Considering that it's designed to not trust the servers in the first place (just your gateway, which often will be part of your own client or otherwise run locally), it's not all too hard. If you've verified the client, then you can be sure your data is secure.
2013/8/29 Nikos Fotiou <niko...@gmail.com>: > A naive comment. > > In his first email Zooko states: > > "S4 offers “*verifiable* end-to-end security” because all of the source > code that makes up the Simple Secure Storage Service is published for > everyone to see" > > A suspicious user may wonder, how can he be sure that the service > indeed uses the provided source code. IMHO, end-to-end security can be > really verifiable--from the user perspective--if it can be attested by > examining only the source code of the applications running on the user > side. > > Best, > Nikos > > On Sat, Aug 17, 2013 at 11:52 AM, ianG <i...@iang.org> wrote: >> On 16/08/13 22:11 PM, zooko wrote: >>> >>> On Tue, Aug 13, 2013 at 03:16:33PM -0500, Nico Williams wrote: >>>> >>>> >>>> Nothing really gets anyone past the enormous supply of zero-day vulns in >>>> their complete stacks. In the end I assume there's no technological PRISM >>>> workarounds. >>> >>> >>> I agree that compromise of the client is relevant. My current belief is >>> that >>> nobody is doing this on a mass scale, pwning entire populations at once, >>> and >>> that if they do, we will find out about it. >>> >>> My goal with the S4 product is not primarily to help people who are being >>> targeted by their enemies, but to increase the cost of indiscriminately >>> surveilling entire populations. >>> >>> Now maybe it was a mistake to label it as "PRISM-Proof" in our press >>> release >>> and media interviews! I said that because to me "PRISM" means mass >>> surveillance >>> of innocents. Perhaps to other people it doesn't mean that. Oops! >> >> >> >> My understanding of PRISM is that it is a voluntary & secret arrangement >> between the supplier and the collector (NSA) to provide direct access to all >> information. >> >> By 'voluntary' I mean that the supplier hands over the access, it isn't >> taken in an espionage or hacker sense, or leaked by an insider. I include >> in this various techniques of court-inspired voluntarianism as suggested by >> recent FISA theories [0]. >> >> I suspect it is fair to say that something is PRISM-proof if: >> >> a) the system lacks the capability to provide access >> b) the operator lacks the capacity to enter into the voluntary >> arrangement, or >> c) the operator lacks the capacity to keep the arrangement (b) secret >> >> The principle here seems to be that if the information is encrypted on the >> server side without the keys being held or accessible by the supplier, then >> (a) is met [1]. >> >> Encryption-sans-keys is an approach that is championed by Tahoe-LAFS and >> Silent Circle. Therefore I think it is reasonable in a marketing sense to >> claim it is PRISM-proof, as long as that claim is explained in more detail >> for those who wish to research. >> >> In this context, one must market ones product, and one must use simple >> labels to achieve this. Otherwise the product doesn't get out there, and >> nobody is benefited. >> >> >> >> iang >> >> >> [0] E.g., the lavabit supplier can be considered to have not volunteered the >> info, and google can be considered to have not volunteered to the Chinese >> government. >> [1] In contrast, if an operator is offshore it would meet (b) and if an >> operator was some sort of open source distributed org where everyone saw >> where the traffic headed, it would lack (c). >> >> >> >> >> >>> Regards, >>> >>> Zooko >>> >>> _______________________________________________ >>> cryptography mailing list >>> cryptography@randombit.net >>> http://lists.randombit.net/mailman/listinfo/cryptography >>> >> >> _______________________________________________ >> cryptography mailing list >> cryptography@randombit.net >> http://lists.randombit.net/mailman/listinfo/cryptography > _______________________________________________ > cryptography mailing list > cryptography@randombit.net > http://lists.randombit.net/mailman/listinfo/cryptography _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
