Leak On Signal DOD Meeting? What IT Security? What Should Have Happened.
Posted by freedomforall 4 days, 12 hours ago to Technology
Excerpt:
"Now let's say we start up a conversation and we have ten people in there. I send an encrypted message to all ten. What I actually send is ten messages because each person's public key is different and again, each of them are the only people with the other half of it. So far so good. They each get it, they can decode it, but not the copy sent to anyone else -- and since I signed it if that signature verifies they know it hasn't been tampered with in transit.
But in this case, since you care about the integrity of who can be a part of conversations generally, all transmissions go through the government's infrastructure. The government, incidentally, already has the PKI infrastructure (issuing certificates, attesting to them, etc. -- this is part of, but not all of, how a CAC card works) to do all this.
Thus when you send the message the server -- which is a DOD/NatSec server -- is the machine that processes it. Because a public key is in fact public it knows who the message is going to (all of the recipients) and whether the DOD/NatSec servers issued the certificates involved and to whom.
The server cannot see the unencrypted contents of the message as only the recipient of each transmission has the private key required to decode it -- but it knows who its going to and their public certificate. This means it can be set up to look at same and refuse to deliver a message if it is to someone who doesn't have a DOD-issued certificate and, for example, the other people in the communication do; it could either embargo it (after all, there might be circumstances where this is legitimate) or alert someone that something hinky may be going on, throw it in the trash summarily, or some combination.
It can't see the contents, but it can interdict the message before it ever leaves the DOD and identify who transmitted it because the machine that sent it is known.
In other words if you set things up properly, and run them properly, what happened can't happen and if it is attempted, either by accident or malice, not only does it not work the person who did it gets busted if the transmission was not legitimate."
"Now let's say we start up a conversation and we have ten people in there. I send an encrypted message to all ten. What I actually send is ten messages because each person's public key is different and again, each of them are the only people with the other half of it. So far so good. They each get it, they can decode it, but not the copy sent to anyone else -- and since I signed it if that signature verifies they know it hasn't been tampered with in transit.
But in this case, since you care about the integrity of who can be a part of conversations generally, all transmissions go through the government's infrastructure. The government, incidentally, already has the PKI infrastructure (issuing certificates, attesting to them, etc. -- this is part of, but not all of, how a CAC card works) to do all this.
Thus when you send the message the server -- which is a DOD/NatSec server -- is the machine that processes it. Because a public key is in fact public it knows who the message is going to (all of the recipients) and whether the DOD/NatSec servers issued the certificates involved and to whom.
The server cannot see the unencrypted contents of the message as only the recipient of each transmission has the private key required to decode it -- but it knows who its going to and their public certificate. This means it can be set up to look at same and refuse to deliver a message if it is to someone who doesn't have a DOD-issued certificate and, for example, the other people in the communication do; it could either embargo it (after all, there might be circumstances where this is legitimate) or alert someone that something hinky may be going on, throw it in the trash summarily, or some combination.
It can't see the contents, but it can interdict the message before it ever leaves the DOD and identify who transmitted it because the machine that sent it is known.
In other words if you set things up properly, and run them properly, what happened can't happen and if it is attempted, either by accident or malice, not only does it not work the person who did it gets busted if the transmission was not legitimate."
SOURCE URL: https://market-ticker.org/akcs-www?post=253060
i can see this as a Psyop
1. for the terrorists
2. for that POs traitor "journalist", we clearly know he is a liar and is a traitor.
3. for the dems, hand them a nothing-burger, let them complain about what is nothing. the dems will spend time on this, showing how the did nothing to stop biden and his cabal, they did nothing about the Afghan retreat, yet some how this is worse?? really?
game
set
match, for Trump
they simply cannot be trusted with the Truth