0 00:00:00,000 --> 00:00:30,000 Dear viewer, these subtitles were generated by a machine via the service Trint and therefore are (very) buggy. If you are capable, please help us to create good quality subtitles: https://c3subtitles.de/talk/465 Thanks! 1 00:00:09,710 --> 00:00:12,139 So we'll have a very special 2 00:00:12,140 --> 00:00:14,149 session today called the extended 3 00:00:14,150 --> 00:00:16,429 lightning talk session under 4 00:00:16,430 --> 00:00:18,709 the name of No, I sprinkled thee with 5 00:00:18,710 --> 00:00:20,929 crypto dust, basically 6 00:00:20,930 --> 00:00:23,539 the Internet reengineering session where 7 00:00:23,540 --> 00:00:25,129 the talkers are going to present the 8 00:00:25,130 --> 00:00:27,199 latest developments and new approaches 9 00:00:27,200 --> 00:00:29,749 on applying cryptography to 10 00:00:29,750 --> 00:00:31,099 make the Internet safe again. 11 00:00:31,100 --> 00:00:33,319 And a happy place for everyone. 12 00:00:33,320 --> 00:00:35,029 So please let me introduce the first 13 00:00:35,030 --> 00:00:37,400 speaker, Mr. Ryan Lecky from CloudFlare. 14 00:00:44,320 --> 00:00:45,369 Hello, everyone. 15 00:00:45,370 --> 00:00:46,959 I'm going to talk about trusting servers 16 00:00:46,960 --> 00:00:47,960 you can't touch. 17 00:00:48,910 --> 00:00:50,319 So just a quick background. 18 00:00:50,320 --> 00:00:52,209 I've been interested in trusted computing 19 00:00:52,210 --> 00:00:54,279 technology for about two 20 00:00:54,280 --> 00:00:55,659 decades now. 21 00:00:55,660 --> 00:00:57,519 And then back when this first became 22 00:00:57,520 --> 00:00:59,919 commercial, the Palladium stuff 23 00:00:59,920 --> 00:01:02,109 from Intel and Microsoft, 24 00:01:02,110 --> 00:01:03,369 I thought it was a huge threat to 25 00:01:03,370 --> 00:01:04,568 individual freedom that you wouldn't be 26 00:01:04,569 --> 00:01:07,029 able to run software on desktop 27 00:01:07,030 --> 00:01:08,049 general-purpose computers. 28 00:01:08,050 --> 00:01:09,669 They would lock you out. 29 00:01:09,670 --> 00:01:11,529 And then I realized a few years ago that 30 00:01:11,530 --> 00:01:12,939 system and I was really against it. 31 00:01:12,940 --> 00:01:14,919 And then I realized system security is so 32 00:01:14,920 --> 00:01:16,809 weak that it's already impossible to run 33 00:01:16,810 --> 00:01:18,429 applications safely on general purpose. 34 00:01:18,430 --> 00:01:20,289 Computers and the people are already 35 00:01:20,290 --> 00:01:22,389 using completely locked down platforms 36 00:01:22,390 --> 00:01:23,739 like cell phones all the time. 37 00:01:23,740 --> 00:01:25,539 So the battle's already lost, so we might 38 00:01:25,540 --> 00:01:27,489 as well get the benefit of trusted 39 00:01:27,490 --> 00:01:28,389 computing. 40 00:01:28,390 --> 00:01:30,279 So I started a company about three years 41 00:01:30,280 --> 00:01:32,709 ago to try to build this for servers 42 00:01:32,710 --> 00:01:34,899 and I sold it to CloudFlare in twenty. 43 00:01:34,900 --> 00:01:35,949 And I've been working for CloudFlare 44 00:01:35,950 --> 00:01:37,749 since then, working on interesting stuff 45 00:01:37,750 --> 00:01:38,750 like this. 46 00:01:39,430 --> 00:01:41,229 So why should you care about that? 47 00:01:41,230 --> 00:01:42,789 About trusting anything that you can't 48 00:01:42,790 --> 00:01:44,379 touch? Like if you're if it's your server 49 00:01:44,380 --> 00:01:45,939 and you've got physical custody of it, 50 00:01:45,940 --> 00:01:48,009 it's pretty easy to at least know 51 00:01:48,010 --> 00:01:49,359 that that's the server you're talking to 52 00:01:49,360 --> 00:01:51,219 by connecting to it directly and things 53 00:01:51,220 --> 00:01:53,529 like that. There's a lot of good reasons 54 00:01:53,530 --> 00:01:55,059 you might not want to have your server in 55 00:01:55,060 --> 00:01:56,199 your house. 56 00:01:56,200 --> 00:01:57,489 Good reasons to use culo. 57 00:01:57,490 --> 00:01:59,649 You have lots of reasons 58 00:01:59,650 --> 00:02:00,729 you might want to run a legally 59 00:02:00,730 --> 00:02:01,839 challenging application. 60 00:02:01,840 --> 00:02:03,549 I ran a remailer for a long time around 61 00:02:03,550 --> 00:02:05,979 9/11 and that was a very challenging 62 00:02:05,980 --> 00:02:07,839 thing. I ran a remailer while I was 63 00:02:07,840 --> 00:02:09,999 working in Iraq and I got all sorts 64 00:02:10,000 --> 00:02:11,649 of exciting people contacting me that 65 00:02:11,650 --> 00:02:14,229 were actually like 30 feet away from me. 66 00:02:14,230 --> 00:02:16,899 So it was it was very interesting. 67 00:02:16,900 --> 00:02:18,069 You might want to have something where 68 00:02:18,070 --> 00:02:19,779 you've got multisite redundancy 69 00:02:19,780 --> 00:02:21,609 applications on multiple coasts of a 70 00:02:21,610 --> 00:02:23,979 country or around the world and 71 00:02:23,980 --> 00:02:25,629 you're only in one place at one time. 72 00:02:25,630 --> 00:02:26,979 And then there's, of course, CDMS. 73 00:02:26,980 --> 00:02:28,299 There's big companies that have lots of 74 00:02:28,300 --> 00:02:29,949 servers around the world. 75 00:02:29,950 --> 00:02:31,839 Any of the big consumer web apps have 76 00:02:31,840 --> 00:02:33,219 servers all around the world. 77 00:02:33,220 --> 00:02:34,479 And then, of course, there's a cloud 78 00:02:34,480 --> 00:02:35,469 where everyone wants to host their 79 00:02:35,470 --> 00:02:36,470 applications these days. 80 00:02:37,480 --> 00:02:38,679 This is a really hard problem. 81 00:02:38,680 --> 00:02:39,999 There isn't a single solution is going to 82 00:02:40,000 --> 00:02:41,679 solve it. And nobody has solved the 83 00:02:41,680 --> 00:02:42,999 really hard case of this problem. 84 00:02:43,000 --> 00:02:45,099 They've only solved some easy cases 85 00:02:45,100 --> 00:02:47,529 and some adjacent domain cases. 86 00:02:47,530 --> 00:02:48,819 But I believe there are some ways to 87 00:02:48,820 --> 00:02:51,129 solve it in a more thorough and 88 00:02:51,130 --> 00:02:52,130 general-purpose way. 89 00:02:53,170 --> 00:02:54,579 So there's two forms of this problem. 90 00:02:54,580 --> 00:02:56,679 There's the protecting application on 91 00:02:56,680 --> 00:02:58,419 a server that you have at one time and 92 00:02:58,420 --> 00:02:59,709 then you want to send out to someplace. 93 00:02:59,710 --> 00:03:01,149 So you have them all in a central depot. 94 00:03:01,150 --> 00:03:02,829 You configure them and you send them out. 95 00:03:02,830 --> 00:03:04,269 That's a very hard problem. 96 00:03:04,270 --> 00:03:06,189 And then you have the extremely hard 97 00:03:06,190 --> 00:03:07,409 version of this where you never had 98 00:03:07,410 --> 00:03:08,499 access to the server and you're just 99 00:03:08,500 --> 00:03:09,879 signing up to some cloud service that 100 00:03:09,880 --> 00:03:12,039 you've never actually had direct physical 101 00:03:12,040 --> 00:03:13,059 access to. 102 00:03:13,060 --> 00:03:14,800 And you have to then trust the servers. 103 00:03:16,180 --> 00:03:18,489 There's a variety of solutions to this, 104 00:03:18,490 --> 00:03:20,589 and they range on the spectrum 105 00:03:20,590 --> 00:03:22,779 ranging from reasonably good 106 00:03:22,780 --> 00:03:24,699 security and really expensive, down to 107 00:03:24,700 --> 00:03:27,039 reasonably good security sometimes, too. 108 00:03:27,040 --> 00:03:28,719 Not so great security, but very cheap. 109 00:03:30,430 --> 00:03:32,019 The government solution to this is to 110 00:03:32,020 --> 00:03:33,639 build some crazy infrastructure with 111 00:03:33,640 --> 00:03:35,139 multiple sites where you've got security 112 00:03:35,140 --> 00:03:36,729 guards at each site and policies and 113 00:03:36,730 --> 00:03:38,169 everything else. You've got multi parties 114 00:03:38,170 --> 00:03:40,329 at each site and 115 00:03:40,330 --> 00:03:41,649 we've seen how well with Snowden this 116 00:03:41,650 --> 00:03:43,959 really works. So like there's 117 00:03:43,960 --> 00:03:45,309 a lot of industries that use the same 118 00:03:45,310 --> 00:03:46,869 model that are very regulated, that are 119 00:03:46,870 --> 00:03:48,009 almost governmental. 120 00:03:48,010 --> 00:03:49,809 But this isn't really an interesting 121 00:03:49,810 --> 00:03:51,429 technique. It's not really scalable. 122 00:03:51,430 --> 00:03:52,749 It's not going to work for new applications. 123 00:03:52,750 --> 00:03:53,889 It's not really terribly exciting. 124 00:03:53,890 --> 00:03:55,629 So we'll sort of gloss over it. 125 00:03:55,630 --> 00:03:57,729 There's the computers and safe technique, 126 00:03:57,730 --> 00:03:59,169 which is the enterprise model where you 127 00:03:59,170 --> 00:04:00,879 have a secure cage in a data center 128 00:04:00,880 --> 00:04:03,189 somewhere and you can trust 129 00:04:03,190 --> 00:04:04,599 the security of the cabinet. 130 00:04:04,600 --> 00:04:06,639 Cabinets are just like chicken wire and 131 00:04:06,640 --> 00:04:08,949 anybody with a lock picking 132 00:04:08,950 --> 00:04:11,019 tools or anybody with the 133 00:04:11,020 --> 00:04:12,879 ability to bribe employees or the ability 134 00:04:12,880 --> 00:04:15,099 to legally compel access has access. 135 00:04:15,100 --> 00:04:16,539 But it's a pretty good model, works 136 00:04:16,540 --> 00:04:18,789 pretty well. It works for most commercial 137 00:04:18,790 --> 00:04:19,809 applications today. 138 00:04:19,810 --> 00:04:21,819 And you can do it anywhere from very lax 139 00:04:21,820 --> 00:04:22,820 all the way to a very secure. 140 00:04:24,130 --> 00:04:26,079 And it's generally what people use today. 141 00:04:26,080 --> 00:04:27,009 It's just very expensive. 142 00:04:27,010 --> 00:04:28,629 It's very hard for me as an individual to 143 00:04:28,630 --> 00:04:30,939 deploy servers in hundreds of sites 144 00:04:30,940 --> 00:04:33,039 around the world like PvP style 145 00:04:33,040 --> 00:04:34,839 servers. So what I could with the same 146 00:04:34,840 --> 00:04:36,459 level security that I get if I co-located 147 00:04:36,460 --> 00:04:38,709 servers myself and dedicated cages. 148 00:04:38,710 --> 00:04:40,539 So it's not so attractive from that 149 00:04:40,540 --> 00:04:42,849 perspective, then there's chip 150 00:04:42,850 --> 00:04:43,869 package level security. 151 00:04:43,870 --> 00:04:45,069 So you've got everything all the way from 152 00:04:45,070 --> 00:04:46,509 smartcards, all the way up to hardware 153 00:04:46,510 --> 00:04:48,429 security module. So from like a dollar up 154 00:04:48,430 --> 00:04:50,499 to thirty thousand dollars, they use 155 00:04:50,500 --> 00:04:51,759 the same kind of security model where 156 00:04:51,760 --> 00:04:53,409 you've got a secure processor element 157 00:04:53,410 --> 00:04:55,029 inside some sort of tamper assistance 158 00:04:55,030 --> 00:04:57,129 package. And the idea being that anybody 159 00:04:57,130 --> 00:04:59,319 tampers with the package, it erases keys 160 00:04:59,320 --> 00:04:59,779 inside. 161 00:04:59,780 --> 00:05:01,209 And there's some way that you can 162 00:05:01,210 --> 00:05:03,279 guarantee that the the attacks on 163 00:05:03,280 --> 00:05:05,559 the package necessarily are detected 164 00:05:05,560 --> 00:05:06,609 and everything else. 165 00:05:06,610 --> 00:05:08,229 As with anything, you can do a very good 166 00:05:08,230 --> 00:05:09,639 job with this. You can do a very bad job 167 00:05:09,640 --> 00:05:11,469 with this. It's one of the better 168 00:05:11,470 --> 00:05:12,849 techniques, but it's hard to develop four 169 00:05:12,850 --> 00:05:13,959 and there's a lot of problems and it's 170 00:05:13,960 --> 00:05:15,789 usually for very, very static 171 00:05:15,790 --> 00:05:16,959 applications where you've got a single 172 00:05:16,960 --> 00:05:18,969 function. So the the probably the most 173 00:05:18,970 --> 00:05:22,179 widespread deployment is GSM Sims 174 00:05:22,180 --> 00:05:24,039 and which is a smart card deployment 175 00:05:24,040 --> 00:05:25,539 where they do a very limited number of 176 00:05:25,540 --> 00:05:26,499 functions. 177 00:05:26,500 --> 00:05:27,699 So this is interesting, but it's not 178 00:05:27,700 --> 00:05:29,229 really so much interesting for general 179 00:05:29,230 --> 00:05:30,789 purpose applications. 180 00:05:30,790 --> 00:05:32,979 Then there was the whole DRM technology 181 00:05:32,980 --> 00:05:34,629 base that was created in the nineties and 182 00:05:34,630 --> 00:05:36,459 they just kept sort of developing the 183 00:05:36,460 --> 00:05:38,649 DRM. This case was to protect the 184 00:05:39,760 --> 00:05:41,829 data from the owner of a system. 185 00:05:41,830 --> 00:05:43,549 So they were. Rights holders of somebody 186 00:05:43,550 --> 00:05:45,259 who wanted to lease out a movie to end 187 00:05:45,260 --> 00:05:46,699 user would know that the user can't copy 188 00:05:46,700 --> 00:05:47,700 the data. 189 00:05:48,800 --> 00:05:50,269 That use case really wasn't very 190 00:05:50,270 --> 00:05:51,169 successful. 191 00:05:51,170 --> 00:05:53,389 It was, in fact, so unsuccessful in such 192 00:05:53,390 --> 00:05:56,539 a big PR fiasco that they killed it 193 00:05:56,540 --> 00:05:58,549 completely, except they kept developing 194 00:05:58,550 --> 00:06:00,079 it and they switched it over to sort of a 195 00:06:00,080 --> 00:06:02,479 more enterprise 196 00:06:02,480 --> 00:06:04,189 world. There's Intel v Pro, which is used 197 00:06:04,190 --> 00:06:05,689 for desktop management, is a direct 198 00:06:05,690 --> 00:06:06,739 outgrowth of this. 199 00:06:06,740 --> 00:06:09,169 There's Intel text on servers. 200 00:06:09,170 --> 00:06:10,669 It's interesting and it's definitely an 201 00:06:10,670 --> 00:06:11,670 area to explore 202 00:06:12,800 --> 00:06:13,939 there. There's a lot of problems. 203 00:06:13,940 --> 00:06:15,289 It's very complicated. It was designed 204 00:06:15,290 --> 00:06:16,939 around like eight bit microcontrollers. 205 00:06:16,940 --> 00:06:19,189 It was designed 20 years ago, basically, 206 00:06:19,190 --> 00:06:20,299 and extended. 207 00:06:20,300 --> 00:06:22,189 So it's not very easy to develop for it's 208 00:06:22,190 --> 00:06:23,659 not very well documented. 209 00:06:23,660 --> 00:06:25,759 And as we've seen with the FBI attacks 210 00:06:25,760 --> 00:06:26,809 and all sorts of other stuff during this 211 00:06:26,810 --> 00:06:28,429 conference and really over the past 20 212 00:06:28,430 --> 00:06:30,319 years, there's really not a high level of 213 00:06:30,320 --> 00:06:31,999 security that you can you can gain from 214 00:06:32,000 --> 00:06:33,019 this technology. 215 00:06:33,020 --> 00:06:34,549 It has the advantage that it's commodity. 216 00:06:34,550 --> 00:06:35,779 It's already in a lot of the hardware out 217 00:06:35,780 --> 00:06:37,549 there. So you can do some interesting 218 00:06:37,550 --> 00:06:39,079 stuff. But as a standalone protection 219 00:06:39,080 --> 00:06:40,729 against a server that someone has custody 220 00:06:40,730 --> 00:06:43,129 of, it's not terribly great protection. 221 00:06:43,130 --> 00:06:44,329 Then there's, of course, hardware security 222 00:06:44,330 --> 00:06:45,739 modules of the embedded version on the 223 00:06:45,740 --> 00:06:47,599 high end and they're so expensive that 224 00:06:47,600 --> 00:06:48,829 they're not really a great solution for 225 00:06:48,830 --> 00:06:50,419 most of these things. 226 00:06:50,420 --> 00:06:52,129 You can pay about five grand for one now, 227 00:06:52,130 --> 00:06:53,329 but usually they're twenty to thirty 228 00:06:53,330 --> 00:06:54,709 thousand dollars. And usually you have to 229 00:06:54,710 --> 00:06:57,109 sign an NDA, you get access to an API. 230 00:06:57,110 --> 00:06:58,820 Very, very expensive and difficult to do 231 00:06:59,870 --> 00:07:01,819 there. They also don't generally work in 232 00:07:01,820 --> 00:07:03,349 the cloud. There is one exception that I 233 00:07:03,350 --> 00:07:05,509 know about the Amazon Cloud 234 00:07:05,510 --> 00:07:07,189 HSM where they charge you five thousand 235 00:07:07,190 --> 00:07:08,569 dollars upfront and then about twelve 236 00:07:08,570 --> 00:07:10,279 hundred dollars a month to rent access to 237 00:07:10,280 --> 00:07:11,599 an HSM. 238 00:07:11,600 --> 00:07:12,739 There's a very limited number of these 239 00:07:12,740 --> 00:07:14,839 vendors and if I were building a 240 00:07:14,840 --> 00:07:16,429 really interesting application, I'd be 241 00:07:16,430 --> 00:07:18,439 really afraid to use one of these because 242 00:07:18,440 --> 00:07:20,059 these things are inherently black boxes. 243 00:07:20,060 --> 00:07:22,189 There's no way that you can easily, as 244 00:07:22,190 --> 00:07:23,449 an end user audit quantity. 245 00:07:23,450 --> 00:07:25,099 One of these things to do a real audit, 246 00:07:25,100 --> 00:07:26,149 you have to tear them down and do all 247 00:07:26,150 --> 00:07:27,499 sorts of destructive analysis. 248 00:07:27,500 --> 00:07:29,629 And there's there's another 249 00:07:29,630 --> 00:07:30,859 interesting problem of using these things 250 00:07:30,860 --> 00:07:32,029 in the cloud that I'll get to in a second. 251 00:07:32,030 --> 00:07:33,319 Plus the really slow, they're usually 252 00:07:33,320 --> 00:07:35,539 like a forty six or a low end 253 00:07:35,540 --> 00:07:37,189 arm inside this envelope for thirty 254 00:07:37,190 --> 00:07:38,329 thousand dollars. So they're slower than 255 00:07:38,330 --> 00:07:39,769 the host they're attached to. 256 00:07:39,770 --> 00:07:40,819 So they're also not really a great 257 00:07:40,820 --> 00:07:43,129 solution. So the best practice 258 00:07:43,130 --> 00:07:44,659 that most people have for applications is 259 00:07:44,660 --> 00:07:46,129 day is it's a segment, their application. 260 00:07:46,130 --> 00:07:47,479 They have an untrusted and a trusted part 261 00:07:47,480 --> 00:07:48,679 of their application. 262 00:07:48,680 --> 00:07:50,749 They allow users to access the the front 263 00:07:50,750 --> 00:07:51,739 end portion of it. 264 00:07:51,740 --> 00:07:53,809 And if you have a system where it's 265 00:07:53,810 --> 00:07:55,069 distributed front end, you might have 266 00:07:55,070 --> 00:07:57,169 lots of front end servers 267 00:07:57,170 --> 00:07:58,489 all around the world that aren't very 268 00:07:58,490 --> 00:07:59,809 highly trusted. Then you have your back 269 00:07:59,810 --> 00:08:01,249 end servers that are highly trusted, that 270 00:08:01,250 --> 00:08:02,479 are in a smaller number of locations 271 00:08:02,480 --> 00:08:03,499 where you can protect them. 272 00:08:04,940 --> 00:08:06,619 It's a pretty good model, splitting 273 00:08:06,620 --> 00:08:07,999 applications across multiple machines, 274 00:08:08,000 --> 00:08:09,559 then actively monitoring them and 275 00:08:09,560 --> 00:08:11,479 responding when an event happens and then 276 00:08:11,480 --> 00:08:13,459 using HSM in a limited number of cases 277 00:08:13,460 --> 00:08:14,509 where it's possible. 278 00:08:14,510 --> 00:08:15,829 So this is really the best thing that 279 00:08:15,830 --> 00:08:16,729 people do today. 280 00:08:16,730 --> 00:08:19,039 However, it's not really terribly it's 281 00:08:19,040 --> 00:08:20,040 not perfect. 282 00:08:20,750 --> 00:08:22,949 And there's some serious pitfalls to the 283 00:08:22,950 --> 00:08:23,839 the model. 284 00:08:23,840 --> 00:08:26,189 So I respect that Amazon was 285 00:08:26,190 --> 00:08:28,669 was first to deploy HSM 286 00:08:28,670 --> 00:08:30,859 in a large commercial cloud environment. 287 00:08:30,860 --> 00:08:32,509 But there were some issues. 288 00:08:32,510 --> 00:08:34,489 The model was generally designed around 289 00:08:34,490 --> 00:08:35,959 someone having direct physical access to 290 00:08:35,960 --> 00:08:37,579 the HSM. So you knew you were talking to 291 00:08:37,580 --> 00:08:39,109 this HSM? 292 00:08:39,110 --> 00:08:40,428 Unfortunately, when you're talking to it 293 00:08:40,429 --> 00:08:42,048 in the cloud, you have never seen this 294 00:08:42,049 --> 00:08:43,428 happen. You don't necessarily know that 295 00:08:43,429 --> 00:08:45,679 it's the same you're talking 296 00:08:45,680 --> 00:08:47,119 to or that you're even talking to any of 297 00:08:47,120 --> 00:08:48,049 them at all. You're just talking to 298 00:08:48,050 --> 00:08:49,789 something over some sort of API. 299 00:08:49,790 --> 00:08:51,589 So in the first version of this, they 300 00:08:51,590 --> 00:08:52,969 didn't have any way you could prove that 301 00:08:52,970 --> 00:08:54,379 you're actually talking to and it could 302 00:08:54,380 --> 00:08:55,789 have been verbalized. 303 00:08:55,790 --> 00:08:57,259 So the obvious solution to that was to 304 00:08:57,260 --> 00:08:58,999 build a key into it at manufacture time 305 00:08:59,000 --> 00:09:01,129 that can do an attestation operation to 306 00:09:01,130 --> 00:09:02,059 prove that you're talking to a real 307 00:09:02,060 --> 00:09:03,169 device. 308 00:09:03,170 --> 00:09:04,759 The problem is now the current model is 309 00:09:04,760 --> 00:09:06,919 to test it from within an Amazon VM, 310 00:09:06,920 --> 00:09:09,769 inside your VPC, so that VM 311 00:09:09,770 --> 00:09:11,509 you could also tamper with at the same 312 00:09:11,510 --> 00:09:13,489 time. So the real lesson here is you have 313 00:09:13,490 --> 00:09:14,989 to build these systems to have external 314 00:09:14,990 --> 00:09:16,309 auditing or auditability. 315 00:09:17,890 --> 00:09:19,539 However, there are some solutions that 316 00:09:19,540 --> 00:09:20,769 are really exciting that might solve 317 00:09:20,770 --> 00:09:21,909 this. 318 00:09:21,910 --> 00:09:23,169 There's a company called Private Corps 319 00:09:23,170 --> 00:09:25,329 that got bought by Facebook earlier 320 00:09:25,330 --> 00:09:27,189 this year that was doing something really 321 00:09:27,190 --> 00:09:29,319 interesting with an extension of Tresser 322 00:09:29,320 --> 00:09:31,539 or try Bizer, where you could run 323 00:09:31,540 --> 00:09:33,639 a hypervisor entirely inside the 324 00:09:33,640 --> 00:09:36,189 L1, L2, L3 cache of an Intel Zeon, 325 00:09:36,190 --> 00:09:39,039 which is maybe 20, 30 megabytes 326 00:09:39,040 --> 00:09:41,019 of storage, and then use the CPU 327 00:09:41,020 --> 00:09:42,489 operations, the crypto operations that 328 00:09:42,490 --> 00:09:43,989 are inside this core. 329 00:09:43,990 --> 00:09:45,789 So you have Asnar and you have some key 330 00:09:45,790 --> 00:09:47,019 operations, everything else. 331 00:09:47,020 --> 00:09:49,119 So this is all within the CPU die and 332 00:09:49,120 --> 00:09:51,279 it's all pinned inside the CPU dy 333 00:09:51,280 --> 00:09:53,409 CPU Die has some 334 00:09:53,410 --> 00:09:55,929 properties of it's much harder to 335 00:09:55,930 --> 00:09:56,829 extract keys from it. 336 00:09:56,830 --> 00:09:58,629 You can't just plug a PCI card in like a 337 00:09:58,630 --> 00:10:00,759 slot screamer and pull memory out 338 00:10:00,760 --> 00:10:01,909 like you could if it was my memory. 339 00:10:01,910 --> 00:10:03,339 So it's pretty cool. 340 00:10:03,340 --> 00:10:04,989 There's a thing called Intel, SGX that's 341 00:10:04,990 --> 00:10:07,239 coming out in probably twenty sixteen. 342 00:10:07,240 --> 00:10:09,009 It's under NDA when the exact date is and 343 00:10:09,010 --> 00:10:10,059 I don't actually know what the date is, 344 00:10:10,060 --> 00:10:12,969 so I can't tell you for two reasons. 345 00:10:12,970 --> 00:10:15,069 And there is an arm equivalent 346 00:10:15,070 --> 00:10:17,049 of it which is basically like an HSM on a 347 00:10:17,050 --> 00:10:18,819 chip, which will be pretty awesome. 348 00:10:18,820 --> 00:10:20,349 However, that's at least a year away, 349 00:10:20,350 --> 00:10:21,619 probably two years away for all the 350 00:10:21,620 --> 00:10:22,939 stuff. 351 00:10:22,940 --> 00:10:24,939 The the other solution to this would be 352 00:10:24,940 --> 00:10:27,129 low end, since there's no fundamental 353 00:10:27,130 --> 00:10:29,169 reason why these HSM have to cost twenty 354 00:10:29,170 --> 00:10:30,349 or thirty thousand dollars. It's just 355 00:10:30,350 --> 00:10:31,959 they only sell like a couple thousand of 356 00:10:31,960 --> 00:10:33,339 them a year, and they're companies that 357 00:10:33,340 --> 00:10:34,869 sell to banks that don't really care how 358 00:10:34,870 --> 00:10:35,769 much they pay. 359 00:10:35,770 --> 00:10:36,770 So. 360 00:10:38,460 --> 00:10:39,700 So, yeah, 361 00:10:42,060 --> 00:10:44,399 OK, so OK, 362 00:10:44,400 --> 00:10:45,779 so that's a solution, and then there's 363 00:10:45,780 --> 00:10:47,399 cloud hosts that are using keys embedded 364 00:10:47,400 --> 00:10:48,039 in the system. 365 00:10:48,040 --> 00:10:49,679 So there are some solutions that are in 366 00:10:49,680 --> 00:10:51,569 the pipeline and we should be optimistic 367 00:10:51,570 --> 00:10:52,999 about them and be working on them. 368 00:10:54,770 --> 00:10:55,809 Well, very much. 369 00:11:02,500 --> 00:11:05,349 So just another announcement 370 00:11:05,350 --> 00:11:07,479 due to this, uh, tightly 371 00:11:07,480 --> 00:11:08,949 packed schedule, we won't have time for 372 00:11:08,950 --> 00:11:11,259 Q&A at the end, but 373 00:11:11,260 --> 00:11:12,669 if you are interested and you are here in 374 00:11:12,670 --> 00:11:14,019 the room, then you will just walk up to 375 00:11:14,020 --> 00:11:16,209 the speakers and ask them if you are from 376 00:11:16,210 --> 00:11:18,159 the Internet and you probably know how to 377 00:11:18,160 --> 00:11:21,009 use the Internet and you can, 378 00:11:21,010 --> 00:11:22,149 uh, look 379 00:11:23,260 --> 00:11:25,419 the contact info up. 380 00:11:25,420 --> 00:11:27,519 So let me just stop the next 381 00:11:27,520 --> 00:11:28,520 talk, then. 382 00:11:37,230 --> 00:11:38,580 Jeez, this makes hardware 383 00:11:39,750 --> 00:11:41,879 so it's like 384 00:11:41,880 --> 00:11:44,129 this and then you have to do 385 00:11:44,130 --> 00:11:45,130 this one. 386 00:11:46,750 --> 00:11:47,999 Oh, there they are. 387 00:11:48,000 --> 00:11:50,119 So where's the 388 00:11:50,120 --> 00:11:52,239 post wanky the home key on the 389 00:11:52,240 --> 00:11:53,240 mic, 390 00:11:54,460 --> 00:11:56,589 so just, uh, you didn't 391 00:11:56,590 --> 00:11:58,809 see anything. So please welcome Andrea 392 00:11:58,810 --> 00:11:59,810 and Daniel Tekla. 393 00:12:05,190 --> 00:12:07,649 Hello, so we are representing 394 00:12:07,650 --> 00:12:09,899 public infrastructure project that would 395 00:12:09,900 --> 00:12:12,209 use a consensus based system to map 396 00:12:12,210 --> 00:12:13,229 usernames to polychaete. 397 00:12:16,090 --> 00:12:18,519 Now, there are good 398 00:12:18,520 --> 00:12:20,469 security solutions out there, some of 399 00:12:20,470 --> 00:12:22,749 which we have already heard are painful 400 00:12:22,750 --> 00:12:25,319 to use for even technical people. 401 00:12:25,320 --> 00:12:27,639 Now, it doesn't have to be like that. 402 00:12:27,640 --> 00:12:29,889 Most of us can manage through that stage. 403 00:12:29,890 --> 00:12:32,169 But do we actually always check 404 00:12:32,170 --> 00:12:33,340 the host fingerprint? 405 00:12:34,540 --> 00:12:36,819 Similarly, you can trust a certificate 406 00:12:36,820 --> 00:12:39,069 authority. These systems tend to be much 407 00:12:39,070 --> 00:12:40,329 more usable. 408 00:12:40,330 --> 00:12:42,729 However, trusting a certificate authority 409 00:12:42,730 --> 00:12:44,199 means you're trusting a certificate 410 00:12:44,200 --> 00:12:46,179 authority, which might not always be a 411 00:12:46,180 --> 00:12:47,180 good idea. 412 00:12:47,770 --> 00:12:49,929 Now, incrementally building on top of 413 00:12:49,930 --> 00:12:51,759 that and improving the station, our 414 00:12:51,760 --> 00:12:53,759 systems like certificate transparency and 415 00:12:53,760 --> 00:12:56,049 its counterpart used 416 00:12:56,050 --> 00:12:58,209 for end to end, which allow 417 00:12:58,210 --> 00:13:00,189 the user to verify what keys have been 418 00:13:00,190 --> 00:13:01,569 reported to be theirs. 419 00:13:01,570 --> 00:13:03,639 Yet when something 420 00:13:03,640 --> 00:13:05,709 is done, the user will not have 421 00:13:05,710 --> 00:13:07,479 proof that something bad happened. 422 00:13:07,480 --> 00:13:09,129 Just reciting that count would have had 423 00:13:09,130 --> 00:13:10,130 the same result. 424 00:13:11,410 --> 00:13:13,329 Now we want to do better than that. 425 00:13:13,330 --> 00:13:15,219 We want to have a verifiable public 426 00:13:15,220 --> 00:13:17,019 mapping from user names to public office, 427 00:13:17,020 --> 00:13:18,729 and we want to do so without having a 428 00:13:18,730 --> 00:13:21,069 central trusted party, without requiring 429 00:13:21,070 --> 00:13:23,049 the user to regularly check in with the 430 00:13:23,050 --> 00:13:24,129 system. 431 00:13:24,130 --> 00:13:26,529 And we want to do this on low end devices 432 00:13:26,530 --> 00:13:29,109 that fit into your pocket. 433 00:13:29,110 --> 00:13:29,799 Right. 434 00:13:29,800 --> 00:13:31,749 So the way we've designed the semantics 435 00:13:31,750 --> 00:13:34,119 of our system name is pretty 436 00:13:34,120 --> 00:13:35,169 comparable to Namecoin. 437 00:13:35,170 --> 00:13:37,899 There's one single global namespace 438 00:13:37,900 --> 00:13:39,819 where users can register names of their 439 00:13:39,820 --> 00:13:41,859 choice first come, first serve. 440 00:13:41,860 --> 00:13:44,019 That does mean that like with any system, 441 00:13:44,020 --> 00:13:46,269 for example, Twitter, if you look up at 442 00:13:46,270 --> 00:13:48,249 NSA, you might not get exactly who you're 443 00:13:48,250 --> 00:13:49,419 looking for. 444 00:13:49,420 --> 00:13:50,769 And crucially, 445 00:13:51,850 --> 00:13:54,549 unlike some systems changing, 446 00:13:54,550 --> 00:13:56,949 the public key associated with a name 447 00:13:56,950 --> 00:13:59,169 that already exists requires a signature 448 00:13:59,170 --> 00:14:00,170 from the old key. 449 00:14:01,400 --> 00:14:03,589 And the way we've implemented this in 450 00:14:03,590 --> 00:14:05,749 name is by storing all of 451 00:14:05,750 --> 00:14:08,119 the state in a 452 00:14:08,120 --> 00:14:10,279 Mercal prefix tree where 453 00:14:10,280 --> 00:14:12,499 the public keys are in the leaves, 454 00:14:12,500 --> 00:14:14,569 that it's a prefix tree means that 455 00:14:14,570 --> 00:14:15,829 the hash of the name 456 00:14:17,060 --> 00:14:19,129 determines what path you take to 457 00:14:19,130 --> 00:14:21,769 find the right leaf like you. 458 00:14:21,770 --> 00:14:23,449 The first bit says whether you go left or 459 00:14:23,450 --> 00:14:24,799 right from the root and you go down the 460 00:14:24,800 --> 00:14:27,019 tree like that and 461 00:14:27,020 --> 00:14:29,089 that it's a Merkle tree means that 462 00:14:29,090 --> 00:14:31,789 every node contains the hashes 463 00:14:31,790 --> 00:14:32,959 of its children. 464 00:14:32,960 --> 00:14:34,939 So the root hash effectively summarizes 465 00:14:34,940 --> 00:14:35,940 the tree. 466 00:14:36,500 --> 00:14:38,569 So if I can have this 467 00:14:38,570 --> 00:14:39,570 collision resistant. 468 00:14:40,630 --> 00:14:42,759 Then there's no way to create 469 00:14:42,760 --> 00:14:44,139 a different mapping with the same root 470 00:14:44,140 --> 00:14:45,759 hash. And the reason this data structure 471 00:14:45,760 --> 00:14:48,879 is nice is because 472 00:14:48,880 --> 00:14:50,409 if a client has somehow gotten the right 473 00:14:50,410 --> 00:14:52,719 root hash, a server can efficiently prove 474 00:14:52,720 --> 00:14:54,849 to them that 475 00:14:54,850 --> 00:14:57,339 a particular mapping is correct. 476 00:14:57,340 --> 00:14:59,169 So the client just has to download the 477 00:14:59,170 --> 00:15:01,449 path, verify that all the hashes 478 00:15:01,450 --> 00:15:03,459 are correct, in particular the root hash, 479 00:15:03,460 --> 00:15:05,529 and verify that that path actually 480 00:15:05,530 --> 00:15:06,530 corresponds to that name. 481 00:15:07,990 --> 00:15:10,239 Now, how we make this data structure 482 00:15:10,240 --> 00:15:11,589 actually represent the state of the world 483 00:15:11,590 --> 00:15:13,129 in the way we want it. 484 00:15:13,130 --> 00:15:15,249 We will have a bunch of servers run 485 00:15:15,250 --> 00:15:17,379 by independent organizations and people 486 00:15:17,380 --> 00:15:19,719 around the world with some of them being 487 00:15:19,720 --> 00:15:21,609 designated leader servers which select 488 00:15:21,610 --> 00:15:23,199 what operations will be applied to the 489 00:15:23,200 --> 00:15:24,129 state. 490 00:15:24,130 --> 00:15:25,779 Not that the servers are not trusted to 491 00:15:25,780 --> 00:15:27,159 verify their operations. 492 00:15:27,160 --> 00:15:29,409 Correct, or to even check 493 00:15:29,410 --> 00:15:30,909 signatures. This will be done 494 00:15:30,910 --> 00:15:33,099 independently by each verifier. 495 00:15:33,100 --> 00:15:35,859 However, the clients will send all 496 00:15:35,860 --> 00:15:37,749 operations they want to perform to that 497 00:15:37,750 --> 00:15:39,309 leader servers, the leaders of the 498 00:15:39,310 --> 00:15:41,529 protest, then the rest of the servers 499 00:15:41,530 --> 00:15:44,259 and the server will, by the end of that 500 00:15:44,260 --> 00:15:46,629 round, sign the new state, 501 00:15:46,630 --> 00:15:48,699 which will 502 00:15:48,700 --> 00:15:49,840 be distributed to clients. 503 00:15:51,550 --> 00:15:53,439 Now, to look up a name, a client can 504 00:15:53,440 --> 00:15:55,629 contact any of the servers, don't 505 00:15:55,630 --> 00:15:57,849 load the signatures, check there's enough 506 00:15:57,850 --> 00:15:59,979 signatures, probably just one server 507 00:15:59,980 --> 00:16:01,480 asserting that a 508 00:16:02,530 --> 00:16:04,029 tree is the current state of the world, 509 00:16:04,030 --> 00:16:06,339 which should not be sufficient, and 510 00:16:06,340 --> 00:16:08,529 then perform that Merkle tree lookup 511 00:16:08,530 --> 00:16:10,619 algorithm that just described to find the 512 00:16:10,620 --> 00:16:11,799 key. 513 00:16:11,800 --> 00:16:13,779 So if clients follow this process, they 514 00:16:13,780 --> 00:16:15,969 get a strong antitrust guarantee 515 00:16:15,970 --> 00:16:17,529 about the correctness of the public that 516 00:16:17,530 --> 00:16:19,749 they found specifically 517 00:16:19,750 --> 00:16:22,059 if two clients except to look up 518 00:16:22,060 --> 00:16:24,279 from overlapping sets of good verifiers. 519 00:16:24,280 --> 00:16:25,280 So that means. 520 00:16:26,200 --> 00:16:28,539 They only need one good verifier 521 00:16:28,540 --> 00:16:30,699 in common then that means 522 00:16:30,700 --> 00:16:32,229 that they see a consistent view of the 523 00:16:32,230 --> 00:16:34,239 mapping where all the semantics have been 524 00:16:34,240 --> 00:16:35,889 preserved correctly. 525 00:16:35,890 --> 00:16:37,989 So in practice, this 526 00:16:37,990 --> 00:16:40,089 means that Laura Patris could upload 527 00:16:40,090 --> 00:16:42,339 her key, verify 528 00:16:42,340 --> 00:16:44,769 that the correct is in the system and 529 00:16:44,770 --> 00:16:47,599 publish her username in her articles. 530 00:16:47,600 --> 00:16:49,509 And we hope that we can make damn good 531 00:16:49,510 --> 00:16:51,789 enough that the next Snowden could 532 00:16:51,790 --> 00:16:53,859 just look up her username and use 533 00:16:53,860 --> 00:16:55,989 that to establish first contact. 534 00:16:55,990 --> 00:16:58,449 That is an ambitious goal. 535 00:16:58,450 --> 00:17:00,519 But given that TOR relies 536 00:17:00,520 --> 00:17:02,709 on nine directory authorities, we hope 537 00:17:02,710 --> 00:17:04,479 that our comparable approach can be made 538 00:17:04,480 --> 00:17:05,480 solid as well. 539 00:17:14,359 --> 00:17:16,578 Now, we have coded up everything 540 00:17:16,579 --> 00:17:18,919 we just talked about three times, 541 00:17:18,920 --> 00:17:21,049 the final version is just 542 00:17:21,050 --> 00:17:23,149 about 2000 lines of code goes in 543 00:17:23,150 --> 00:17:24,739 memory, safe language, and we believe our 544 00:17:24,740 --> 00:17:26,358 code is reasonably readable. 545 00:17:28,280 --> 00:17:30,559 It's on a missing license available 546 00:17:30,560 --> 00:17:32,719 online. And the installation and 547 00:17:32,720 --> 00:17:34,519 set up process is really as simple as the 548 00:17:34,520 --> 00:17:35,849 slides right now describe. 549 00:17:35,850 --> 00:17:37,499 You run the go package manager. 550 00:17:37,500 --> 00:17:39,949 Don't let the client you initialize 551 00:17:39,950 --> 00:17:41,389 your account, which currently requires in 552 00:17:41,390 --> 00:17:43,129 white and white, about which we will 553 00:17:43,130 --> 00:17:44,209 explain later. 554 00:17:44,210 --> 00:17:46,339 And then you upload your fingerprint or 555 00:17:46,340 --> 00:17:48,469 your S.H. publicly now how 556 00:17:48,470 --> 00:17:50,569 somebody would access that well 557 00:17:50,570 --> 00:17:52,219 to create the BGP encrypted message 558 00:17:52,220 --> 00:17:53,749 through the DNA user. 559 00:17:53,750 --> 00:17:55,369 The command is up there. 560 00:17:55,370 --> 00:17:57,559 We also have a group that does this. 561 00:18:00,270 --> 00:18:03,419 DNA can also be used to store 562 00:18:03,420 --> 00:18:05,489 host keys, so instead of clicking 563 00:18:05,490 --> 00:18:07,019 yes to that fingerprint question, every 564 00:18:07,020 --> 00:18:08,609 time you connect on your machine, we 565 00:18:08,610 --> 00:18:10,949 could download those from the name. 566 00:18:10,950 --> 00:18:12,899 Again, you can wrap this command in the 567 00:18:12,900 --> 00:18:14,760 nice thing around us and say 568 00:18:15,870 --> 00:18:18,329 we also experimented with patching porn 569 00:18:18,330 --> 00:18:21,869 to use the same keys for 570 00:18:21,870 --> 00:18:24,209 to initialization, yet Fondas 571 00:18:24,210 --> 00:18:25,709 designed for stronger Nemati. 572 00:18:25,710 --> 00:18:27,869 And even though you wouldn't 573 00:18:27,870 --> 00:18:29,309 need a secret key, it would still need 574 00:18:29,310 --> 00:18:30,569 both users to add each other as a 575 00:18:30,570 --> 00:18:32,759 contact. And that is 576 00:18:32,760 --> 00:18:34,289 appropriate where it is appropriate. 577 00:18:34,290 --> 00:18:37,289 But is not usability as usable as email? 578 00:18:37,290 --> 00:18:38,819 However, we are prototyping a new 579 00:18:38,820 --> 00:18:40,229 application using the same protocol right 580 00:18:40,230 --> 00:18:41,230 now. 581 00:18:41,800 --> 00:18:43,359 Right, so there's lots of work left for 582 00:18:43,360 --> 00:18:44,299 us to do. 583 00:18:44,300 --> 00:18:46,509 First of all, we have several ideas 584 00:18:46,510 --> 00:18:47,739 about how we want to improve the 585 00:18:47,740 --> 00:18:49,899 protocol. For one, we don't really 586 00:18:49,900 --> 00:18:52,059 have a good solution for name hoarding or 587 00:18:52,060 --> 00:18:53,649 spam right now. 588 00:18:53,650 --> 00:18:55,629 Currently, we require email verification 589 00:18:55,630 --> 00:18:57,759 from a really strict white list. 590 00:18:57,760 --> 00:19:00,669 And we also think it should be possible 591 00:19:00,670 --> 00:19:03,369 to run our consensus protocol without 592 00:19:03,370 --> 00:19:05,559 designing designating a particular 593 00:19:05,560 --> 00:19:06,819 set of leaders. 594 00:19:06,820 --> 00:19:08,979 Really, any large quorum 595 00:19:08,980 --> 00:19:11,379 of verifiers should suffice, and 596 00:19:11,380 --> 00:19:12,699 that would lead to better availability 597 00:19:12,700 --> 00:19:15,129 for updates and 598 00:19:15,130 --> 00:19:17,949 be a more egalitarian system. 599 00:19:17,950 --> 00:19:19,209 We also want to integrate more 600 00:19:19,210 --> 00:19:21,699 applications and most 601 00:19:21,700 --> 00:19:23,859 importantly, we need our 602 00:19:23,860 --> 00:19:26,079 code to get reviewed and we need to get 603 00:19:26,080 --> 00:19:28,029 people running independent verifiers. 604 00:19:28,030 --> 00:19:29,739 And that's what you can help with. 605 00:19:29,740 --> 00:19:32,199 So if you if you're interested 606 00:19:32,200 --> 00:19:34,449 in trying out DNA and looking at the code 607 00:19:34,450 --> 00:19:36,819 and maybe even running a server, you can 608 00:19:36,820 --> 00:19:39,099 go to that URL on GitHub or 609 00:19:39,100 --> 00:19:40,100 contact us. 610 00:19:41,110 --> 00:19:43,389 And so we'd like to thank Professor 611 00:19:43,390 --> 00:19:45,819 Nikolais all at MIT for collaborating, 612 00:19:45,820 --> 00:19:48,069 collaborating with us and 613 00:19:48,070 --> 00:19:50,179 Jansma, Adam Langley and 614 00:19:50,180 --> 00:19:52,359 Gallivan Inhofe for their useful 615 00:19:52,360 --> 00:19:54,189 discussion and of course, MIT for paying 616 00:19:54,190 --> 00:19:55,190 us. 617 00:19:55,480 --> 00:19:56,480 Thank you. 618 00:20:03,620 --> 00:20:04,650 Thank you very much. 619 00:20:06,510 --> 00:20:10,069 So we'll just take the next slide, 620 00:20:10,070 --> 00:20:12,199 which is somewhere 621 00:20:12,200 --> 00:20:13,320 over here, a 622 00:20:16,250 --> 00:20:18,680 new development in Otara 623 00:20:21,110 --> 00:20:23,299 all the way here again. 624 00:20:27,000 --> 00:20:29,699 OK, then, please welcome 625 00:20:29,700 --> 00:20:30,700 Bassem. 626 00:20:36,370 --> 00:20:38,139 By the way, that's the best pronunciation 627 00:20:38,140 --> 00:20:40,269 of my name ever by informing people. 628 00:20:40,270 --> 00:20:41,270 Um, so, 629 00:20:43,150 --> 00:20:45,249 yeah, that I'm 630 00:20:45,250 --> 00:20:46,269 so great. 631 00:20:46,270 --> 00:20:48,489 So I would like to talk ten minutes about 632 00:20:48,490 --> 00:20:50,619 Otara, which is all 633 00:20:50,620 --> 00:20:53,349 the fault of Ian Goldberg and Co., 634 00:20:53,350 --> 00:20:56,079 which helps which have helped 635 00:20:56,080 --> 00:20:58,479 to keep people safe over the last decade 636 00:20:58,480 --> 00:20:59,529 or so. 637 00:20:59,530 --> 00:21:01,539 So my name is you're from. 638 00:21:01,540 --> 00:21:03,069 This is my email address and I confirm 639 00:21:03,070 --> 00:21:05,139 that this is my fingerprints, if 640 00:21:05,140 --> 00:21:07,029 you would like to contact me after. 641 00:21:07,030 --> 00:21:09,189 Um, so. 642 00:21:10,620 --> 00:21:12,779 Let's have a short introduction to 643 00:21:12,780 --> 00:21:14,939 Otara and why it's great that 644 00:21:14,940 --> 00:21:17,129 these things exist so altius, about 645 00:21:17,130 --> 00:21:19,259 a decade young, it's about 10 years old 646 00:21:19,260 --> 00:21:20,609 by now. 647 00:21:20,610 --> 00:21:22,199 Mostly it's political agnostic. 648 00:21:22,200 --> 00:21:23,879 So what we mean by that is that you could 649 00:21:23,880 --> 00:21:25,799 use it of hejab, you could use it of 650 00:21:25,800 --> 00:21:27,929 Yahoo Messenger, you could use it 651 00:21:27,930 --> 00:21:29,849 over Amazon. 652 00:21:29,850 --> 00:21:32,159 If there is still something that exists 653 00:21:34,020 --> 00:21:36,480 and it offers a great amount of security, 654 00:21:38,340 --> 00:21:40,529 there might be some issues because, 655 00:21:40,530 --> 00:21:42,369 you know, it's 10 years old and there are 656 00:21:42,370 --> 00:21:44,519 some things that we have to consider to 657 00:21:44,520 --> 00:21:46,529 consider when we switz, for example, 658 00:21:46,530 --> 00:21:48,799 elliptic curve cryptography or if 659 00:21:48,800 --> 00:21:50,879 we would like to bump the key 660 00:21:50,880 --> 00:21:53,189 sizes of, for example, the DSA session 661 00:21:53,190 --> 00:21:55,229 keys. But, you know, these things are 662 00:21:55,230 --> 00:21:57,119 coming probably with a dash of over the 663 00:21:57,120 --> 00:21:59,309 next year in 2015. 664 00:21:59,310 --> 00:22:00,719 And most of all, it's a peer reviewed 665 00:22:00,720 --> 00:22:03,149 design and it has to withstand 666 00:22:03,150 --> 00:22:04,589 10 years of scrutiny. 667 00:22:04,590 --> 00:22:06,179 And of course, there has been some issues 668 00:22:06,180 --> 00:22:08,379 and these issues have mostly been 669 00:22:08,380 --> 00:22:09,380 been passed. 670 00:22:11,250 --> 00:22:13,409 You know, those crazy things that 671 00:22:13,410 --> 00:22:15,629 you can authenticate somebody by using 672 00:22:15,630 --> 00:22:17,399 the socialist millionaire protocol does 673 00:22:17,400 --> 00:22:18,400 things like 674 00:22:19,620 --> 00:22:21,599 using a shared secret that you can 675 00:22:21,600 --> 00:22:23,639 discuss with people just verifying some 676 00:22:23,640 --> 00:22:25,619 of the other bound by the fingerprint of 677 00:22:25,620 --> 00:22:28,040 another channel like, say, Twitter. 678 00:22:29,460 --> 00:22:31,439 And most of all, it's open source. 679 00:22:31,440 --> 00:22:33,449 So anybody can expect to code. 680 00:22:33,450 --> 00:22:34,709 Anybody can compile it. 681 00:22:34,710 --> 00:22:36,959 And everybody can submit 682 00:22:36,960 --> 00:22:37,960 patches back. 683 00:22:40,540 --> 00:22:41,540 So. 684 00:22:42,400 --> 00:22:44,649 I would like to think of this as an 685 00:22:44,650 --> 00:22:46,989 ecosystem and by having an ecosystem, 686 00:22:46,990 --> 00:22:48,939 I mean that it's much more than just a 687 00:22:48,940 --> 00:22:51,069 protocol, it's much more than a 688 00:22:51,070 --> 00:22:52,149 specification. 689 00:22:52,150 --> 00:22:54,039 And it's also the implementation of this 690 00:22:54,040 --> 00:22:55,040 code and the reference 691 00:22:56,140 --> 00:22:57,910 implementations, like, for example, 692 00:22:59,050 --> 00:23:01,239 in JavaScript or in 693 00:23:01,240 --> 00:23:02,679 Python or go. 694 00:23:02,680 --> 00:23:05,139 So it's 695 00:23:05,140 --> 00:23:06,099 much bigger than that. 696 00:23:06,100 --> 00:23:07,519 And we can't just say that, you know, 697 00:23:07,520 --> 00:23:09,639 OSHA probably isn't 698 00:23:09,640 --> 00:23:12,639 broken by the NSA, 699 00:23:12,640 --> 00:23:14,289 but it's much more 700 00:23:15,430 --> 00:23:16,029 so. 701 00:23:16,030 --> 00:23:17,769 One of these things is that some of the 702 00:23:17,770 --> 00:23:19,629 reference implementations like, say, in 703 00:23:19,630 --> 00:23:21,219 Python or in other languages are 704 00:23:21,220 --> 00:23:22,389 incomplete. 705 00:23:22,390 --> 00:23:23,949 Some of them have only implemented a 706 00:23:23,950 --> 00:23:26,019 certain specification of 707 00:23:26,020 --> 00:23:28,169 how they are like only the first two 708 00:23:28,170 --> 00:23:30,369 and most of all, probably 709 00:23:30,370 --> 00:23:32,499 not sufficient, which is 710 00:23:32,500 --> 00:23:34,839 one of the most up to date recent 711 00:23:34,840 --> 00:23:36,159 versions of out here. 712 00:23:36,160 --> 00:23:37,849 And we would like to really fix this. 713 00:23:37,850 --> 00:23:39,819 So if you are a Python program or if you 714 00:23:39,820 --> 00:23:42,009 are going programmer, I would really 715 00:23:42,010 --> 00:23:44,379 like to ask you to contribute to 716 00:23:44,380 --> 00:23:46,489 this project 717 00:23:46,490 --> 00:23:47,490 so far. 718 00:23:49,180 --> 00:23:50,439 And then there's such a thing as 719 00:23:50,440 --> 00:23:52,299 sometimes you might have heard of pitchin 720 00:23:52,300 --> 00:23:53,559 and purple. 721 00:23:53,560 --> 00:23:55,719 And I see some people laughing 722 00:23:55,720 --> 00:23:57,999 that if it takes 723 00:23:58,000 --> 00:24:00,279 them six months to update all the 724 00:24:00,280 --> 00:24:02,349 windows, libraries that have at least 725 00:24:02,350 --> 00:24:04,599 one remotely exploit 726 00:24:04,600 --> 00:24:06,789 where the oldest one was six years 727 00:24:06,790 --> 00:24:09,249 old, it takes them six months to update. 728 00:24:09,250 --> 00:24:10,959 We might want to reconsider using these 729 00:24:10,960 --> 00:24:13,299 things. And it might be the case that you 730 00:24:13,300 --> 00:24:15,159 are using pitchin and you are probably 731 00:24:15,160 --> 00:24:17,349 not an active target of whatever group, 732 00:24:17,350 --> 00:24:18,839 but it's something to consider. 733 00:24:20,470 --> 00:24:22,209 And then there such a thing as that 734 00:24:22,210 --> 00:24:24,279 crypto is often bypassed and 735 00:24:24,280 --> 00:24:26,379 by meaning that that's, you know, if you 736 00:24:26,380 --> 00:24:27,579 might be using pitchin. 737 00:24:29,270 --> 00:24:30,979 We might want to reconsider that and 738 00:24:30,980 --> 00:24:32,149 maybe write a new clients. 739 00:24:35,010 --> 00:24:36,119 And then there's such a thing as 740 00:24:36,120 --> 00:24:38,219 usability and usability is the name of 741 00:24:38,220 --> 00:24:39,209 the game no matter what. 742 00:24:39,210 --> 00:24:40,739 I've seen a lot of people struggling with 743 00:24:40,740 --> 00:24:42,689 setting about your analogy is probably 744 00:24:42,690 --> 00:24:44,969 one of the simplest products to 745 00:24:44,970 --> 00:24:46,709 do understand. And I've heard a lot of 746 00:24:46,710 --> 00:24:49,319 good things that journalists, 747 00:24:49,320 --> 00:24:51,719 users, activists find 748 00:24:51,720 --> 00:24:53,369 relatively easy to use compared to 749 00:24:53,370 --> 00:24:55,409 something like PGP, for example. 750 00:24:55,410 --> 00:24:57,209 So this is very important and we should 751 00:24:57,210 --> 00:24:58,949 make the clients as easy to use as 752 00:24:58,950 --> 00:24:59,950 possible. 753 00:25:00,870 --> 00:25:02,879 PitchIN or Getsy isn't one of them. 754 00:25:02,880 --> 00:25:04,559 But Cryptococcus, for example, is one of 755 00:25:04,560 --> 00:25:06,119 these projects that makes it more easy 756 00:25:06,120 --> 00:25:08,219 for users to use 757 00:25:08,220 --> 00:25:09,780 and use strong cryptography. 758 00:25:17,180 --> 00:25:19,489 So this is the fourth year we have gone 759 00:25:19,490 --> 00:25:21,619 from desktop clients and we have moved to 760 00:25:21,620 --> 00:25:23,869 such a thing as product call of of, 761 00:25:23,870 --> 00:25:25,909 you know, often online messaging is that 762 00:25:25,910 --> 00:25:27,889 if I send you a message right now, you 763 00:25:27,890 --> 00:25:29,449 know, there will be a message like 10 764 00:25:29,450 --> 00:25:31,369 minutes later from somebody because we 765 00:25:31,370 --> 00:25:33,229 have moved to mobile devices. 766 00:25:33,230 --> 00:25:35,149 So we have kind of moved from the desktop 767 00:25:35,150 --> 00:25:36,649 to the smartphone. 768 00:25:36,650 --> 00:25:38,989 And we have seen, you know, great 769 00:25:38,990 --> 00:25:41,179 like stuff like Tetsuko, which is being 770 00:25:41,180 --> 00:25:42,889 done by the Guardian project. 771 00:25:42,890 --> 00:25:44,779 I think Cryptococcus is also working on 772 00:25:44,780 --> 00:25:47,119 like Android and iPhone 773 00:25:47,120 --> 00:25:48,019 platforms. 774 00:25:48,020 --> 00:25:50,149 And, you know, that is really 775 00:25:50,150 --> 00:25:52,399 great. And we need more Lofthouse. 776 00:25:52,400 --> 00:25:54,589 So this is kind of just 777 00:25:54,590 --> 00:25:56,359 like mostly open source things and some 778 00:25:56,360 --> 00:25:58,609 are better and some are kind of 779 00:25:58,610 --> 00:26:00,259 good use more work. 780 00:26:00,260 --> 00:26:02,449 And I would encourage 781 00:26:02,450 --> 00:26:04,099 you to work on that once again. 782 00:26:04,100 --> 00:26:06,169 So, you know, the kind of the 783 00:26:06,170 --> 00:26:08,599 state of our job that's like a bunch of 784 00:26:08,600 --> 00:26:10,909 reference implementations. 785 00:26:10,910 --> 00:26:12,559 The most popular, one of the most well 786 00:26:12,560 --> 00:26:14,209 known one is probably about Yahweh's is 787 00:26:14,210 --> 00:26:15,210 redundancy. 788 00:26:16,760 --> 00:26:18,349 That's a backtrack these days, which 789 00:26:18,350 --> 00:26:19,879 isn't on Salesforce anymore at some 790 00:26:19,880 --> 00:26:22,189 Burk's dot org chart that I am. 791 00:26:22,190 --> 00:26:24,619 So if you have found any issues recently 792 00:26:24,620 --> 00:26:26,149 that you would like to see fixed lots of 793 00:26:26,150 --> 00:26:28,189 opportunities to present your pettiest 794 00:26:28,190 --> 00:26:30,139 out, please open the back. 795 00:26:30,140 --> 00:26:31,729 If you found something we would like to 796 00:26:31,730 --> 00:26:33,799 see fix and we'll try to fix it as soon 797 00:26:33,800 --> 00:26:35,229 as possible. 798 00:26:35,230 --> 00:26:36,919 There's also things that pop up the note 799 00:26:36,920 --> 00:26:39,019 here, and there have been people 800 00:26:39,020 --> 00:26:40,969 who have come up to me the past few days 801 00:26:40,970 --> 00:26:43,279 and have debunked a few issues and that 802 00:26:43,280 --> 00:26:44,749 some I would really like to thank them 803 00:26:44,750 --> 00:26:47,119 for them, which is pretty awesome because 804 00:26:47,120 --> 00:26:48,619 it was one of the issues where somebody 805 00:26:48,620 --> 00:26:50,719 might be have been dropping plaintext 806 00:26:50,720 --> 00:26:52,009 instead of encrypting. 807 00:26:52,010 --> 00:26:53,989 So these things need a lot more scrutiny. 808 00:26:55,280 --> 00:26:56,749 And that's, you know, Jaffey 809 00:26:56,750 --> 00:26:59,269 implementation, this being a dispatcher 810 00:26:59,270 --> 00:27:01,519 who's just called out for Jafa. 811 00:27:01,520 --> 00:27:03,529 So if you are Gylfi Hakka and you would 812 00:27:03,530 --> 00:27:05,659 like to help unstrung secure crypto, you 813 00:27:05,660 --> 00:27:07,909 should consider helping the ultra 814 00:27:07,910 --> 00:27:09,379 off of Java guys. 815 00:27:09,380 --> 00:27:11,659 Also Golden Girl Jianbai maintained 816 00:27:11,660 --> 00:27:12,660 by Adam Langley. 817 00:27:13,940 --> 00:27:16,099 So I am clients I would really 818 00:27:16,100 --> 00:27:17,899 so we have been bitching about and I 819 00:27:17,900 --> 00:27:19,999 sorry to use that word but we've 820 00:27:20,000 --> 00:27:22,399 been getting a lot about 821 00:27:22,400 --> 00:27:24,919 pitchin and it's time to 822 00:27:24,920 --> 00:27:27,229 take action. It's time to get rid of this 823 00:27:27,230 --> 00:27:28,699 and write something in a more secure 824 00:27:28,700 --> 00:27:30,919 fashion because people have been relying 825 00:27:30,920 --> 00:27:33,019 on this. And you know, I 826 00:27:33,020 --> 00:27:34,099 work on tails as well. 827 00:27:34,100 --> 00:27:36,229 And it bothers me that tale's 828 00:27:36,230 --> 00:27:37,879 ships pitching at the moment because the 829 00:27:37,880 --> 00:27:38,839 user this better. 830 00:27:38,840 --> 00:27:40,819 So we really, really, really have to fix 831 00:27:40,820 --> 00:27:43,219 this as soon as possible with 832 00:27:43,220 --> 00:27:45,769 our support or support by default. 833 00:27:45,770 --> 00:27:47,989 And hopefully also AMP one sec, 834 00:27:47,990 --> 00:27:50,869 which is sort of like group 835 00:27:50,870 --> 00:27:52,130 encryption protocol. 836 00:27:53,900 --> 00:27:56,299 So then you have to kind of like 837 00:27:56,300 --> 00:27:57,919 Chuck Paradigm, as I mentioned before, 838 00:27:57,920 --> 00:27:59,659 that we have to kind of switch them. 839 00:27:59,660 --> 00:28:00,979 You know, we have to deal with low 840 00:28:00,980 --> 00:28:02,749 latency and high latency kind of like 841 00:28:02,750 --> 00:28:05,029 messages. And it gives you a lot more 842 00:28:06,200 --> 00:28:06,709 help. 843 00:28:06,710 --> 00:28:08,809 And, you know, maybe someday 844 00:28:08,810 --> 00:28:10,219 we will implement something like 845 00:28:10,220 --> 00:28:11,429 asynchronous OCR. 846 00:28:11,430 --> 00:28:13,309 So maybe that will be something like a 847 00:28:13,310 --> 00:28:14,389 ratchet, maybe not. 848 00:28:14,390 --> 00:28:15,739 Maybe it will be something different. 849 00:28:15,740 --> 00:28:17,869 We might not implement it now, but 850 00:28:17,870 --> 00:28:19,759 it's something to consider by making new 851 00:28:19,760 --> 00:28:20,760 protocols. 852 00:28:22,050 --> 00:28:24,299 So how can you help 853 00:28:24,300 --> 00:28:27,119 people please work on the I am clients 854 00:28:27,120 --> 00:28:28,949 other than software that we have been 855 00:28:28,950 --> 00:28:31,019 like like working on and the 856 00:28:31,020 --> 00:28:32,279 community has been working around the 857 00:28:32,280 --> 00:28:33,809 ecosystem as we work around for over the 858 00:28:33,810 --> 00:28:34,810 years. 859 00:28:35,340 --> 00:28:37,049 And most of all, donate to these projects 860 00:28:37,050 --> 00:28:39,389 that you you know, if you just 861 00:28:39,390 --> 00:28:41,489 like consider like giving them a few 862 00:28:41,490 --> 00:28:43,409 dollars to buy a coffee, this is really 863 00:28:43,410 --> 00:28:44,309 important. 864 00:28:44,310 --> 00:28:45,960 And these people deserve a lot more love. 865 00:28:55,150 --> 00:28:57,639 So this is the end, but 866 00:28:57,640 --> 00:28:59,739 this is not the end for now, this 867 00:28:59,740 --> 00:29:01,149 is the end of the talk, but it isn't the 868 00:29:01,150 --> 00:29:02,079 end of the year. 869 00:29:02,080 --> 00:29:04,269 So I happily invite you to subscribe 870 00:29:04,270 --> 00:29:06,159 to our mailing list, the development 871 00:29:06,160 --> 00:29:07,659 mailing list, as you can see here. 872 00:29:07,660 --> 00:29:09,879 And there's also no History Channel for 873 00:29:09,880 --> 00:29:12,039 short communication cycles and 874 00:29:12,040 --> 00:29:13,040 apostacy. 875 00:29:13,750 --> 00:29:15,249 And that's my talk. 876 00:29:15,250 --> 00:29:16,250 Thank you very much. 877 00:29:20,040 --> 00:29:21,040 Thank you. 878 00:29:23,640 --> 00:29:24,960 So the next ones 879 00:29:26,180 --> 00:29:28,769 have a more special presentation 880 00:29:28,770 --> 00:29:29,770 style, 881 00:29:31,330 --> 00:29:32,330 so, 882 00:29:33,780 --> 00:29:35,879 uh, I have 883 00:29:35,880 --> 00:29:36,880 to close this one 884 00:29:38,670 --> 00:29:40,789 to ask. 885 00:29:40,790 --> 00:29:41,790 Ask. 886 00:29:42,340 --> 00:29:44,409 Esq is keeping 887 00:29:44,410 --> 00:29:46,630 its escaping, OK, G. 888 00:29:55,660 --> 00:29:56,660 There it is. 889 00:30:00,550 --> 00:30:01,550 Full screen 890 00:30:02,790 --> 00:30:04,859 seems to work, but it always ends up with 891 00:30:04,860 --> 00:30:06,839 something there it is. 892 00:30:06,840 --> 00:30:09,539 So then please welcome 893 00:30:09,540 --> 00:30:12,209 Elijah Sparrow and Christoph Qalandar. 894 00:30:12,210 --> 00:30:13,210 No. 895 00:30:14,690 --> 00:30:15,690 No, you're 896 00:30:17,570 --> 00:30:18,710 I'm sorry I mixed that up. 897 00:30:23,160 --> 00:30:24,160 Are you. 898 00:30:24,930 --> 00:30:27,479 All right, OK, um, 899 00:30:27,480 --> 00:30:30,479 so then please welcome Equinox. 900 00:30:30,480 --> 00:30:32,489 No, no, I'm Elijah. 901 00:30:32,490 --> 00:30:33,490 Elijah. 902 00:30:34,050 --> 00:30:36,199 OK, so it's just 903 00:30:36,200 --> 00:30:38,699 that everyone, 904 00:30:38,700 --> 00:30:41,729 um, my name's Elijah 905 00:30:41,730 --> 00:30:43,629 from the LEAP Encryption Access Project. 906 00:30:43,630 --> 00:30:44,909 I'll talk a little bit about what we're 907 00:30:44,910 --> 00:30:46,649 doing. And then Cristoff, we'll talk a 908 00:30:46,650 --> 00:30:48,419 little bit about a related project called 909 00:30:48,420 --> 00:30:49,679 Pixellated. 910 00:30:49,680 --> 00:30:52,540 Um, the. 911 00:30:54,300 --> 00:30:56,519 Our goals are to bring back the nineteen 912 00:30:56,520 --> 00:30:58,619 nineties, not 913 00:30:58,620 --> 00:31:01,589 all the 90s, but specifically 914 00:31:01,590 --> 00:31:04,169 the part of the 90s that involved 915 00:31:04,170 --> 00:31:06,629 not having all of our communication 916 00:31:06,630 --> 00:31:08,879 right through a couple global 917 00:31:08,880 --> 00:31:10,440 monopolies spent 918 00:31:11,820 --> 00:31:13,380 bent on world domination. 919 00:31:15,060 --> 00:31:16,109 And so. 920 00:31:18,230 --> 00:31:20,629 Specifically, we're looking at 921 00:31:20,630 --> 00:31:22,759 bringing back unencumbered open 922 00:31:22,760 --> 00:31:25,069 protocols among Federated Service 923 00:31:25,070 --> 00:31:25,969 providers. 924 00:31:25,970 --> 00:31:28,069 Now we're kind of looking at, 925 00:31:28,070 --> 00:31:30,139 uh, so sorry, what 926 00:31:30,140 --> 00:31:31,879 is federation? 927 00:31:31,880 --> 00:31:33,769 Typically it's user to provider to 928 00:31:33,770 --> 00:31:35,929 provider to user, like ex MP 929 00:31:35,930 --> 00:31:37,519 or email. 930 00:31:37,520 --> 00:31:40,279 But I think 931 00:31:40,280 --> 00:31:42,139 there's a broader definition that might 932 00:31:42,140 --> 00:31:43,140 include 933 00:31:44,600 --> 00:31:46,399 the way Pond works, where you kind of cut 934 00:31:46,400 --> 00:31:48,769 out one of those providers or 935 00:31:48,770 --> 00:31:51,049 any kind of it's very useful to have 936 00:31:51,050 --> 00:31:53,179 a stable server somewhere that can 937 00:31:53,180 --> 00:31:55,219 act as a gatekeeper that kind of prevents 938 00:31:55,220 --> 00:31:56,449 civil attacks. 939 00:31:56,450 --> 00:31:57,450 So. 940 00:31:58,370 --> 00:32:01,009 These days, the cool kids are 941 00:32:01,010 --> 00:32:03,079 really into peer to peer, 942 00:32:03,080 --> 00:32:05,329 and that's cool. 943 00:32:06,710 --> 00:32:08,589 More power to you with your block chain. 944 00:32:09,860 --> 00:32:12,289 But we think that we can do federation, 945 00:32:12,290 --> 00:32:13,939 right? And there's a lot of specific 946 00:32:13,940 --> 00:32:16,039 cases where federation has certain 947 00:32:16,040 --> 00:32:17,040 advantages. 948 00:32:18,380 --> 00:32:20,479 Our two goals with Federation is that 949 00:32:20,480 --> 00:32:22,309 we need to update it for the twenty first 950 00:32:22,310 --> 00:32:24,319 century. So the federation in the 1990s 951 00:32:24,320 --> 00:32:25,339 had some problems 952 00:32:26,450 --> 00:32:29,029 and most important is that it's 953 00:32:29,030 --> 00:32:31,309 the user should never have to trust 954 00:32:31,310 --> 00:32:33,169 the provider for storing their content 955 00:32:33,170 --> 00:32:35,239 and ideally none of the content in 956 00:32:35,240 --> 00:32:37,189 transit or any of the metadata. 957 00:32:37,190 --> 00:32:39,589 But from a provider's perspective. 958 00:32:39,590 --> 00:32:41,389 So life was started by a lot of people 959 00:32:41,390 --> 00:32:43,579 who have a long history in trying to run 960 00:32:43,580 --> 00:32:44,580 service providers. 961 00:32:45,500 --> 00:32:47,389 It's equally important to not have the 962 00:32:47,390 --> 00:32:50,089 liability of storing their text for users 963 00:32:50,090 --> 00:32:52,459 and to be able to deal with abusive 964 00:32:52,460 --> 00:32:54,439 users. And so there's some tension 965 00:32:54,440 --> 00:32:56,539 between those two, which is a lot 966 00:32:56,540 --> 00:32:58,489 of the work that we try to resolve. 967 00:32:58,490 --> 00:33:00,649 So federation is 968 00:33:00,650 --> 00:33:02,089 not dead. 969 00:33:02,090 --> 00:33:03,589 These are not projects that we're working 970 00:33:03,590 --> 00:33:05,329 on, but these are interesting new 971 00:33:05,330 --> 00:33:08,119 projects that were announced 972 00:33:08,120 --> 00:33:09,439 recently in the last couple of weeks. 973 00:33:09,440 --> 00:33:11,599 So dissent is a 974 00:33:11,600 --> 00:33:14,359 pretty cool, probably anonymous 975 00:33:14,360 --> 00:33:16,519 chat routing protocol that 976 00:33:16,520 --> 00:33:18,079 doesn't necessarily have to be a 977 00:33:18,080 --> 00:33:19,849 traditional service provider model, but 978 00:33:19,850 --> 00:33:22,009 it is 979 00:33:22,010 --> 00:33:23,329 designed with that in mind. 980 00:33:23,330 --> 00:33:25,699 And then context is designed 981 00:33:25,700 --> 00:33:26,989 around. 982 00:33:26,990 --> 00:33:29,059 It's like cert transparency, but 983 00:33:29,060 --> 00:33:31,399 it's designed around having 984 00:33:31,400 --> 00:33:32,720 a service provider model. 985 00:33:35,130 --> 00:33:37,319 So specifically, the activities 986 00:33:37,320 --> 00:33:38,320 of LEEP. 987 00:33:41,150 --> 00:33:42,619 I will go faster. 988 00:33:42,620 --> 00:33:44,269 We have three things we create the 989 00:33:44,270 --> 00:33:46,819 platform for automating sysadmin 990 00:33:46,820 --> 00:33:49,369 drudgery, a bunch of new protocols 991 00:33:49,370 --> 00:33:50,629 to make it so that you don't have to 992 00:33:50,630 --> 00:33:51,559 trust the provider. 993 00:33:51,560 --> 00:33:52,969 You the user doesn't have to trust the 994 00:33:52,970 --> 00:33:55,399 provider and a bit mass client 995 00:33:55,400 --> 00:33:57,349 to try to make the whole experience for 996 00:33:57,350 --> 00:33:59,479 the end user equivalent 997 00:33:59,480 --> 00:34:00,859 to what they might be used to in a 998 00:34:00,860 --> 00:34:01,939 seamless as possible. 999 00:34:04,780 --> 00:34:07,929 This is an example of using the platform 1000 00:34:07,930 --> 00:34:10,388 with these commands, you would become 1001 00:34:10,389 --> 00:34:11,559 a VPN provider. 1002 00:34:13,190 --> 00:34:15,099 Now there's a little bit there's a lot 1003 00:34:15,100 --> 00:34:17,979 more to it, but you get the basic idea. 1004 00:34:17,980 --> 00:34:19,569 It also includes the whole testing and 1005 00:34:19,570 --> 00:34:20,699 monitoring framework. 1006 00:34:21,969 --> 00:34:23,919 Again, the idea is to take all the 1007 00:34:23,920 --> 00:34:25,899 incredibly boring shit work out of being 1008 00:34:25,900 --> 00:34:27,759 a sysadmin. If you have been a sysadmin 1009 00:34:27,760 --> 00:34:29,948 for a while and try to make 1010 00:34:29,949 --> 00:34:32,169 being maintaining a medium size 1011 00:34:32,170 --> 00:34:34,449 provider and actually fun experience. 1012 00:34:36,100 --> 00:34:38,379 So some of the new protocols, just 1013 00:34:38,380 --> 00:34:40,479 a few of them, the 1014 00:34:40,480 --> 00:34:42,428 mainstay of what we do is everything's 1015 00:34:42,429 --> 00:34:44,559 built on this thing we call solid, that 1016 00:34:44,560 --> 00:34:46,899 which allows us to store all 1017 00:34:46,900 --> 00:34:49,959 the data in the cloud, but also 1018 00:34:49,960 --> 00:34:51,638 make it searchable locally and 1019 00:34:51,639 --> 00:34:54,729 synchronized among devices, presents 1020 00:34:54,730 --> 00:34:56,919 a database API to locally 1021 00:34:56,920 --> 00:34:57,920 run code. 1022 00:34:59,140 --> 00:35:00,909 And then we also have a whole set of 1023 00:35:00,910 --> 00:35:02,979 protocols to manage the user 1024 00:35:02,980 --> 00:35:05,139 registration and password stuff. 1025 00:35:05,140 --> 00:35:06,140 And 1026 00:35:08,590 --> 00:35:10,119 the third one of the third major 1027 00:35:10,120 --> 00:35:12,189 components is handling 1028 00:35:12,190 --> 00:35:14,349 handling keys in a way that are 1029 00:35:14,350 --> 00:35:16,539 invisible to the user and that 1030 00:35:16,540 --> 00:35:18,759 encode all the possible best practices 1031 00:35:18,760 --> 00:35:20,500 of of open PGP, 1032 00:35:21,820 --> 00:35:23,349 which is what we're currently using. 1033 00:35:23,350 --> 00:35:24,579 But we could swap it out with something 1034 00:35:24,580 --> 00:35:25,580 else. 1035 00:35:26,790 --> 00:35:29,549 So the third thing, the bitmap client, 1036 00:35:29,550 --> 00:35:31,169 this is a screenshot of what it looks 1037 00:35:31,170 --> 00:35:33,449 like on Linux currently, 1038 00:35:33,450 --> 00:35:34,979 we don't the stable version doesn't 1039 00:35:34,980 --> 00:35:37,079 actually have email working, but 1040 00:35:37,080 --> 00:35:38,699 will in the coming month. 1041 00:35:38,700 --> 00:35:40,799 And you can if you have 1042 00:35:40,800 --> 00:35:42,419 a Google listening device in your pocket 1043 00:35:42,420 --> 00:35:44,549 right now, you can go to the play store 1044 00:35:44,550 --> 00:35:46,530 and install the mask app. 1045 00:35:49,350 --> 00:35:51,539 The I just want to say one thing that 1046 00:35:51,540 --> 00:35:53,849 our goal is to have very, very minimal 1047 00:35:53,850 --> 00:35:55,919 UI in general. 1048 00:35:55,920 --> 00:35:58,919 So in this case, if you want to use email 1049 00:35:58,920 --> 00:36:01,049 with business, you have to you connect 1050 00:36:01,050 --> 00:36:03,609 with a traditional male user agent to 1051 00:36:03,610 --> 00:36:06,929 a locally running IMAP or some TV proxy. 1052 00:36:06,930 --> 00:36:08,409 And then later we'll look at something, 1053 00:36:08,410 --> 00:36:09,410 an alternative to that. 1054 00:36:11,130 --> 00:36:13,589 So regarding 1055 00:36:13,590 --> 00:36:15,689 the email we set 1056 00:36:15,690 --> 00:36:17,759 out actually two years ago, maybe 1057 00:36:17,760 --> 00:36:19,619 longer than two years ago, and our goal 1058 00:36:19,620 --> 00:36:21,839 was to obtain 1059 00:36:21,840 --> 00:36:23,699 all the possible security properties that 1060 00:36:23,700 --> 00:36:25,619 we could think of for better next 1061 00:36:25,620 --> 00:36:27,719 generation email, but make it super 1062 00:36:27,720 --> 00:36:29,939 easy to use. And this is an incredibly 1063 00:36:29,940 --> 00:36:31,349 fucking insane goal. 1064 00:36:31,350 --> 00:36:33,690 And somebody should have shot us, but. 1065 00:36:36,030 --> 00:36:38,159 So we have it we had it 1066 00:36:38,160 --> 00:36:40,199 working a year ago, but we still haven't 1067 00:36:40,200 --> 00:36:41,819 released it because there's so many 1068 00:36:41,820 --> 00:36:43,199 little things to work out. 1069 00:36:43,200 --> 00:36:46,469 So we're very close, but 1070 00:36:46,470 --> 00:36:48,329 we've actually I think we're pretty close 1071 00:36:48,330 --> 00:36:50,549 to attaining all 1072 00:36:50,550 --> 00:36:51,550 or most of these. 1073 00:36:52,840 --> 00:36:55,049 And I'd like to show you exactly 1074 00:36:55,050 --> 00:36:57,269 how. But I cannot in a 1075 00:36:57,270 --> 00:36:58,270 lot of time. But 1076 00:36:59,340 --> 00:37:02,459 just briefly, we use this 1077 00:37:02,460 --> 00:37:05,999 kind of soldat to support 1078 00:37:06,000 --> 00:37:08,249 all of our storage synchronized among 1079 00:37:08,250 --> 00:37:09,839 devices, but also protect all the 1080 00:37:09,840 --> 00:37:12,119 metadata. And while it's stored 1081 00:37:12,120 --> 00:37:14,189 on the server and in some 1082 00:37:14,190 --> 00:37:15,659 cases while in transit. 1083 00:37:15,660 --> 00:37:18,119 And also we've started 1084 00:37:18,120 --> 00:37:21,269 with a very simple system of 1085 00:37:21,270 --> 00:37:23,339 Federated Khiva, automatic 1086 00:37:23,340 --> 00:37:25,289 discovery and key validation of its 1087 00:37:25,290 --> 00:37:27,389 forward computer before compatibles, all 1088 00:37:27,390 --> 00:37:28,979 the cool new things that people are 1089 00:37:28,980 --> 00:37:31,049 working on, maybe 1090 00:37:31,050 --> 00:37:33,599 a name or Conex. 1091 00:37:33,600 --> 00:37:35,699 And also we've started 1092 00:37:35,700 --> 00:37:36,809 to do some 1093 00:37:38,730 --> 00:37:40,679 hidden service relay of SMTP. 1094 00:37:40,680 --> 00:37:42,989 Obviously, it's it's very limited 1095 00:37:42,990 --> 00:37:45,029 between provider provider. 1096 00:37:45,030 --> 00:37:47,219 And then the next step is to do from 1097 00:37:47,220 --> 00:37:49,349 a pond like from user 1098 00:37:49,350 --> 00:37:51,629 to provider relay and 1099 00:37:51,630 --> 00:37:53,909 then to to make 1100 00:37:53,910 --> 00:37:56,459 the user experience as seamless 1101 00:37:56,460 --> 00:37:58,589 and as most most like what people are 1102 00:37:58,590 --> 00:38:00,869 used to. We have 1103 00:38:00,870 --> 00:38:03,179 we rely heavily on security, a password 1104 00:38:03,180 --> 00:38:05,279 so that the the 1105 00:38:05,280 --> 00:38:07,139 provider never has that password. 1106 00:38:07,140 --> 00:38:08,639 So we can use it for all kinds of other 1107 00:38:08,640 --> 00:38:10,799 things, like decrypting local 1108 00:38:10,800 --> 00:38:12,710 secrets that are used for solidary. 1109 00:38:16,330 --> 00:38:18,099 Oh, I guess since I'm going to go after 1110 00:38:18,100 --> 00:38:20,619 us, let me just basically say that 1111 00:38:20,620 --> 00:38:22,929 infrastructure approaches. 1112 00:38:22,930 --> 00:38:25,029 We're in this category of infrastructure 1113 00:38:25,030 --> 00:38:27,159 approaches that are, I think, harder to 1114 00:38:27,160 --> 00:38:29,679 implement and offer more security 1115 00:38:29,680 --> 00:38:30,969 potential. 1116 00:38:30,970 --> 00:38:32,559 Sometimes the client approaches are more 1117 00:38:32,560 --> 00:38:35,049 appropriate depending on the context. 1118 00:38:35,050 --> 00:38:37,149 So DIAM is similar to what we're working 1119 00:38:37,150 --> 00:38:39,849 on. The ticket took a slightly different 1120 00:38:39,850 --> 00:38:42,039 strategy and then 1121 00:38:42,040 --> 00:38:44,139 there's also a bunch of interesting 1122 00:38:44,140 --> 00:38:45,140 client approaches. 1123 00:38:50,470 --> 00:38:53,079 OK, so 1124 00:38:53,080 --> 00:38:55,299 we thought leapers, a cool project, 1125 00:38:55,300 --> 00:38:57,369 but what we wanted to do 1126 00:38:57,370 --> 00:38:59,769 is we wanted to increase 1127 00:38:59,770 --> 00:39:02,529 the cost of dragnet surveillance and 1128 00:39:02,530 --> 00:39:05,049 we can't really do that without 1129 00:39:05,050 --> 00:39:05,919 mass adoption. 1130 00:39:05,920 --> 00:39:08,079 We really wanted to have as many 1131 00:39:08,080 --> 00:39:10,269 people as possible to use to use 1132 00:39:10,270 --> 00:39:12,459 GBG and use encryption. 1133 00:39:12,460 --> 00:39:14,559 And if you really 1134 00:39:14,560 --> 00:39:16,479 want to have everybody encrypting every 1135 00:39:16,480 --> 00:39:18,549 time, everything, every time you're 1136 00:39:18,550 --> 00:39:21,939 really today, you need a Web interface. 1137 00:39:21,940 --> 00:39:24,009 People use Gmail because it has 1138 00:39:24,010 --> 00:39:25,029 a Web interface. 1139 00:39:25,030 --> 00:39:26,679 Nobody really wants to install any 1140 00:39:26,680 --> 00:39:28,569 software on their computer anymore. 1141 00:39:28,570 --> 00:39:30,849 So we thought Leape really 1142 00:39:30,850 --> 00:39:32,739 does a cool job in encrypting everything, 1143 00:39:32,740 --> 00:39:34,269 but it does a poor job in 1144 00:39:35,590 --> 00:39:37,809 having a solution 1145 00:39:37,810 --> 00:39:39,489 that works for everybody. 1146 00:39:39,490 --> 00:39:42,309 So we don't extend it a little bit 1147 00:39:42,310 --> 00:39:45,039 and have a Web interface for Leape. 1148 00:39:45,040 --> 00:39:47,319 So what we did 1149 00:39:47,320 --> 00:39:49,239 is we wanted to have a backup interface 1150 00:39:49,240 --> 00:39:51,939 that is encrypting everything 1151 00:39:51,940 --> 00:39:54,069 and but also is good 1152 00:39:54,070 --> 00:39:55,839 looking and has everything you need for a 1153 00:39:55,840 --> 00:39:57,639 weapon to face from email. 1154 00:39:57,640 --> 00:40:00,639 And that is mostly search and tagging. 1155 00:40:00,640 --> 00:40:03,129 And the problem 1156 00:40:03,130 --> 00:40:05,559 is and that is a solution 1157 00:40:05,560 --> 00:40:07,989 we really, really did on purpose 1158 00:40:07,990 --> 00:40:10,359 is now that you have 1159 00:40:10,360 --> 00:40:12,519 everything on the server and there 1160 00:40:12,520 --> 00:40:14,889 is no crypto in the browser. 1161 00:40:14,890 --> 00:40:17,259 You also have the private key material 1162 00:40:17,260 --> 00:40:19,149 on the Web server. 1163 00:40:20,440 --> 00:40:22,689 We thought this is a it's OK 1164 00:40:22,690 --> 00:40:24,969 in our situation because we really 1165 00:40:24,970 --> 00:40:26,799 didn't want to be a solution for the 1166 00:40:26,800 --> 00:40:28,899 Noonans of this world, but we wanted to 1167 00:40:28,900 --> 00:40:31,359 be something that is as usable 1168 00:40:31,360 --> 00:40:32,379 as possible. 1169 00:40:32,380 --> 00:40:34,539 And we thought having 1170 00:40:34,540 --> 00:40:36,759 a provider, managing 1171 00:40:36,760 --> 00:40:39,399 your key material might be 1172 00:40:39,400 --> 00:40:42,009 usable, a trade off, 1173 00:40:42,010 --> 00:40:44,199 because then the provider can 1174 00:40:44,200 --> 00:40:45,939 have backups for your key. 1175 00:40:45,940 --> 00:40:48,249 You can't lose them maybe on 1176 00:40:48,250 --> 00:40:49,239 crossing the borders. 1177 00:40:49,240 --> 00:40:50,709 You don't want to have the keys with you 1178 00:40:50,710 --> 00:40:51,710 anyway. 1179 00:40:52,660 --> 00:40:53,660 And 1180 00:40:56,110 --> 00:40:58,239 that's how the web interface 1181 00:40:58,240 --> 00:40:59,499 looks at the moment. 1182 00:40:59,500 --> 00:41:02,019 So we are trying this is 1183 00:41:02,020 --> 00:41:03,729 as transparent as possible. 1184 00:41:03,730 --> 00:41:05,819 So as soon as you start typing in 1185 00:41:05,820 --> 00:41:08,529 and sending one, it gets encrypted 1186 00:41:08,530 --> 00:41:10,659 and every email 1187 00:41:10,660 --> 00:41:13,149 that you receive gets decrypted without 1188 00:41:13,150 --> 00:41:14,259 even noticing. 1189 00:41:14,260 --> 00:41:17,089 We have these little orange things 1190 00:41:17,090 --> 00:41:19,209 that are telling you the status of 1191 00:41:19,210 --> 00:41:21,339 the encryption, but that's it. 1192 00:41:21,340 --> 00:41:22,809 You don't have to do anything. 1193 00:41:22,810 --> 00:41:25,209 You can't forget to click the 1194 00:41:25,210 --> 00:41:27,249 icon to encrypt mail when you're sending 1195 00:41:27,250 --> 00:41:28,289 them. 1196 00:41:28,290 --> 00:41:31,119 Um, yeah, 1197 00:41:31,120 --> 00:41:32,120 I think 1198 00:41:33,280 --> 00:41:34,259 so. 1199 00:41:34,260 --> 00:41:36,819 When Christoph says you can put 1200 00:41:36,820 --> 00:41:39,009 when Christophe says you could use the 1201 00:41:39,010 --> 00:41:41,259 keys are stored on a server with pixilate 1202 00:41:41,260 --> 00:41:43,299 approach, it might be the server, might 1203 00:41:43,300 --> 00:41:45,039 be some little embedded device in your 1204 00:41:45,040 --> 00:41:47,709 house, it might be your friend server 1205 00:41:47,710 --> 00:41:49,959 you. It is designed 1206 00:41:49,960 --> 00:41:51,609 to provide maximum flexibility. 1207 00:41:51,610 --> 00:41:53,799 So you get to decide who to trust. 1208 00:41:53,800 --> 00:41:55,239 You can move that trust around. 1209 00:41:56,560 --> 00:41:58,989 Yeah, Leape is a federated, so it's not 1210 00:41:58,990 --> 00:42:00,849 Google that knows every key on the 1211 00:42:00,850 --> 00:42:02,079 planet. It is. 1212 00:42:02,080 --> 00:42:04,059 I don't know your private server at home 1213 00:42:04,060 --> 00:42:06,399 or I don't know your company or something 1214 00:42:06,400 --> 00:42:08,499 like that. And we thought it was a good 1215 00:42:08,500 --> 00:42:09,500 trade off. 1216 00:42:10,100 --> 00:42:11,100 Thanks. 1217 00:42:16,770 --> 00:42:18,989 Thanks a lot, Elijah and Jean-Christophe. 1218 00:42:21,690 --> 00:42:24,449 So how do I escape 1219 00:42:24,450 --> 00:42:25,799 the full screen? 1220 00:42:25,800 --> 00:42:26,909 OK, there it is. 1221 00:42:32,620 --> 00:42:34,779 So the next talk is going to 1222 00:42:34,780 --> 00:42:36,010 be Equinox this time. 1223 00:42:38,720 --> 00:42:39,880 This time for real. 1224 00:42:41,620 --> 00:42:43,749 So, again, Footscray. 1225 00:42:46,200 --> 00:42:47,519 And you are ready to go. 1226 00:42:50,040 --> 00:42:51,040 Thank you. 1227 00:42:51,510 --> 00:42:52,459 Hi. 1228 00:42:52,460 --> 00:42:53,460 AM 1229 00:42:54,600 --> 00:42:57,269 I'm trying to present to you 1230 00:42:57,270 --> 00:42:59,519 about using the krypto 1231 00:42:59,520 --> 00:43:01,589 that you already have, so this 1232 00:43:01,590 --> 00:43:03,329 talk is not going to be about algorithms, 1233 00:43:03,330 --> 00:43:05,189 is not going to be about protocols or 1234 00:43:05,190 --> 00:43:06,929 schemes or anything. 1235 00:43:06,930 --> 00:43:09,059 This is about making the best use of 1236 00:43:09,060 --> 00:43:10,619 the stuff we already have. 1237 00:43:10,620 --> 00:43:12,239 And I think that's something that has 1238 00:43:12,240 --> 00:43:13,859 been a little bit neglected. 1239 00:43:13,860 --> 00:43:14,860 So 1240 00:43:15,930 --> 00:43:18,029 there's Dean and DNS in 1241 00:43:18,030 --> 00:43:20,129 the title of this talked to us. 1242 00:43:20,130 --> 00:43:22,349 And I guess you're wondering why 1243 00:43:22,350 --> 00:43:24,389 I'm saying that this is not a group to 1244 00:43:24,390 --> 00:43:25,409 talk. 1245 00:43:25,410 --> 00:43:27,479 And I'm going to try 1246 00:43:27,480 --> 00:43:29,039 and show to you why we should use these 1247 00:43:29,040 --> 00:43:31,079 protocols and how we can combine them in 1248 00:43:31,080 --> 00:43:33,229 a useful way to 1249 00:43:33,230 --> 00:43:35,069 to get to a point where we have a better 1250 00:43:35,070 --> 00:43:36,149 Internet. 1251 00:43:36,150 --> 00:43:38,249 So let's do the quick in 1252 00:43:38,250 --> 00:43:39,269 terms of, you know, what I'm talking 1253 00:43:39,270 --> 00:43:41,399 about, this is just your plain 1254 00:43:41,400 --> 00:43:42,569 old system. 1255 00:43:42,570 --> 00:43:44,579 You have delegations from the various 1256 00:43:44,580 --> 00:43:45,580 zones down 1257 00:43:47,100 --> 00:43:48,719 just as the data for the Tower Project's 1258 00:43:48,720 --> 00:43:49,799 website. 1259 00:43:49,800 --> 00:43:51,899 Then we have recently tried 1260 00:43:51,900 --> 00:43:54,209 to add security to that by pushing 1261 00:43:54,210 --> 00:43:56,549 along the same lines, key material. 1262 00:43:58,380 --> 00:44:00,629 This is the DNS part. 1263 00:44:00,630 --> 00:44:02,939 And even more recently, we're trying 1264 00:44:02,940 --> 00:44:05,039 to push data into DNS that 1265 00:44:05,040 --> 00:44:07,199 ties these this key 1266 00:44:07,200 --> 00:44:10,229 infrastructure to the Web server cert. 1267 00:44:10,230 --> 00:44:12,239 So you can see on the bottom there is the 1268 00:44:12,240 --> 00:44:13,979 TOR Project's certificate for the 1269 00:44:13,980 --> 00:44:14,980 website. 1270 00:44:16,530 --> 00:44:18,929 And this is basically the very, very 1271 00:44:18,930 --> 00:44:21,029 abbreviated introduction to 1272 00:44:21,030 --> 00:44:23,489 Thayn, which is DNS like authenticated 1273 00:44:23,490 --> 00:44:25,469 naming of entities, I think. 1274 00:44:27,510 --> 00:44:29,699 But this is not new and this 1275 00:44:29,700 --> 00:44:32,159 is not anything special. 1276 00:44:32,160 --> 00:44:34,199 And it's not something that has received 1277 00:44:34,200 --> 00:44:36,929 a lot of positive feedback because 1278 00:44:36,930 --> 00:44:38,249 the protocol is really annoying. 1279 00:44:38,250 --> 00:44:40,019 You can do denial of service attacks with 1280 00:44:40,020 --> 00:44:41,249 it. 1281 00:44:41,250 --> 00:44:42,429 You need to trust. 1282 00:44:42,430 --> 00:44:44,549 I can because it's tied to the 1283 00:44:44,550 --> 00:44:46,949 domain name infrastructure. 1284 00:44:46,950 --> 00:44:49,199 If they are broken, then everything's 1285 00:44:49,200 --> 00:44:50,200 broken. 1286 00:44:50,910 --> 00:44:53,009 And I guess the 1287 00:44:53,010 --> 00:44:54,929 NSA is really in a good place there 1288 00:44:54,930 --> 00:44:57,029 because they can just go to dot net and 1289 00:44:57,030 --> 00:44:59,189 ask them for the keys and then they 1290 00:44:59,190 --> 00:45:01,649 can sign your domain with a different 1291 00:45:01,650 --> 00:45:04,169 for the different key and 1292 00:45:04,170 --> 00:45:06,329 they can push and that 1293 00:45:06,330 --> 00:45:07,979 the certificate that your Web server 1294 00:45:07,980 --> 00:45:08,429 uses. 1295 00:45:08,430 --> 00:45:10,529 So this doesn't seem to 1296 00:45:10,530 --> 00:45:12,749 be useful, but 1297 00:45:12,750 --> 00:45:15,779 there's Tor in the name of the talk, so 1298 00:45:15,780 --> 00:45:17,850 hopefully your. 1299 00:45:18,970 --> 00:45:20,499 Wondering where this is going, 1300 00:45:22,000 --> 00:45:23,000 what? 1301 00:45:23,640 --> 00:45:25,969 What this is about is that this system 1302 00:45:25,970 --> 00:45:28,889 with on the Nasdaq is one 1303 00:45:28,890 --> 00:45:30,989 single hierarchy and it's an 1304 00:45:30,990 --> 00:45:33,179 online system, so we can use 1305 00:45:33,180 --> 00:45:35,759 Tor, we can try 1306 00:45:35,760 --> 00:45:37,949 and use the DNS system 1307 00:45:37,950 --> 00:45:40,049 not on its own, but actually 1308 00:45:40,050 --> 00:45:42,459 by including Tor to get 1309 00:45:42,460 --> 00:45:44,199 the common base here. 1310 00:45:44,200 --> 00:45:46,739 Um, basically 1311 00:45:47,820 --> 00:45:50,399 we have we have this layer here 1312 00:45:50,400 --> 00:45:52,559 that allows us to mix and 1313 00:45:52,560 --> 00:45:54,629 isolate so 1314 00:45:54,630 --> 00:45:56,939 we can we can ask tor what 1315 00:45:56,940 --> 00:45:59,159 is what does the current DNS key for 1316 00:45:59,160 --> 00:46:00,119 my own domain. 1317 00:46:00,120 --> 00:46:02,219 That's the bottom part here. 1318 00:46:02,220 --> 00:46:04,529 And as a user I can go ask Tor, 1319 00:46:04,530 --> 00:46:06,689 Hey, I got this domain name, 1320 00:46:06,690 --> 00:46:08,639 can you can you fetch me the Dynarski for 1321 00:46:08,640 --> 00:46:10,559 it. And you can do that more than once. 1322 00:46:10,560 --> 00:46:13,179 You can check the reply is consistent 1323 00:46:13,180 --> 00:46:15,269 and this is only possible because 1324 00:46:15,270 --> 00:46:16,529 there's only one system here. 1325 00:46:16,530 --> 00:46:18,659 You can't have Dukas issuing 1326 00:46:18,660 --> 00:46:20,609 certificates for the same domain name. 1327 00:46:20,610 --> 00:46:22,659 It's it's an online system. 1328 00:46:22,660 --> 00:46:24,299 It needs to happen live. 1329 00:46:24,300 --> 00:46:25,709 You can't do offline attacks. 1330 00:46:27,390 --> 00:46:29,669 And suddenly this this 1331 00:46:29,670 --> 00:46:31,859 technology that that is so 1332 00:46:31,860 --> 00:46:34,109 far bigger in 1333 00:46:34,110 --> 00:46:36,479 and error prone is becoming interesting. 1334 00:46:36,480 --> 00:46:38,699 It makes it possible to 1335 00:46:38,700 --> 00:46:41,309 to have this discussion layer of trust 1336 00:46:41,310 --> 00:46:43,739 that establishes another chain aside 1337 00:46:43,740 --> 00:46:46,859 from the root domain infrastructure. 1338 00:46:46,860 --> 00:46:49,169 So we can go check. 1339 00:46:49,170 --> 00:46:51,239 And that's actually 1340 00:46:51,240 --> 00:46:54,299 something that I guess we should do. 1341 00:46:54,300 --> 00:46:56,429 We may need to to improve talk to do 1342 00:46:56,430 --> 00:46:57,989 this in a more efficient way. 1343 00:46:57,990 --> 00:46:59,849 There's the problem that DNS requests are 1344 00:46:59,850 --> 00:47:01,679 usually UDP and you don't want to 1345 00:47:01,680 --> 00:47:03,269 establish a session for it. 1346 00:47:03,270 --> 00:47:05,159 So it's not well suited to the current 1347 00:47:05,160 --> 00:47:06,389 infrastructure. 1348 00:47:06,390 --> 00:47:08,219 We need to do a lot of pushing if you 1349 00:47:08,220 --> 00:47:10,619 want to take advantage of this scheme 1350 00:47:10,620 --> 00:47:12,779 here, because most software doesn't 1351 00:47:12,780 --> 00:47:14,159 even support yet. 1352 00:47:14,160 --> 00:47:15,869 If you look at the major browsers, they 1353 00:47:15,870 --> 00:47:17,849 are taking a long time to implement it 1354 00:47:17,850 --> 00:47:20,459 with really bad excuses. 1355 00:47:20,460 --> 00:47:22,679 And we also need to push down on the NSA, 1356 00:47:22,680 --> 00:47:24,509 on our own domains, and we need to make 1357 00:47:24,510 --> 00:47:26,039 sure our registrars actually support it, 1358 00:47:26,040 --> 00:47:28,709 which is taking longer than it should. 1359 00:47:28,710 --> 00:47:29,730 But in the end. 1360 00:47:30,740 --> 00:47:33,049 Getting getting to this picture, I think, 1361 00:47:33,050 --> 00:47:35,479 would make the Internet more secure for 1362 00:47:35,480 --> 00:47:37,699 anyone using it in the 1363 00:47:37,700 --> 00:47:39,949 plain old way of going to a 1364 00:47:39,950 --> 00:47:42,319 website and establishing a 1365 00:47:42,320 --> 00:47:43,969 secure connection. 1366 00:47:43,970 --> 00:47:46,129 And, um, well, I 1367 00:47:46,130 --> 00:47:47,719 think that's already it. 1368 00:47:47,720 --> 00:47:49,459 You may have noticed this talk doesn't 1369 00:47:49,460 --> 00:47:50,899 really contain anything new. 1370 00:47:50,900 --> 00:47:53,649 It doesn't talk about algorithms. 1371 00:47:53,650 --> 00:47:55,519 There's there's no stuff that needs to go 1372 00:47:55,520 --> 00:47:57,919 through the ISO for standardization. 1373 00:47:57,920 --> 00:48:00,049 Um, and we we have I think 1374 00:48:00,050 --> 00:48:01,999 we have been neglecting trying to make 1375 00:48:02,000 --> 00:48:03,589 use of the tools we have here. 1376 00:48:03,590 --> 00:48:05,269 We need to to watch out for these 1377 00:48:05,270 --> 00:48:07,579 combinations and, um, 1378 00:48:07,580 --> 00:48:09,289 try try and see if we can make the 1379 00:48:09,290 --> 00:48:11,359 existing systems just 1380 00:48:11,360 --> 00:48:13,369 more secure by combining them. 1381 00:48:13,370 --> 00:48:15,499 And that was actually what I wanted to 1382 00:48:15,500 --> 00:48:16,500 leave. 1383 00:48:24,940 --> 00:48:27,159 Yeah, and go go through the case. 1384 00:48:29,980 --> 00:48:31,339 Thank you. 1385 00:48:31,340 --> 00:48:33,909 So last talk to 1386 00:48:33,910 --> 00:48:35,289 put it in here. 1387 00:48:35,290 --> 00:48:36,290 Mm hmm. 1388 00:48:40,160 --> 00:48:42,469 So hopefully it shows 1389 00:48:42,470 --> 00:48:43,470 up somewhere here. 1390 00:48:47,740 --> 00:48:48,740 Mm hmm. 1391 00:48:50,210 --> 00:48:51,590 Q Jeopardy melody. 1392 00:48:58,520 --> 00:49:00,070 So, um. 1393 00:49:08,240 --> 00:49:09,380 There it is, finally 1394 00:49:10,670 --> 00:49:11,670 flesh. 1395 00:49:14,490 --> 00:49:16,879 Yeah, it's behind 1396 00:49:16,880 --> 00:49:18,409 disk, not ejected properly. 1397 00:49:24,800 --> 00:49:26,159 So, um, 1398 00:49:27,230 --> 00:49:29,000 Bill Chillum, President Presentencing. 1399 00:49:31,340 --> 00:49:32,900 Please welcome Ladar Levison 1400 00:49:34,070 --> 00:49:35,410 Leiker Al. 1401 00:49:41,130 --> 00:49:43,769 Hi, folks, I'm here to talk about Daine, 1402 00:49:43,770 --> 00:49:45,629 it's kind of a big day for me. 1403 00:49:45,630 --> 00:49:48,269 I just pushed this massive 1404 00:49:48,270 --> 00:49:51,119 document out to the Internet. 1405 00:49:51,120 --> 00:49:53,999 It's the architecture specifications 1406 00:49:54,000 --> 00:49:56,189 threat model, pretty much about 1407 00:49:56,190 --> 00:49:57,419 a year's worth of work. 1408 00:49:57,420 --> 00:49:58,619 One hundred and eight pages. 1409 00:49:58,620 --> 00:50:00,419 It is guaranteed to put you to sleep. 1410 00:50:03,330 --> 00:50:04,859 That's where you can go to find it. 1411 00:50:04,860 --> 00:50:07,289 I'm actually putting a call out because 1412 00:50:07,290 --> 00:50:08,459 I want feedback. 1413 00:50:08,460 --> 00:50:10,559 It's still early enough that 1414 00:50:10,560 --> 00:50:13,199 if people make good suggestions 1415 00:50:13,200 --> 00:50:15,209 about little things that we can do to 1416 00:50:15,210 --> 00:50:17,519 make the system better, more secure, 1417 00:50:17,520 --> 00:50:19,919 more reliable, more user friendly, 1418 00:50:19,920 --> 00:50:20,990 I certainly want to hear it. 1419 00:50:22,380 --> 00:50:24,479 We set up a forum on dark male dot 1420 00:50:24,480 --> 00:50:27,809 info so we can engage electronically 1421 00:50:27,810 --> 00:50:30,179 and talk about what's in that massive PDF 1422 00:50:30,180 --> 00:50:32,460 file and hopefully. 1423 00:50:33,660 --> 00:50:35,699 Come up with some good ideas about how to 1424 00:50:35,700 --> 00:50:37,799 improve this, and then, of course, we 1425 00:50:37,800 --> 00:50:40,079 posted some code to GitHub, all 1426 00:50:40,080 --> 00:50:42,179 of the key management stuff is kind of 1427 00:50:42,180 --> 00:50:43,769 working most of the time when it feels 1428 00:50:43,770 --> 00:50:45,109 like it. 1429 00:50:45,110 --> 00:50:47,569 The message passing in Generation 1430 00:50:47,570 --> 00:50:48,959 Library is almost done. 1431 00:50:48,960 --> 00:50:50,579 We're going to push that out next month. 1432 00:50:50,580 --> 00:50:52,559 We've already started the server 1433 00:50:52,560 --> 00:50:54,899 integration. And right now your 1434 00:50:54,900 --> 00:50:56,969 client is kind of a command line tool. 1435 00:50:58,920 --> 00:50:59,920 Lipps. 1436 00:51:00,960 --> 00:51:01,960 I broke it. 1437 00:51:08,030 --> 00:51:09,030 It overheated. 1438 00:51:10,400 --> 00:51:11,709 So that's my basic model, 1439 00:51:13,160 --> 00:51:14,869 if you see these little icons on the 1440 00:51:14,870 --> 00:51:15,859 outside. 1441 00:51:15,860 --> 00:51:16,969 Those are your keys. 1442 00:51:16,970 --> 00:51:19,279 We actually call them signets. 1443 00:51:19,280 --> 00:51:21,359 We've kind of given up on the five 1444 00:51:21,360 --> 00:51:23,359 09 format. 1445 00:51:23,360 --> 00:51:25,429 The Cygnet format is just 1446 00:51:25,430 --> 00:51:27,979 a very simple binary 1447 00:51:27,980 --> 00:51:30,259 format that carries your cryptographic 1448 00:51:30,260 --> 00:51:32,989 information along with some signatures. 1449 00:51:32,990 --> 00:51:35,299 But I also built it in a very flexible 1450 00:51:35,300 --> 00:51:37,459 way because I realized that 1451 00:51:37,460 --> 00:51:40,069 I can't solve everyone's problems 1452 00:51:40,070 --> 00:51:41,659 right out of the gate. 1453 00:51:41,660 --> 00:51:43,849 So I wanted to build a format that would 1454 00:51:43,850 --> 00:51:46,069 be a gateway 1455 00:51:46,070 --> 00:51:48,409 to even more secure protocols, 1456 00:51:48,410 --> 00:51:50,569 a way for you to take your 1457 00:51:50,570 --> 00:51:52,849 key, stick it out on the Internet, use 1458 00:51:52,850 --> 00:51:54,799 this sort of more traditional service 1459 00:51:54,800 --> 00:51:56,899 provider model, but also 1460 00:51:56,900 --> 00:51:58,759 advertise that if somebody starts up a 1461 00:51:58,760 --> 00:52:01,069 conversation with you, they can click 1462 00:52:01,070 --> 00:52:02,989 a button and all of a sudden you guys are 1463 00:52:02,990 --> 00:52:05,029 talking peer to peer after a few Helman 1464 00:52:05,030 --> 00:52:06,469 handshake through Tor. 1465 00:52:09,080 --> 00:52:11,239 Those were our goals, put 1466 00:52:11,240 --> 00:52:13,669 simply, we wanted to make 1467 00:52:13,670 --> 00:52:16,649 encryption automatic. 1468 00:52:16,650 --> 00:52:17,650 For the masses, 1469 00:52:18,960 --> 00:52:21,169 we wanted to make it much more difficult. 1470 00:52:22,520 --> 00:52:24,949 To sort of track your social graph. 1471 00:52:26,440 --> 00:52:28,569 And basically, whenever possible, we 1472 00:52:28,570 --> 00:52:30,159 wanted to bring the security of the 1473 00:52:30,160 --> 00:52:32,319 system down to two things, the 1474 00:52:32,320 --> 00:52:33,550 strength of your password. 1475 00:52:34,730 --> 00:52:36,289 And the strength of your endpoints, 1476 00:52:36,290 --> 00:52:38,719 defenses to things that 1477 00:52:38,720 --> 00:52:40,550 we can control most of the time. 1478 00:52:43,290 --> 00:52:44,290 Our goal 1479 00:52:45,510 --> 00:52:46,510 was to do that. 1480 00:52:47,980 --> 00:52:50,039 I'm an American, I tend 1481 00:52:50,040 --> 00:52:51,059 to like the Second Amendment. 1482 00:52:51,060 --> 00:52:53,369 I know it has a bad rap over here, 1483 00:52:53,370 --> 00:52:55,559 but if you go back 200 years, 1484 00:52:55,560 --> 00:52:56,939 what the Second Amendment is really 1485 00:52:56,940 --> 00:52:58,769 about, it's about giving people the 1486 00:52:58,770 --> 00:53:01,019 ability to defend themselves. 1487 00:53:01,020 --> 00:53:03,119 And I just feel like right now 1488 00:53:03,120 --> 00:53:04,889 we're all wandering around the Internet. 1489 00:53:06,350 --> 00:53:07,350 But you. 1490 00:53:09,370 --> 00:53:11,709 And what we need is a new generation 1491 00:53:11,710 --> 00:53:13,449 of protocols that allow us to do 1492 00:53:13,450 --> 00:53:15,160 everything we do today on the Internet. 1493 00:53:16,410 --> 00:53:18,089 But do it without having to trust the 1494 00:53:18,090 --> 00:53:20,279 infrastructure to protect us, without 1495 00:53:20,280 --> 00:53:22,829 having to trust our service providers. 1496 00:53:22,830 --> 00:53:24,719 I want us to go back to a world where the 1497 00:53:24,720 --> 00:53:27,059 service is just hauling 1498 00:53:27,060 --> 00:53:29,669 a bunch of empty, nameless containers 1499 00:53:29,670 --> 00:53:31,590 like we do with ships. 1500 00:53:34,030 --> 00:53:36,729 Now, the way I built it, it's relatively 1501 00:53:36,730 --> 00:53:38,829 transport agnostic, 1502 00:53:38,830 --> 00:53:41,019 I created this bastardized version 1503 00:53:41,020 --> 00:53:43,300 of SBP that I called the MVP, 1504 00:53:44,320 --> 00:53:46,659 but there isn't anything preventing that 1505 00:53:46,660 --> 00:53:48,429 from going over a completely different 1506 00:53:48,430 --> 00:53:50,620 transport like TOR. 1507 00:53:52,550 --> 00:53:53,719 Or carrier pigeons. 1508 00:53:57,820 --> 00:54:00,219 The cornerstone of the entire system, and 1509 00:54:00,220 --> 00:54:01,449 I'm not going to be able to go through 1510 00:54:01,450 --> 00:54:03,669 everything in 10 minutes, but 1511 00:54:03,670 --> 00:54:05,799 I'm going to give it a shot, is 1512 00:54:05,800 --> 00:54:07,959 this DNS record that 1513 00:54:07,960 --> 00:54:10,449 a service provider posts 1514 00:54:10,450 --> 00:54:12,189 with their signing keep? 1515 00:54:13,410 --> 00:54:14,999 Everything ties back to that, 1516 00:54:16,110 --> 00:54:17,939 and I think I actually posted the wrong 1517 00:54:17,940 --> 00:54:18,869 property. 1518 00:54:18,870 --> 00:54:21,389 No, no, I posted the right property 1519 00:54:21,390 --> 00:54:22,390 with the wrong name. 1520 00:54:41,930 --> 00:54:43,999 So this is a slightly more complex 1521 00:54:44,000 --> 00:54:46,099 DNS record and 1522 00:54:46,100 --> 00:54:48,199 it actually sort of links up with 1523 00:54:48,200 --> 00:54:50,569 the previous talk, if you are using 1524 00:54:50,570 --> 00:54:53,030 DNS, SEC, you can actually stick. 1525 00:54:54,140 --> 00:54:56,269 A signed fingerprint 1526 00:54:56,270 --> 00:54:58,609 for your test certificate in the DNS 1527 00:54:58,610 --> 00:54:59,899 system, and you don't even need to get 1528 00:54:59,900 --> 00:55:00,900 your shirt signed by. 1529 00:55:01,910 --> 00:55:04,219 Of course, if you're not using DNS 1530 00:55:04,220 --> 00:55:05,689 sick, you still need to go pay for a 1531 00:55:05,690 --> 00:55:06,690 cert. 1532 00:55:07,600 --> 00:55:08,600 We're not stupid. 1533 00:55:10,310 --> 00:55:12,289 I just thought I'd cover briefly some of 1534 00:55:12,290 --> 00:55:13,579 the fields that I'm adding to the 1535 00:55:13,580 --> 00:55:15,170 organizational level Cygnet. 1536 00:55:16,390 --> 00:55:18,609 You know, I'm not just about improving 1537 00:55:18,610 --> 00:55:21,429 security, I'm about improving 1538 00:55:21,430 --> 00:55:24,009 accessibility and usability, 1539 00:55:24,010 --> 00:55:26,499 and part of that is making it easy 1540 00:55:26,500 --> 00:55:28,809 for people to configure their clients, 1541 00:55:28,810 --> 00:55:30,909 easy for their Web browser 1542 00:55:30,910 --> 00:55:32,919 to figure out where to go to let them log 1543 00:55:32,920 --> 00:55:33,920 in. 1544 00:55:34,510 --> 00:55:36,639 But like I said, the format is flexible. 1545 00:55:40,550 --> 00:55:42,799 Which means I put 1546 00:55:42,800 --> 00:55:44,899 in fields 1547 00:55:44,900 --> 00:55:47,089 from the get go, if you happen 1548 00:55:47,090 --> 00:55:49,159 to be running tours and you 1549 00:55:49,160 --> 00:55:50,989 would like to let people access your 1550 00:55:50,990 --> 00:55:53,209 system over tours 1551 00:55:53,210 --> 00:55:55,190 or deliver messages through tours. 1552 00:55:56,440 --> 00:55:58,179 All you got to do is populate that field 1553 00:55:58,180 --> 00:55:59,180 with the right information. 1554 00:56:01,220 --> 00:56:02,270 Now, that's a message. 1555 00:56:04,030 --> 00:56:05,829 And what I want you to take away from 1556 00:56:05,830 --> 00:56:07,599 this, and I can't go through all the 1557 00:56:07,600 --> 00:56:09,879 details right now and you probably can't 1558 00:56:09,880 --> 00:56:11,199 see all of the details, 1559 00:56:12,400 --> 00:56:14,409 is that each one of those blue boxes is 1560 00:56:14,410 --> 00:56:17,019 actually encrypted completely separately. 1561 00:56:17,020 --> 00:56:19,899 And if you can see what's after the dash, 1562 00:56:19,900 --> 00:56:22,119 you'll be able to see who 1563 00:56:22,120 --> 00:56:25,089 can access which particular box. 1564 00:56:25,090 --> 00:56:27,369 Now, one of the very sort of new 1565 00:56:27,370 --> 00:56:30,039 avant garde things that I did 1566 00:56:30,040 --> 00:56:32,859 was I moved the envelope information 1567 00:56:32,860 --> 00:56:35,229 out of the protocol 1568 00:56:35,230 --> 00:56:37,210 and into the encrypted message object. 1569 00:56:38,440 --> 00:56:40,689 And you've actually got two chunks here 1570 00:56:40,690 --> 00:56:42,429 that are relevant, the origin and the 1571 00:56:42,430 --> 00:56:45,009 destination chunk, which means 1572 00:56:45,010 --> 00:56:47,199 the sending service provider can see what 1573 00:56:47,200 --> 00:56:49,599 domain the message needs to go to, 1574 00:56:49,600 --> 00:56:51,729 but has no idea who on that domain 1575 00:56:51,730 --> 00:56:52,730 it's going to. 1576 00:56:54,030 --> 00:56:56,879 The destination domain gets the message, 1577 00:56:56,880 --> 00:56:58,710 knows where it came from. 1578 00:56:59,940 --> 00:57:01,590 But doesn't know who sent it. 1579 00:57:02,760 --> 00:57:04,410 They need to know where it came from. 1580 00:57:06,080 --> 00:57:07,249 They don't like it and they want to send 1581 00:57:07,250 --> 00:57:09,769 it back Christmastime, 1582 00:57:09,770 --> 00:57:11,929 right? Nobody returned any 1583 00:57:11,930 --> 00:57:12,930 packages. 1584 00:57:15,110 --> 00:57:17,839 So when I started with this project, 1585 00:57:17,840 --> 00:57:20,239 I wanted to not just 1586 00:57:20,240 --> 00:57:22,549 fix the current system, I wanted 1587 00:57:22,550 --> 00:57:24,739 to think about email 1588 00:57:24,740 --> 00:57:27,019 from the ground up with a focus 1589 00:57:27,020 --> 00:57:28,020 on security. 1590 00:57:29,450 --> 00:57:31,129 Because one of the big problems we have 1591 00:57:31,130 --> 00:57:33,439 with email today is the long 1592 00:57:33,440 --> 00:57:35,449 tail, everybody wants to be backwards, 1593 00:57:35,450 --> 00:57:37,549 compatible all the way back 1594 00:57:37,550 --> 00:57:39,709 to those elevons 1595 00:57:39,710 --> 00:57:42,049 from 40 years ago that were running 1596 00:57:42,050 --> 00:57:44,359 buggy versions of Sendmail. 1597 00:57:44,360 --> 00:57:46,519 So I started from the get go and I said, 1598 00:57:46,520 --> 00:57:48,889 we're going to have some certain security 1599 00:57:48,890 --> 00:57:49,890 requirements. 1600 00:57:51,850 --> 00:57:54,219 I was going to use a CBC 1601 00:57:54,220 --> 00:57:56,529 because I wasn't sure I trusted GCM, but 1602 00:57:56,530 --> 00:57:57,909 I kind of got talked out of that. 1603 00:58:03,040 --> 00:58:05,409 Made it simple, if you're running 1604 00:58:05,410 --> 00:58:07,599 a DMG only server, 1605 00:58:07,600 --> 00:58:09,939 stick it on point twenty six, 1606 00:58:09,940 --> 00:58:11,439 use Cenni. 1607 00:58:11,440 --> 00:58:13,539 So if you're hosting a service provider 1608 00:58:13,540 --> 00:58:15,759 with multiple domains, you 1609 00:58:15,760 --> 00:58:17,949 know, via that which certificate 1610 00:58:17,950 --> 00:58:18,950 to return, 1611 00:58:20,140 --> 00:58:21,609 don't feel like giving up pork. 1612 00:58:21,610 --> 00:58:23,649 Twenty six or don't think you could 1613 00:58:23,650 --> 00:58:25,929 convince your sys admin to open 1614 00:58:25,930 --> 00:58:27,399 up that port on the firewall. 1615 00:58:27,400 --> 00:58:28,400 No problem. 1616 00:58:29,840 --> 00:58:31,330 Just running down point twenty five. 1617 00:58:32,470 --> 00:58:35,109 And execute the specially crafted 1618 00:58:35,110 --> 00:58:37,389 start to this command that says, yes, 1619 00:58:37,390 --> 00:58:39,489 I really want to upgrade my connection 1620 00:58:39,490 --> 00:58:40,490 to. 1621 00:58:42,400 --> 00:58:44,039 And all the same rules apply, 1622 00:58:45,370 --> 00:58:47,499 in fact, there's no guarantee that 1623 00:58:47,500 --> 00:58:48,879 when you execute that command, you're 1624 00:58:48,880 --> 00:58:50,350 even staying on that same server. 1625 00:58:51,460 --> 00:58:53,769 Be very simple and very easy 1626 00:58:53,770 --> 00:58:55,989 to write a plug in to a current mail 1627 00:58:55,990 --> 00:58:58,269 implement mail server implementation 1628 00:58:58,270 --> 00:59:00,429 that sees that and just tunnell's it out 1629 00:59:00,430 --> 00:59:02,499 to somewhere else, possibly 1630 00:59:02,500 --> 00:59:04,829 even to a box in somebody's home. 1631 00:59:07,290 --> 00:59:08,340 So just briefly. 1632 00:59:09,370 --> 00:59:11,109 What does it look like when you send a 1633 00:59:11,110 --> 00:59:13,570 message and if you can see that? 1634 00:59:15,520 --> 00:59:17,529 Then you'll see there are no mailbox 1635 00:59:17,530 --> 00:59:18,530 names. 1636 00:59:20,140 --> 00:59:22,179 I kind of snipped the fingerprints there. 1637 00:59:24,140 --> 00:59:26,689 But in that conversation, 1638 00:59:26,690 --> 00:59:28,999 I set it up so that the servers know 1639 00:59:29,000 --> 00:59:31,339 they have the correct signets before 1640 00:59:31,340 --> 00:59:33,199 they transfer the message, and if they 1641 00:59:33,200 --> 00:59:35,329 don't, they just give back a temporary 1642 00:59:35,330 --> 00:59:38,119 error, go out, grab the cygnet, 1643 00:59:38,120 --> 00:59:39,949 because presumably the domain that 1644 00:59:39,950 --> 00:59:41,629 sending also supports dark mail. 1645 00:59:41,630 --> 00:59:42,799 If they don't, they probably shouldn't be 1646 00:59:42,800 --> 00:59:44,719 sending encrypted messages 1647 00:59:45,860 --> 00:59:47,749 and grabs the signal so it can verify the 1648 00:59:47,750 --> 00:59:49,759 signature on the inbound message. 1649 00:59:49,760 --> 00:59:52,309 And then you get a bunch of 1650 00:59:52,310 --> 00:59:53,310 gobbledygook. 1651 00:59:56,660 --> 00:59:58,609 So that's suspect is one hundred and 1652 00:59:58,610 --> 00:59:59,989 eight pages, like I said. 1653 01:00:01,140 --> 01:00:03,359 I could use your feedback, 1654 01:00:03,360 --> 01:00:05,519 everything from the three hundred and 1655 01:00:05,520 --> 01:00:07,559 twenty seven typos I know about. 1656 01:00:09,750 --> 01:00:11,939 To the 30 1657 01:00:11,940 --> 01:00:14,429 or so sections that just say TBD. 1658 01:00:16,780 --> 01:00:18,369 But there's a lot of information in 1659 01:00:18,370 --> 01:00:19,389 there. 1660 01:00:19,390 --> 01:00:20,889 There are a lot of things that I'm doing 1661 01:00:20,890 --> 01:00:23,019 at a very low level 1662 01:00:23,020 --> 01:00:25,029 that need to be reviewed by people who 1663 01:00:25,030 --> 01:00:26,030 know more than me. 1664 01:00:27,210 --> 01:00:29,489 I mean, I know a lot, but I also 1665 01:00:29,490 --> 01:00:30,539 know I don't know everything. 1666 01:00:31,940 --> 01:00:34,039 For example, I can't figure out how to 1667 01:00:34,040 --> 01:00:35,869 keep my servers from running off with my 1668 01:00:35,870 --> 01:00:36,870 best friend. 1669 01:00:39,170 --> 01:00:40,640 So that's it, folks. 1670 01:00:47,880 --> 01:00:49,559 I was going to say it takes about three 1671 01:00:49,560 --> 01:00:51,599 days to go through this and I only had 10 1672 01:00:51,600 --> 01:00:53,939 minutes, but after closing ceremonies, 1673 01:00:53,940 --> 01:00:55,439 if you want to keep talking, you can come 1674 01:00:55,440 --> 01:00:57,210 find me at the bar over at the Radisson. 1675 01:00:58,650 --> 01:00:59,650 OK, thank you very much. 1676 01:01:00,820 --> 01:01:01,820 So 1677 01:01:02,910 --> 01:01:04,559 please give a big hand for all of the 1678 01:01:04,560 --> 01:01:05,899 speakers of the session. 1679 01:01:05,900 --> 01:01:06,900 Again. 1680 01:01:13,580 --> 01:01:15,649 And now please enjoy the rest of the 1681 01:01:15,650 --> 01:01:16,650 Congress.