACY, as the rest caught in bed with the NSA...
I probably shouldn't respond but... I don't get your point. You seem to be saying that Yahoo! is respecting user privacy by publishing this information, while other companies are not. But in publishing this report Yahoo is just doing what those other companies have already done. Google, in particular, was the one that started this transparency report trend, and was the company that spent a great deal of time and effort lobbying for permission to public NSL information, and in greater detail than Yahoo! has provided.
All I can conclude is that you don't really understand what you're talking about and just wanted to take jabs at Yahoo! for your perception of its irrelevancy.
On the issue of NSLs, I do have to wonder why it is that Yahoo! was denied permission to publish the data that other companies have been publishing. Google has already negotiated that permission, and others have been able to make use of it as well, so why not Yahoo!? I have no idea why that would be. Is, perhaps, the volume of NSLs sent to Yahoo! extraordinarily high or low relative to the size of their userbase? Maybe they've been sent unusually broad NSLs, so the average number of accounts per request is much higher than what we see in the numbers of other companies? I don't know... and the fact that the government wants to withhold permission makes me really want to know.
If the NSA has modified devices to reduce the entropy of random keys, then eventually two keys will have the same factors. This is easy to determine: The GCD algorithm will very quickly tell you what factors two keys have in common....and this is exactly what is seen in practice! Some 0.3% of keys tested had common factors: statistically, a *huge* percentage.
That would be a very compelling argument, except that nearly all of the keys with common factors were from embedded devices, and the root cause was that they didn't have a hardware RNG or any other good entropy source.
It would be interesting to see the common factor percentage with embedded devices excluded.
Unless the NIST tools are compromised as well, then yes, it's completely possible to verify how good hardware RNGs are.
Nonsense. There is no way to validate that an RNG produces unpredictable numbers. At most you can verify that the method you're using can't detect predictability.
They are doing some rather asshole things at the moment (at the behest of the Federal Government - "We were just following orders"), but they tend not to screw with cryptography which is allowed to be on the GSA schedule when embodied in communications equipment for sale to the U.S.Military.
Perhaps. I wonder, though, if the NSA hasn't suffered a little "mission shift". Theoretically, their mission is twofold: To spy on the signals of the rest of the world, and to ensure the security of US signals. In the past, that latter part also included securing not just government communications, but civilian communications which were relevant to national security. I once worked on a purely private-sector project which had NSA oversight because it was considered critical to the well-being of the US financial infrastructure, for example.
But.. the recent revelations make me think that the second half of the mission has been de-prioritized. Not disregarded, but it sounds like the NSA is no longer much concerned with private sector security, no matter how crucial, and it might even be that they're willing to make minor compromises where government signals security is involved, as long as they can convince themselves that it's still secure enough against others.
Given the nature of large organizations, it wouldn't surprise me at all if the pieces of the mission were allocated to separate sub-organizations, and if, further, the sub-organization focused on spying has grown far larger and more powerful than the one focused on signals security. The organization focused on signals security would find itself in the place that successful security teams always do, with very little to show for their efforts. If your security is good enough that opponents are unable to dent it, it's hard to muster high-level support for throwing more resources at security. Meanwhile, I can see how a series of expensive but spectacular successes by the spying side of the house could lead to rapid growth in resources, staffing and internal political power, to the point that the organization as a whole became dominated by its spying mission.
This is all speculation, of course, but it fits Snowden's claims.
A law to stop the NSA? Yeah, that oughta do the trick. *rolls eyes*
Your cynicism has run away with your sense.
The NSA has clearly been breaking the law, but they've been doing it through a series of rationalizations, and they've just been edging over the line, not just ignoring the law completely. Specifically, they have redefined the word "collection" to mean "reading", which allows them to hoover up all the information they can get access to and then only later have to decide what they can legally look at and what they can't. And, of course, once they have the data, mistakes are inevitably made or in some cases they may even decide flat out that there is sufficient justification to ignore the law "in this case". And of course there has been no law at all against installing back doors, just a tension with the other mission of the NSA, which is to ensure the security of US signals. Again, some rationalization can allow them to get past that.
That's the kind of thing that it's very easy for good people who feel like they're working for the higher good to do. They can easily tell themselves that they're following the law except in isolated cases where it really, really matters because they have really, really good reasons.
A law like this would be different, because backdooring systems must be done well in advance of any specific case where the backdoor would be used, making it extraordinarily difficult to rationalize it... and also making violations abundantly clear. To really make certain, the law should apply severe criminal penalties to anyone who knew about and didn't report the violation.
I would like to see the law also require them to quietly go about closing all of the backdoors/weaknesses they've already put in place.
Another change to the law that I think would be very useful is to explicitly clarify the definition of "collect". Granted that it's impossible in many cases not to collect a little extra data alongside the stuff that you're really trying to grab, but that could be addressed by specifying data retention limits in the law. Perhaps they should only have 24 hours to evaluate the origin/destination of captured data, and then be required by law to discard anything that they can't substantiate as being lawful for them to collect. Another suggestion I've heard would allow the NSA to capture everything they want, but would require them to immediately escrow all of it with a court or other agency, from whom they could request the pieces they can show they should have access to. That court or agency would, of course, have as its primary job to ensure the NSA doesn't cross the lines.
The 1976 consultation between the NSA and IBM over DES resulted in a stronger DES.
Yes and no.
They did fix the S boxes to make the algorithm resistant to differential cryptanalysis, but the original Lucifer cipher had 128-bit keys and a 128-bit block size. The NSA reduced the key size to 56 bits and the block size to 64 bits.
You missed the point: the NSA likely has the capacity to break systems which SHOULD provide forward secrecy, as long as the key size is sufficiently small, for example 1024-bit Diffie-Hellman.
No, you missed the point. It is, perhaps, a subtle point, because the meaning of "forward secrecy" isn't obvious. Let me explain.
Having the ability (assuming they do) to crack 1024-bit keys does not give them the ability to read very much of the world's traffic because even if they can crack each key in a few hours, there are way too many keys. girlintraining said that they address this by capturing and storing all of the encrypted traffic so that at some later point in time when they realize they need to read some particular piece of it, then they can crack the relevant key (in a few hours) and decrypt it.
But if servers use algorithms that provide forward secrecy, they can't do that. If you have recorded traffic and later crack the ECDHE private key used by the server to derive the session key with which the actual data is encrypted, you still can't derive the session key or decrypt the data. That's what forward secrecy means.
To crack recorded data, you'd actually need to crack two 1024-bit keys... the server's key and the client's key. While the server's key is fixed (until rotation), the client generates a new random key for every session. This means that if the NSA has recovered the server's key, they still have to do that several-hours-of-computation for every single SSL session they want to read. And even that doesn't state the full difficulty of their problem, because unless they can somehow break into the server to recover its private key, the problem they're facing is cracking two 1024-bit keys at the same time from the same data stream. That problem is equivalent to cracking a 2048-bit key, which requires on the order of 10^10 more effort.
Of course, what they actually have recorded is many sessions which all use the same server key but different client keys. There may be some way to exploit the fact that the same server key is used in all of them to optimize the process a little. If so, no one in the public cryptanalytic world has found it, and it's not obvious mathematically that it would exist. But it's vanishingly unlikely that this supposed improved method wouldn't still be orders of magnitude harder than cracking a single 1024-bit key.
The other benefit of ECDHE over RSA is if we vary the threat model a little bit. Suppose, for example, that the NSA has bribed some employee at a big Internet site (say, Google) and obtained a copy of the server private key. If it's an RSA key, the NSA can then decrypt and read all traffic to Google which was protected with that key. If it's a DH key, they have to crack the client key for each individual SSL session before they can read that session, unless, of course, they've compromised the client thoroughly enough that it hands over each key it uses -- but if they've done that they can simply have it hand over the data, bypassing all of the crypto crud entirely.
And if servers switch to using 2048-bit ECDHE, as Google has recently done, then the whole thing becomes completely intractable, even with the server private key, unless the NSA is mounting MITM attacks, which are fairly easy to detect.
I may be mistaken, but offhand I believe with DH each additional 2 bits will double the resources needed to break it.
You're mistaken. Determining key strength for asymmetric keys is not easy to do, but assumptions based on the complexity of the number field sieve (the best known algorithm for cracking DH as well as RSA) provide a decent way of estimating. From the estimates in RFC3766, I get that to add one bit of security (double the resources) of a 1024-bit key you'd need to add 25 bits to the key length. To add a bit of security to a 2048-bit key you'd need to add 36 bits to the key length. For a 4096-bit key you'd need 52 more bits.
The NSA simply logs the data and holds on to it until and unless something happens that makes analyzing that data a priority.
This is why it's important that web servers enable ECDHE key agreement, which provides forward secrecy. Basically, the only way to penetrate it is to mount a man-in-the-middle attack in real time. Recovering the server's private key later does not provide the ability to decrypt stored traffic.
While correct, if you're running in a, say, hosted VPS environment, you're screwed anyways... all they have to do is get access from the host and they have your key. It's only as secure as your own physical control over it.
Definitely. And if you're running in your own data center and a significant number of employees have access to the private key, and the NSA cares about you, you're screwed. It only takes one bad apple.
Certainly cases where you can do manual key distribution/verification are not subject to MITM attacks. This is obvious, and independent of whether the certificate is self-signed or signed by a CA. It's also not scalable.
They toughened up quite a bit before Heller, but, yes, Heller has given them a lot more confidence that the highest law of the land is in their favor. They were terrified of a stand-up fight before that... actually they were terrified of the Heller case and did everything they could to derail it, though they were glad to proclaim victory when the ruling came down.
I think (based on limited research I just did) that it's reasonable to say most gun owners are NRA members.
There are approximately 4 million NRA members and approximately 80 million gun owners.
I'm a gun owner and strongly anti-NRA. I support strong background checks, gun restrictions (caliber, rate of fire, and magazine capacity), and closing the private sales loophole (iow, requiring background checks in all situations).
Why? Do you have any evidence that any of those things reduce crime? Not feelings or theories, evidence.
I do not advocate hunting except in certain circumstances (and I don't eat meat anymore which is part of that) or teaching children to shoot.
Not teaching children to shoot is a very bad idea, especially if you have a gun in the house. Keeping the guns away from the kids makes them mysterious and attractive, and also means that when the kids finally manage to get hold of one they don't know how to handle it safely. I've never, ever seen a news story about a kid who'd been shooting regularly accidentally shooting himself or a friend. It's always the kids who haven't handled guns.
Kids are very capable of understanding what guns are and how to use them, and of properly respecting them. Give them a little safety education and take them shooting. It'll make them safer... and they'll have fun and it's a great bonding opportunity.
...trying to arm schoolteachers. Both would be funny...
Why is that? What is it that you expect to happen if schoolteachers are armed? And why has it not happened in the decade that Utah schoolteachers have been armed?
Awesome! If I hadn't already posted in this thread, I'd mod you up!
Has nothing to do with you and everything to do with the fact that you can be compelled to act and cant tell anyone about it. Its not 'you' we lack trust in, but the fact remains you can be turned at any second and there is nothing anyone can do to stop it.
That's a separate issue from caring about user privacy.
And, actually, there is something that can be done to stop it: we need to fix our damned government. There are and always will be situations in which it makes sense to allow government to compel private organizations to hand over data in response to warrants, subpoenas, etc., but those should all occur under appropriate supervision to combat abuses. We need to shut down this business of warrantless surveillance, unappealable secret warrants issued in ex parte proceedings, government agencies deliberately subverting security infrastructure, etc.
FWIW, Google and other Internet companies have been applying their lobbying resources towards these ends, but as long as voters continue to care more about "fighting terrorism" than preserving their own civil liberties, what they can accomplish is limited.
Starting with the slaves who their founding fathers conveniently forgot
They didn't forget them. They're explicitly mentioned in the Constitution. Not in what you'd call a good way, but you can't say they were forgotten.
Indeed, the author of the article specifically mentions that his proposal was inspired by RFC 3514, which defines the evil bit.
RIght now all the internet companies are pissed off at the NSA because they have hurt online trust. They dont give a shit about privacy
You won't believe me, but I can tell you that's not true of Google (where I work). I doubt it's true of the others, either. Internet companies are composed of people, and most of those people do care about user privacy. Google in particular takes it very seriously, and not only because it's important for the business.
More to the point, I do like the quote tho..
Yahoo is a defunct site anymore, the EFF gave it "Trust Ratings" and Yahoo topped the list. But because they've dropped down in the internet world, the NSA and others can get what they want from Gaagle (Google), Asshole (Apple), Microshit (its got Micro in it) , ect....... Yahoo, at this point is of little interest to the NSA, except they do still have users that haven't registered to Google, MS's, network,s bla bla, you get the point..
If Yahoo had/has the popularity of the other companies, they would be right there in NOT PROTECTING YOUR PRIVACY, as the rest caught in bed with the NSA...
I probably shouldn't respond but... I don't get your point. You seem to be saying that Yahoo! is respecting user privacy by publishing this information, while other companies are not. But in publishing this report Yahoo is just doing what those other companies have already done. Google, in particular, was the one that started this transparency report trend, and was the company that spent a great deal of time and effort lobbying for permission to public NSL information, and in greater detail than Yahoo! has provided.
All I can conclude is that you don't really understand what you're talking about and just wanted to take jabs at Yahoo! for your perception of its irrelevancy.
On the issue of NSLs, I do have to wonder why it is that Yahoo! was denied permission to publish the data that other companies have been publishing. Google has already negotiated that permission, and others have been able to make use of it as well, so why not Yahoo!? I have no idea why that would be. Is, perhaps, the volume of NSLs sent to Yahoo! extraordinarily high or low relative to the size of their userbase? Maybe they've been sent unusually broad NSLs, so the average number of accounts per request is much higher than what we see in the numbers of other companies? I don't know... and the fact that the government wants to withhold permission makes me really want to know.
That's called an Alford plea, and again it usually doesn't get you as good a plea bargain as a guilty plea, with allocution.
If the NSA has modified devices to reduce the entropy of random keys, then eventually two keys will have the same factors. This is easy to determine: The GCD algorithm will very quickly tell you what factors two keys have in common. ...and this is exactly what is seen in practice! Some 0.3% of keys tested had common factors: statistically, a *huge* percentage.
That would be a very compelling argument, except that nearly all of the keys with common factors were from embedded devices, and the root cause was that they didn't have a hardware RNG or any other good entropy source.
It would be interesting to see the common factor percentage with embedded devices excluded.
Unless the NIST tools are compromised as well, then yes, it's completely possible to verify how good hardware RNGs are.
Nonsense. There is no way to validate that an RNG produces unpredictable numbers. At most you can verify that the method you're using can't detect predictability.
That's what Nolo Contendere is for, but when an ADA offers you a plea deal, they're going to demand a guilty plea.
You mean like FISA? There's the problem: It is a one-sided argument. Just like when the NSA and DHS self-review their right to act.
No, not like FISA. There needs to be opposing counsel.
They are doing some rather asshole things at the moment (at the behest of the Federal Government - "We were just following orders"), but they tend not to screw with cryptography which is allowed to be on the GSA schedule when embodied in communications equipment for sale to the U.S.Military.
Perhaps. I wonder, though, if the NSA hasn't suffered a little "mission shift". Theoretically, their mission is twofold: To spy on the signals of the rest of the world, and to ensure the security of US signals. In the past, that latter part also included securing not just government communications, but civilian communications which were relevant to national security. I once worked on a purely private-sector project which had NSA oversight because it was considered critical to the well-being of the US financial infrastructure, for example.
But.. the recent revelations make me think that the second half of the mission has been de-prioritized. Not disregarded, but it sounds like the NSA is no longer much concerned with private sector security, no matter how crucial, and it might even be that they're willing to make minor compromises where government signals security is involved, as long as they can convince themselves that it's still secure enough against others.
Given the nature of large organizations, it wouldn't surprise me at all if the pieces of the mission were allocated to separate sub-organizations, and if, further, the sub-organization focused on spying has grown far larger and more powerful than the one focused on signals security. The organization focused on signals security would find itself in the place that successful security teams always do, with very little to show for their efforts. If your security is good enough that opponents are unable to dent it, it's hard to muster high-level support for throwing more resources at security. Meanwhile, I can see how a series of expensive but spectacular successes by the spying side of the house could lead to rapid growth in resources, staffing and internal political power, to the point that the organization as a whole became dominated by its spying mission.
This is all speculation, of course, but it fits Snowden's claims.
A law to stop the NSA? Yeah, that oughta do the trick. *rolls eyes*
Your cynicism has run away with your sense.
The NSA has clearly been breaking the law, but they've been doing it through a series of rationalizations, and they've just been edging over the line, not just ignoring the law completely. Specifically, they have redefined the word "collection" to mean "reading", which allows them to hoover up all the information they can get access to and then only later have to decide what they can legally look at and what they can't. And, of course, once they have the data, mistakes are inevitably made or in some cases they may even decide flat out that there is sufficient justification to ignore the law "in this case". And of course there has been no law at all against installing back doors, just a tension with the other mission of the NSA, which is to ensure the security of US signals. Again, some rationalization can allow them to get past that.
That's the kind of thing that it's very easy for good people who feel like they're working for the higher good to do. They can easily tell themselves that they're following the law except in isolated cases where it really, really matters because they have really, really good reasons.
A law like this would be different, because backdooring systems must be done well in advance of any specific case where the backdoor would be used, making it extraordinarily difficult to rationalize it... and also making violations abundantly clear. To really make certain, the law should apply severe criminal penalties to anyone who knew about and didn't report the violation.
I would like to see the law also require them to quietly go about closing all of the backdoors/weaknesses they've already put in place.
Another change to the law that I think would be very useful is to explicitly clarify the definition of "collect". Granted that it's impossible in many cases not to collect a little extra data alongside the stuff that you're really trying to grab, but that could be addressed by specifying data retention limits in the law. Perhaps they should only have 24 hours to evaluate the origin/destination of captured data, and then be required by law to discard anything that they can't substantiate as being lawful for them to collect. Another suggestion I've heard would allow the NSA to capture everything they want, but would require them to immediately escrow all of it with a court or other agency, from whom they could request the pieces they can show they should have access to. That court or agency would, of course, have as its primary job to ensure the NSA doesn't cross the lines.
The 1976 consultation between the NSA and IBM over DES resulted in a stronger DES.
Yes and no.
They did fix the S boxes to make the algorithm resistant to differential cryptanalysis, but the original Lucifer cipher had 128-bit keys and a 128-bit block size. The NSA reduced the key size to 56 bits and the block size to 64 bits.
You missed the point: the NSA likely has the capacity to break systems which SHOULD provide forward secrecy, as long as the key size is sufficiently small, for example 1024-bit Diffie-Hellman.
No, you missed the point. It is, perhaps, a subtle point, because the meaning of "forward secrecy" isn't obvious. Let me explain.
Having the ability (assuming they do) to crack 1024-bit keys does not give them the ability to read very much of the world's traffic because even if they can crack each key in a few hours, there are way too many keys. girlintraining said that they address this by capturing and storing all of the encrypted traffic so that at some later point in time when they realize they need to read some particular piece of it, then they can crack the relevant key (in a few hours) and decrypt it.
But if servers use algorithms that provide forward secrecy, they can't do that. If you have recorded traffic and later crack the ECDHE private key used by the server to derive the session key with which the actual data is encrypted, you still can't derive the session key or decrypt the data. That's what forward secrecy means.
To crack recorded data, you'd actually need to crack two 1024-bit keys... the server's key and the client's key. While the server's key is fixed (until rotation), the client generates a new random key for every session. This means that if the NSA has recovered the server's key, they still have to do that several-hours-of-computation for every single SSL session they want to read. And even that doesn't state the full difficulty of their problem, because unless they can somehow break into the server to recover its private key, the problem they're facing is cracking two 1024-bit keys at the same time from the same data stream. That problem is equivalent to cracking a 2048-bit key, which requires on the order of 10^10 more effort.
Of course, what they actually have recorded is many sessions which all use the same server key but different client keys. There may be some way to exploit the fact that the same server key is used in all of them to optimize the process a little. If so, no one in the public cryptanalytic world has found it, and it's not obvious mathematically that it would exist. But it's vanishingly unlikely that this supposed improved method wouldn't still be orders of magnitude harder than cracking a single 1024-bit key.
The other benefit of ECDHE over RSA is if we vary the threat model a little bit. Suppose, for example, that the NSA has bribed some employee at a big Internet site (say, Google) and obtained a copy of the server private key. If it's an RSA key, the NSA can then decrypt and read all traffic to Google which was protected with that key. If it's a DH key, they have to crack the client key for each individual SSL session before they can read that session, unless, of course, they've compromised the client thoroughly enough that it hands over each key it uses -- but if they've done that they can simply have it hand over the data, bypassing all of the crypto crud entirely.
And if servers switch to using 2048-bit ECDHE, as Google has recently done, then the whole thing becomes completely intractable, even with the server private key, unless the NSA is mounting MITM attacks, which are fairly easy to detect.
I may be mistaken, but offhand I believe with DH each additional 2 bits will double the resources needed to break it.
You're mistaken. Determining key strength for asymmetric keys is not easy to do, but assumptions based on the complexity of the number field sieve (the best known algorithm for cracking DH as well as RSA) provide a decent way of estimating. From the estimates in RFC3766, I get that to add one bit of security (double the resources) of a 1024-bit key you'd need to add 25 bits to the key length. To add a bit of security to a 2048-bit key you'd need to add 36 bits to the key length. For a 4096-bit key you'd need 52 more bits.
The NSA simply logs the data and holds on to it until and unless something happens that makes analyzing that data a priority.
This is why it's important that web servers enable ECDHE key agreement, which provides forward secrecy. Basically, the only way to penetrate it is to mount a man-in-the-middle attack in real time. Recovering the server's private key later does not provide the ability to decrypt stored traffic.
It's sufficiently inconvenient that it's unscalable.
My bank, for example, should have its fingerprint on prominent display in every branch. Possibly on every card or check it issues.
That would make key rotations entertaining.
Obviously.
While correct, if you're running in a, say, hosted VPS environment, you're screwed anyways... all they have to do is get access from the host and they have your key. It's only as secure as your own physical control over it.
Definitely. And if you're running in your own data center and a significant number of employees have access to the private key, and the NSA cares about you, you're screwed. It only takes one bad apple.
Certainly cases where you can do manual key distribution/verification are not subject to MITM attacks. This is obvious, and independent of whether the certificate is self-signed or signed by a CA. It's also not scalable.
The context of the discussion was a Joe who buys a certificate.
They toughened up quite a bit before Heller, but, yes, Heller has given them a lot more confidence that the highest law of the land is in their favor. They were terrified of a stand-up fight before that... actually they were terrified of the Heller case and did everything they could to derail it, though they were glad to proclaim victory when the ruling came down.
http://www.washingtontimes.com/blog/watercooler/2010/jul/22/aclu-rethinking-second-amendment/
That article mentions a couple. You can find some more if you spend some time on Google.
I think (based on limited research I just did) that it's reasonable to say most gun owners are NRA members.
There are approximately 4 million NRA members and approximately 80 million gun owners.
I'm a gun owner and strongly anti-NRA. I support strong background checks, gun restrictions (caliber, rate of fire, and magazine capacity), and closing the private sales loophole (iow, requiring background checks in all situations).
Why? Do you have any evidence that any of those things reduce crime? Not feelings or theories, evidence.
I do not advocate hunting except in certain circumstances (and I don't eat meat anymore which is part of that) or teaching children to shoot.
Not teaching children to shoot is a very bad idea, especially if you have a gun in the house. Keeping the guns away from the kids makes them mysterious and attractive, and also means that when the kids finally manage to get hold of one they don't know how to handle it safely. I've never, ever seen a news story about a kid who'd been shooting regularly accidentally shooting himself or a friend. It's always the kids who haven't handled guns.
Kids are very capable of understanding what guns are and how to use them, and of properly respecting them. Give them a little safety education and take them shooting. It'll make them safer... and they'll have fun and it's a great bonding opportunity.
...trying to arm schoolteachers. Both would be funny...
Why is that? What is it that you expect to happen if schoolteachers are armed? And why has it not happened in the decade that Utah schoolteachers have been armed?
Several local chapters of the ACLU have, however, taken on 2A cases, post-Heller.