lassulus_ has joined #nixos-security
lassulus has quit [Ping timeout: 246 seconds]
lassulus_ is now known as lassulus
pie___ has joined #nixos-security
pie__ has quit [Ping timeout: 268 seconds]
<pie___> "Hm, given the new aussie laws (they can now compel companies operating there to backdoor something, and all individuals involved cannot speak about it or they will be jailed 10 years), maybe browsers should drop all aussie CAs"
<pie___> cant backdoor something in the US? get one of your five eyes allies to pass backdoor laws? :P
<pie___> (australia is five eyes right?)
* pie___ removes tinfoil
<pie___> without tinfoul: australia...pls
<ckauhaus> I'm not even sure if comparable laws don't exist in the US
<ckauhaus> (but no expert for stuff like this)
<ckauhaus> but they cannot force you to backdoor something with a NSL, right?
<andi-> We might not know about the law if it exists since it isn't public :)
<ckauhaus> heh
<pietranera> https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt (I didn't see this on the oss security mailing list)
erictapen has joined #nixos-security
erictapen has quit [Ping timeout: 258 seconds]
erictapen has joined #nixos-security
erictapen has quit [Ping timeout: 272 seconds]
<andi-> I think it landed there yesterday. We talked about it on ~sunday IIRC.
<Foxboron> ckauhaus: they can AFAIK
erictapen has joined #nixos-security
periklis has joined #nixos-security
<ckauhaus> I wonder which CAs are really trustworthy then
<Foxboron> Depends how much tinfoil you apply
* ckauhaus gets more tin foil
<gchristensen> none
<gchristensen> (if you applied a lot of tinfoil, that is true)
erictapen has quit [Ping timeout: 268 seconds]
periklis has quit [Ping timeout: 268 seconds]
erictapen has joined #nixos-security
<ekleog> pie___: hence security canaries
<ekleog> (now, whether CAs actually use these is another question I haven't researched)
<gchristensen> surely the NSL could also order they update the canary.
<ekleog> oh australia already has a law that bans announcing non-existence of a warrant, so it doesn't work there actually https://en.wikipedia.org/wiki/Warrant_canary
<gchristensen> to me, warrant canaries have always felt like the digital equipment of "are you a cop? you have to tell me if you're a cop"
<ekleog> “That said, case law specific to the United States would render the covert continuance of warrant canaries subject to constitutionality challenges. West Virginia State Board of Education v. Barnette and Wooley v. Maynard rule the Free Speech Clause prohibits compelling someone to speak against one's wishes;” from wikipedia
<gchristensen> maybe?
<ekleog> then… legal matters being legal matters
<gchristensen> I wouldn't worry too much about what the constitution says, given the secret courts have been "subject to constitutionality challenges"
<gchristensen> best bet is to assume warrant canaries being issued is not a confirmation of not having one, while interpret a stopped canary is a confirmation of having received one
<ekleog> indeed
<ekleog> and anyway warrant canaries can continue being issued if the issuing key has been compromised, so…
<andi-> I also never felt much better with those canaries.. At least not since they are well known methods. It is kinda hard to define an action that ca not be executed when uder a NSL (or similar).
pietranera has quit [Quit: Leaving.]
<pie___> ekleog, do CAs even use those
<gchristensen> they have CT logs which are probably better
<pie___> ah <ekleog> (now, whether CAs actually use these is another question I haven't researched)
* pie___ reading scroll
<pie___> i tentatively agree warrant cnaaries are tenuous at best
erictapen has quit [Ping timeout: 268 seconds]
tilpner has joined #nixos-security
ma27 has quit [Quit: WeeChat 2.2]
ma27 has joined #nixos-security