Basement server

Chill Uncategorized

There are some technical inaccuracies in this article.

More on that in a moment.

However โ€” what the hell was Clinton thinking, setting up some clandestine-ish basement email server?

I donโ€™t know if what she did was illegal or not. It probably was, or should be. But good god was it ever crazy stupid.

But I have to say the reporter has no idea how email encryption works.

Not until March 29, 2009 โ€” two months after Clinton began using it โ€” did the server receive a โ€œdigital certificateโ€ that protected communication over the Internet through encryption, according to Venafiโ€™s analysis.

No. Though itโ€™s unclear exactly what the journalist is even discussing. The traffic โ€” and here I presume they are discussing traffic between the email server and Clintonโ€™s Blackberry โ€” would have already been encrypted. Thatโ€™s just how Blackberry works (though itโ€™s been many years since Iโ€™ve set up a BB server) and as far as I recall it is not even possible to turn that off.

โ€œThat means that anyone could have accessed it. Anyone,โ€ Kevin Bocek, vice president of threat intelligence at Venafi, told The Post.

Wrong! So if the journalist and some โ€œthreat intelligenceโ€ nincompoop are correct that the server did not have an official cert from a certificate-issuing organization, but that also does not necessarily mean that traffic outside the Blackberry realm was un-encrypted, just that there was no official cert (which can be more secure if you think the cert-issuing organization itself is compromised!)

Which seems to have been the case.

But email encryption has several layers:

  • Is the device itself encrypted?
  • Is the transport from the device to the email service provider/server encrypted?
  • Is the email itself encrypted separate of the device and the server?
  • Is non-BB-device access to the email server encrypyted (OWA, etc.)?
  • Is the transport from the email server to other email servers encrypted?

This shit can get complicated.

BTW, that last bullet point is the killer; most of this is still unencrypted, and I doubt Clintonโ€™s email server had any encryption on that level with most recipients. At most the server probably had opportunistic encryption enabled, whichโ€™d mean itโ€™d fall back to unencrypted if no negotiation of encryption were possible (probably about 60% of email servers).

So in short, Clinton did a very stupid, technically-incompetent and possibly illegal thing that no one in that position should ever do no matter how much encryption there was.

Leave a Reply

Your email address will not be published. Required fields are marked *