On Wed, Sep 11, 2013 at 10:00 AM, John Long <codeb...@inbox.lv> wrote:
> > You think they need to target protocols? There are much easier ways of > doing > things. Strong crypto works if you do all the management stuff. Most people > have no idea what's involved with that. Like Espie says there's plenty low > hanging fruit. If you're somebody they want to know about the methods they > use don't have anything to do with technology. > > There's more than one threat model, though. Here are two: 1. "They" are targeting a specific individual or a small group. In that case, protecting your electronic communications is going to be difficult. They'll get around the crypto if they need to. 2. "They" are dipping their net into a fiber optic stream and fishing (automated search) for interesting traffic. Targeting protocols would be attractive to them for threat model 2, even if they can handle threat model 1. And even in the case of threat model 1, a vulnerable protocol makes their job cheaper, in terms of both money and risk. -David
