[SSL Observatory] Perspectives on Convergence of EFF, EPIC, SSL, TOR, NSA, ET CETERA
Ralph Holz
holz at net.in.tum.de
Fri Nov 4 01:29:16 PDT 2011
Good day,
> Well now they are having problems being believed and I am afraid that I
> can't actually vouch for their honesty any more.
There seem to be at least three different issues in this discussion now,
all only loosely related and I wonder what some persons' motivation has
been to jump from one to the other.
1) An unknown OP accuses EFF, Tor and convergence of spying on people.
This is supposed to be supported by a set of links to various topics. I
have actually taken the trouble to follow some of the links the OP has
given, and my take on it is that the OP interprets them very differently
than I - and most people - would. I cannot find evidence of any spying
going on. As I have already written, the privacy issues of the
Distributed Observatory, Convergence, Perspectives and Tor are all
known, to researchers at least. You might argue that the average user
wouldn't understand the topic, and you would be correct. However, this
has not been pointed out nor discussed yet.
2) The integrity of the EFF/iSEC/Moxie/Tor has been called in question
by you, Phillip, based on one issue in their talks at Defcon and 27C3
has been. I remember that I have already written to you on this subject,
albeit probably on a different mailing list (randombit?). I agree that a
CA as an organisation is not the same as CA:True in an intermediate
certificate because it all depends on where organisational control is
exercised. Fair enough, and in the interest of scientific objectivity,
EFF/iSEC should have acknowledged the way they count CAs in their talks.
However, as for the other results of their talks I can myself confirm
many of them as we have run a similar (considerably larger) analysis
over the past 2 years and have published our results at IMC 2011. The
numbers are in line. So it all boils down to what you call an agenda. I
think it's fair to say that the EFF has an agenda, they actually state
it on their homepage. At the same time, I remember you, Phillip, telling
off people for using the word ComodoGate as if avoiding it made any
difference. Given your own employer, others could thus make the counter
claim that you have an agenda, too.
Personally, I don't think political claims and counter claims should
play a role here, and I am not going to discuss this. I'd much rather
discuss the numbers and their meaning than the possible underlying agendas.
3) Some issue about Iran, which seems not to be connected to the issues
at hand?
I do not want to mix up the three, so I'll stop here.
Ralph
--
Dipl.-Inform. Ralph Holz
I8: Network Architectures and Services
Technische Universität München
http://www.net.in.tum.de/de/mitarbeiter/holz/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.eff.org/pipermail/observatory/attachments/20111104/ea183cca/attachment.sig>
More information about the Observatory
mailing list