2016 Postmortem
Related: About this forumSo let me get this straight...
Hillary Clinton claims that using her own unsecure private email account was OK, in part because she sent no classified information and thus her emails didn't need to be secure.
Yesterday, the NY Times claimed that two inspectors general of the State Department asked the DOJ to open a criminal investigation on Hillary Clinton because she did indeed send classified information using that her own private email account.
Today I'm told that the reality is totally different: yes, the inspectors found that 10% of 40 emails sampled from from Hillary's private account did contain classified information that is illegal to send over private email. But they don't know if Hillary knew the info was classified.
So it looks like roughly 10% of Hillary's private emails contained classified info which should not have been sent using private email, but we don't know if Hillary did this on purpose. Whew, no problem there.
So if Hillary wins our primaries, she'll have a great answer when her Republican points out that as SoS she sent thousands of personal emails containing national secrets, she'll have a great answer: "I didn't know they were state secrets"
OK.
(Not to mention that using a single private account set up by Goddess-knows-who for all of her State Department and personal business is, on its face, about the craziest thing I ever heard of, but I understand that I'm one of a very few who feels this way.)
CaliforniaPeggy
(149,561 posts)ChiTownDenny
(747 posts)Sorry about jumping ahead by posting to your comment but it is necessary to point out that this post is ripe with Clinton Derangement Syndrome. In fact, I found it so disturbingly lacking in fact and truth that I felt compelled to register on this site in order to get the truth out.
Just read this Newseek article, "How 'The New York Times' Bungled the Hillary Clinton Emails Story" (I haven't learned how to format on this site, yet), which explains the whole Clinton emails, criminal charges, Inspectors General, etc., brouhaha. There's no there, there people. It's simply another hit piece against the Clintons by the NYT.
MannyGoldstein
(34,589 posts)Thanks in advance.
lark
(23,083 posts)It was about the state department releasing confidential information from her emails. That's the missing fact.
MannyGoldstein
(34,589 posts)From the Times article:
lark
(23,083 posts)why quote their lies? Who knows what's true and what's not. This is a very tainted article so I'll wait for the real information to come out.
MannyGoldstein
(34,589 posts)I know that people *say* it isn't true. I also know that the NY Times is quoting government officials - fabricating those quotes is unlikely.
lark
(23,083 posts)Not the mark of a truthful article. NYT not quoting goveernment officials. Justice Dept. totally denied they were referred any criminal case against HRC, or do you only pay attention to the bad stuff said about her and ignore the rest? That's the way it looks.
BTW, I'm a Bernie supporter.
MannyGoldstein
(34,589 posts)They made a mistake, and fixed it. But that doesn't change what seems to be the case, that Clinton's private email server contained emails with classified information.
lark
(23,083 posts)They did not refer Clinton for criminal charges as you allege. Facts may be inconvenient for political theater, but they are still facts.
MannyGoldstein
(34,589 posts)ChiTownDenny
(747 posts)This whole smear campaign against HRC by the NYT is about a Freedom Of Information Request for emails already in the possession of the State Dept. and the release of these emails that could now, repeat NOW, be deemed classified. And if the emails are now determined to be classified, they should be redacted before release via FOIA requests. The emails weren't classified at the time of their handing to the State Dept. As such, there is no criminal investigation; there is no malfeasance on the part of HRC; there is no there, there. This is simply misleading information given to the NYT by Reupblic operatives to, again, smear HRC. And, I'm sorry to inform you but you bought this stroy hook, line and sinker.
MannyGoldstein
(34,589 posts)The Newsweek articles claims that nobody is directly claiming that Clinton sent classified info, but The Times article states:
But the inspectors general of the State Department and the nations intelligence agencies said the information they found was classified when it was sent and remains so now. Information is considered classified if its disclosure would likely harm national security, and such information can be sent or stored only on computer networks with special safeguards.
This classified information never should have been transmitted via an unclassified personal system, Steve A. Linick, the State Department inspector general, said in a statement signed by him and I. Charles McCullough III, the inspector general for the intelligence community."
ChiTownDenny
(747 posts)It just didn't get into the weeds on this bogus story. Two separate gov't. agencies dispute whether documents should be classified. On the one hand you have the Intelligence Community Inspector General which believes the emails and many more should have been classified from conception. On the other hand you have the State Dept. that doesn't think so. So you have turf wars, basically, over who gets to decide what should be classified and when. A FOIA request is made for HRC emails, already in possession of State Dept. and considered unclassified by State Dept. Suddenly NYT reports not only that HRC possessed classified emails (because IG said they were classified, not State Dept.) on her personal server but that there is now a criminal investigation into her handling of emails.
Total smear job by the NYT.
MannyGoldstein
(34,589 posts)at the time of release:
ChiTownDenny
(747 posts)Give it up!
sabrina 1
(62,325 posts)raised by Republicans, and she cannot just say 'give it up' in a debate, can she?
We need a candidate who can wipe the floor with Republicans on every issue that is important to the American people and who has demonstrated how easily he handles the Corporate Media's attempts to distract from those issues.
1StrongBlackMan
(31,849 posts)sabrina 1
(62,325 posts)on trying to discredit good candidates? I do not know the answer to that.
1StrongBlackMan
(31,849 posts)who are quick to point out their refusal to do the party pledge thing.
ConservativeDemocrat
(2,720 posts)But that itself did not correct nearly enough. The phrasing to take note of is "potential compromise", weasel wording to try to make this seem bad when it wasn't. If the email was encrypted when it was sent to her, there is no reason to believe that she decrypted it and sent on to the State Department in plain text. If it was sent to her, across the public internet (which her server was on), unencrypted, then no matter what its classification it certainly could have been read by anyone, long before it reached her.
- C.D. Proud Member of the Reality Based Community
Purveyor
(29,876 posts)Recursion
(56,582 posts)So, that kind of makes the opposite point...
Purveyor
(29,876 posts)Recursion
(56,582 posts)Though I don't know the topology of this so I can't say for sure.
RoccoR5955
(12,471 posts)I can tell you that the hackers these days are not concerned with small targets. They want the money, and the money can be found where there is a lot of data. Mrs. Secretary Clinton's server was a microscopic fish living in the ocean for them.
A Simple Game
(9,214 posts)When our own NSA trolls even private citizens with no connection to the government you really don't think other countries would hack into an ex-President and his SOS wife's private network. Other countries aren't interested in your bank account numbers and passwords, they are interested in government data. Sometimes small targets are the richest.
How's the weather in dream world?
Purveyor
(29,876 posts)RoccoR5955
(12,471 posts)How does one figure that one out?
So tell me how does one find out what domain a specific person is on without even having an email address, as I am sure that China did not have.
How's the weather in paranoia land?
A Simple Game
(9,214 posts)Really it's not that hard to find out. She sent thousands of emails to hundreds of people. Do you think they were all loyal allies?
RoccoR5955
(12,471 posts)They were loyal. Are you now telling me that the security checks that are done on our ambassadors are flawed, and the agency that runs them? Interesting.
A Simple Game
(9,214 posts)the Chinese ambassador or Premier, or any other counties leader(s)?
Where did I ever mention our ambassadors, which incidentally were using the proper government servers?
RichVRichV
(885 posts)The simplest is to go through the domain name. Every email has to have a domain listed after the @ symbol that is linked to the mail servers. It's not that hard to find domains for specific people. Every domain name has contact information for people that setup and maintain the account. All you need to know is the name of the person you're looking for or the names of associates that would have set it up (staffers, IT people working for that person with clearance). Or you can search via phone number, contact address, etc. Once you identify the domain name you can do a whois lookup for the full contact information to verify. All of that is public records.
Alternately if they're using a .gov email address then you can narrow your search to those and look for .gov names related to her name or position.
Once you locate the domain name for the emails you just have to nslookup the ip address of the server the domain name points to. You can check for open smtp ports to verify it is an email server.
This is all rather trivial. Most IT people could do it with a little patience and some basic personal information. Finding a server is the easy part. This is just one of many ways to do so. The hard part is getting into them (assuming the people setting them up are semi-competent).
There's an IT saying: "Security through obscurity is no security at all". Hoping someone doesn't find out where your server is isn't how things are protected on the internet.
jeff47
(26,549 posts)Some are economically-motivated. Like you describe.
Some are not.
After the server was revealed, it was also revealed that the VPN appliance was using the default encryption keys. So we can be pretty sure at least China and Russia got in. Their hackers are not hacking for profit, but for old-fashioned espionage.
RoccoR5955
(12,471 posts)I hope whoever was managing her network doesn't have a job. They don't deserve one. Especially the keys on a Cisco appliance. Cisco probably has their own back door into them any way. I am no Cisco expert, but I certainly would have changed the default keys.
rhett o rick
(55,981 posts)violating the law to be safer? Are you aware of what actions would be taken against any government employee lower than a GS-15 would be for using private email services to communicate government business? But I guess H. Clinton gets special compensation because of her popularity with the ruling oligarchy.
Recursion
(56,582 posts)The rules didn't change until 2014 IIRC.
A Simple Game
(9,214 posts)were going to run for President do something so questionable?
Such poor judgement does not look good on a resume. Nor is this her first incident of poor judgement.
rhett o rick
(55,981 posts)Bush and Cheney were found to have separate email and emails servers during their time as President and VP. They destroyed the PC,s totally before anyone could see what they were doing. What happened to them - exactly nothing. It's only a problem when a Dem does this, Repugs do all the time with no consequences. That's why people aren't concerned about this except the HRC haters.
rhett o rick
(55,981 posts)we ain't them. And for those that have nothing better to argue with than calling those with whom you disagree, haters, your desperation is showing. As for me, I am a hater. I hate the oligarchy. You know Goldman-Fracking-Sachs and the Wall Street Gangsters. Now some her like the Wall Street Gangsters because they are wealthy and wealth equals success. Am I right?
There is a populist movement world wide to throw off the chains of Oligarchy. Dare to join us and fight for our Democracy and freedoms.
tularetom
(23,664 posts)But I'm not buying the story that she didn't know what was classified and what wasn't.
She's either very naive or very Machiavellian, and either way, it isn't good.
dsc
(52,155 posts)the stuff got retroactively classified.
MannyGoldstein
(34,589 posts)This material was classified at the time, and still is today.
tularetom
(23,664 posts)Or she knew it wasn't secure but went ahead and kept using the private server anyway.
Either way, it looks bad, this isn't some Benghazi type fishing expedition.
It may be true that there is no criminal liability involved here but that doesn't mean there isn't a boatload of piss poor judgment on display.
rhett o rick
(55,981 posts)the decision to use a private server. Of course regular government workers would be fired immediately if they did what she did.
cherokeeprogressive
(24,853 posts)Out of 1.6 million?
dsc
(52,155 posts)Once n gets to be around 300 or so the sample, if honestly random, will have a very small MOE. The size of the population, provided it is sufficiently large, is irrelevant to MOE. MOE is figured out by taking 1.96 (if you want a 95 percent certainty) and multiplying by the sample standard deviation divided by the square root of n (sample size). If n is 40 you are dividing by about 6. If n is 300 you are dividing by about 17. If n is 1064, you are dividing by about 33. In other words, you have cut the size of the MOE by almost 3 when you get to 40, and by a bit over 2 when you go from 40 to 1064. A standard poll for the entire US, that isn't trying to give subcategories, will have around 500.
Fairgo
(1,571 posts)Succinct and clear light on the power of stats. Thanks!
1StrongBlackMan
(31,849 posts)by most willing to argue, loudly, about sample sizes of 1,000.
Recursion
(56,582 posts)That's a moving target day by day (a document that is SBU today may be Class tomorrow, and then back to SBU the next day).
It's a really arcane and byzantine system that we need to rip up and start over on. Case in point: there's really no such thing as "classified information". "Documents" are classified, not the information contained in them. Back in the Marines, we had some daily incident reports that we all wrote down in notebooks. Those were unclassified (though "Sensitive" when they were in our notebooks, but the exact same words became classified once I typed them into a spreadsheet on the platoon's laptop. It's stupid.
zeemike
(18,998 posts)And not a private one...so that is you don't know no harm is done.
Poor judgement at the least.
Recursion
(56,582 posts)If there were classified emails going to that account, it's a problem whether it was a private server or a Government server. There is a classified network and an unclassified network and never the twain shall meet. If a computer can read classified emails that's all its supposed to do; you have to go to a different system to even use the Internet.
jeff47
(26,549 posts)Store it on a State Department server, and State's IT people are to blame.
Store it on her own server, and it's her fault. Even if someone else emails her a classified document leaked by Manning.
Recursion
(56,582 posts)to an insecure address. Particularly since it has to be tagged as unclass to even go to or from the mail server to begin with. People can and do misplace classified, but that has nothing to do with where her server was.
jeff47
(26,549 posts)Someone emails her an excerpt from something Manning leaked, and that's a breach. She put classified on an unclassified system by storing her email on her own unclassified system.
Maedhros
(10,007 posts)Any security or legal professional will know that mingling business and personal communications - especially in position with a profile as high as Secretary of State of the United States - is extremely risky and unwise, as we have just seen: 10% of Hillary's communications contained classified information and she wasn't even aware of it.
KeepItReal
(7,769 posts)That's acting above the very Agency/Department you purport to work *for*.
Just shows how much juice Sec. Clinton had when *NOBODY* at State or in the Oval Office can advise her to stick with the Federal email system.
Mnpaul
(3,655 posts)an unforced error. No matter what Hillary turns over, the Republicans will claim something is missing and then shift into Whitewater or Benghazi.
zappaman
(20,606 posts)Look around!
awake
(3,226 posts)By the Republicans in the General Election. This is not to say that Hillary F*ck Up with the emails but I am not happy with how she is handling the issue. If there is any "Real" problem with her Home E-Mail servicer then now is the time to clear it up.
dsc
(52,155 posts)First, we had a breathless scoop that there was a request for a criminal investigation in regards to Hillary Clinton's use of email. Then, we had an edit, without any note about the edit, that no there was a request for a criminal investigation in regards to the state departments handling of the emails.
Now we have a correction, with a note, that no there really isn't a criminal investigation being requested at all.
Now as to the classification issue and the sample of the email. No where is the word random sample used, nor does anyone say who did the sample or why. That makes a pretty big difference. There is also the issue of retroactive classification. In other words, the issue isn't that Hillary didn't know the stuff was classified it is that the stuff wasn't classified. This would be like a cop clocking you going 70 in a 70 zone today, the city council changing the speed limit to 20 tomorrow but making the change retroactive to today, and then writing you a ticket for going 50 over the speed limit based on his clocking you at 70. But other than all that, you have it completely correct.
MannyGoldstein
(34,589 posts)So the sample is based on what the State Department itself picked.
And no, it's not a matter of retroactive classification here:
"the inspectors general of the State Department and the nations intelligence agencies said the information they found was classified when it was sent and remains so now."
dsc
(52,155 posts)and make you say anything I like. Yes, they do have to sample what the department turned over and not emails they don't have. But they chose 40 out of 40,000 and did Gowdy's committee choose these, if so, then I frankly don't think it was anything like a random sample of the 40,000. Also, even if it is a random sample, the n is so small that the MOE on an estimate of what percent of the email had classified info would be huge. As to your second point, frankly that is according to the times who have been repeatedly incorrect. Unless, and until I see confirmation from the inspectors themselves and not the anonymous sources the Times are relying on I won't believe them. The fact is, apparently the retroactive classification is quite common.
MannyGoldstein
(34,589 posts)to his inspectors general. But he won't.
dsc
(52,155 posts)as are presumedly the investigators. I guess Kerry could do what Jeb Bush did, and just put it all out on the net for the word to see but God help us if Obama's SS number is in one of the emails. BTW Bush refused to turn over any emails from the recount, any emails from the Shivo case, and a whole bunch of other stuff and you have written not one God damned word about it. Go figure.
MannyGoldstein
(34,589 posts)and I won't vote for him.
This is the State Department's own inspectors generals that are being denied access. Not public disclosure.
Cheese Sandwich
(9,086 posts)Negligent. She should have known. Maybe an honest mistake but honest mistakes still have consequences. Also seems like bad judgement.
Recursion
(56,582 posts)The generic email servers at State are not supposed to get classified email either.
99th_Monkey
(19,326 posts)because I hadn't looked at it yet, from this point of view.
Makes sense to me. The more of this that sticks will hurt
her bad in the GE. True dat.
Thanks Manny
Is this why our VP is warming up in the batting cage?
Divernan
(15,480 posts)where Diane Lockhart is offered an Illinois Supreme Court justiceship by governor-elect, Peter Florick. So she gets her firms crack private investigator, Kalinda Sharma, to look through Diane's life & history for any problems which might surface at hearings to confirm her appointment (doing her own opposition research, as it were). Turns out Diane's housekeeper has been using Diane's home computer to post some steamy romance novel writings to some blog. Vampire Diaries fan fic, as it was referred to. Quelle surprise! Florick's political consultant delivers the ultimatum: Too bad, so sad Diane, you'll have to fire this hard working single mom w/2 kids.
So who knows who had access to HRC's private, unsecured email account? (Which is precisely why she should never have used an unsecured private account, as if that needs saying.) Kalinda was able to investigate in just a few days. Maybe the State Department should hire her.
TexasProgresive
(12,157 posts)is risky behavior on any system. Classified info needs to be sent only by Cripto and only to those who have a need to know. Not on phones, not on computers. This may be old school but none of that stuff is secure. It is just more secure than shouting it from the rooftops.
GitRDun
(1,846 posts)government officials sent Hillary Clinton emails to that private, personal server that contained classified information, that was NOT marked classified.
This is another non--story IMO.
Some unnamed officials broke the rules. There is no way any reasonable person or court could hold Hillary accountable when the information was not marked *Classified*.
A big "Ho-Hum" as far as I am concerned.
MannyGoldstein
(34,589 posts)if she'd used her business email for business.
Ed Suspicious
(8,879 posts)ananda
(28,856 posts)She's a princess.
840high
(17,196 posts)I am sufficiently chastised.
She is a queen!
Recursion
(56,582 posts)anyways. If there were classified emails going to her normal email address, that's a problem no matter where the emails were stored.
Sancho
(9,067 posts)Everyone who has never received a "work email" at home or send a "work email" on a personal account, please send me a nickel. I'll be rich!!!
Ms. Toad
(34,057 posts)and I have 3 different email accounts I can access from my phone. You don't need separate phones to have access to separate emails accounts.
zappaman
(20,606 posts)redstateblues
(10,565 posts)billhicks76
(5,082 posts)Clintons and Bushes are not adversaries. Quite the opposite. The rest is just theater for the gullible masses.
Thinkingabout
(30,058 posts)Has investigated on the facts, put out the straight facts, give the NYT an opportunity to recoup some of their reputation.
http://www.democraticunderground.com/?com=view_post&forum=1014&pid=1157044
http://www.democraticunderground.com/?com=view_post&forum=1002&pid=7006607
Recursion
(56,582 posts)Is there any evidence the email server did not meet CCB standards?
MannyGoldstein
(34,589 posts)Not familiar with those.
Recursion
(56,582 posts)They control how servers and software must be set up for US Government use, to control both lifecycle costs and security. Since you called it "unsecure" you seem to be implying that it did not meet those standards.
MannyGoldstein
(34,589 posts)As a generic entity. But is there a specific set of regs or a guidance in place? I don't see anything on the Google.
When we refer to a secure phone line, for example, we are referring to a phone line where extra steps have been taken to ensure that evesdropping is not taking place. While "normal" phone lines are encrypted and so forth, there's still a possibility of a man-in-the-middle attack, etc.
I meant 'secure' in the same way for email. But I'd be really interested in what the government standards are.
JaneyVee
(19,877 posts)And contained numerous safeguards. Clinton also stated that she never emailed classified information, instead using other secure methods of communication approved by State dept. The State dept. also said no indication of any breaches, and Pres.Obama changed the law in 2014, after she had stepped down.
MannyGoldstein
(34,589 posts)"The server was set up and approved by State dept. under Bill Clinton"
Link?
oasis
(49,365 posts)Recursion
(56,582 posts)Exchange 2005, back at that time.
The government runs its own internal CA, and physically distributes the certificates, so MitM is not an issue.
jeff47
(26,549 posts)Recursion
(56,582 posts)That would be an epic complication for no benefit to anyone.
jeff47
(26,549 posts)Various protocols are used to verify the chain of trust in the certs. So you get a domain name that ends in .com. The SSL certificate traces back to, say, GoDaddy. Their certificate traces back to Verisign. The chain checks out, so your web browser trusts the response.
In .gov domains, they manually copy the public keys around, and you verify against those keys instead of Verisign.
Recursion
(56,582 posts)1. Her server had a .gov address, and the cert was issued by the government Certificate Authority (not all servers hosting a .gov domain are government-owned)
2. The government Certificate Authority is totally free to also issue certificates for .com, .net, .edu, even .uk or .ru if they wanted to. (It's not even limited to domains; they can issue a certificate to "The person who posts as Recursion on Democratic Underground" if they felt like it, or "The owner of the deli on 102nd and 7th".) And actually since they probably MitM most internal traffic to begin with, it's a safe assumption they do that already.
The SSL certificate traces back to, say, GoDaddy. Their certificate traces back to Verisign. The chain checks out, so your web browser trusts the response.
That would be ideal, wouldn't it? But, no, that's not how certificate verification works; you're describing a hypothetical secured model like DANE. As it is, my OS has 172 entities who are allowed to sign any certificate with full trust. It's an appalling situation.
jeff47
(26,549 posts)The domain name was registered though a small ISP in NY. It was not registered by the government.
Somebody better let ICANN know they're part of the US government.
(What you describe was true. The authority is in the middle of being transferred to ICANN. Tech-savvy Republicans are whining about it.)
And there's several million different entities with certificates. The fact that it's only 172 is actually pretty good.
Recursion
(56,582 posts)(Or, you're probably not, but your comments could lead others to.)
The domain name was registered though a small ISP in NY. It was not registered by the government.
OK, still doesn't matter. The certificate was issued by the government CA. Government computers have that CA in their root store (and not much else). If it had been issued by Verisign or Thawte or whatever the government email servers wouldn't have talked to it.
And there's several million different entities with certificates. The fact that it's only 172 is actually pretty good.
But any one of them can sign a certificate for a domain ending in .gov. We should probably do something about that. I know the USG computers have a very restricted set of accepted certificate authorities, for instance, but that won't work for general public use. Right now, their alleged probity is allegedly policed primarily just by Microsoft, Google, the Mozilla Foundation, and the Debian Foundation.
Google has an interesting idea to use a certificate-pinning peer-review system, kind of like what OpenSSH uses. That could be useful, though not foolproof, particularly for new domains.
jeff47
(26,549 posts)Actually, the certificate was issued by Verisign to the manufacturer of her VPN appliance. They didn't change the default keys.
Not really.
If a China-based entity in those 172 issues a certificate for a .gov, you won't be going to that entity to verify that certificate. Instead, when you hit the "dot" servers (the implicit address after .gov, .com, .cn, etc) you will be directed to the real US government, who will say "uh...not ours".
Someone who is behind that China-based entity would be directed to the fake .gov, because they get a chance to resolve it before the "dot" servers are asked.
Remember, DNS is highly involved in the certificate verification process. You have to spoof both the certificate and the DNS entries in order to "take over" an address.
Recursion
(56,582 posts)You won't be "going" anywhere: your browser checks the public key in the root store, verifies that the entity signed the certificate, and says "yup!"
you will be directed to the real US government, who will say "uh...not ours".
Nope.
I type in "https://www.foo.gov".
DNS resolves it. Two things can happen here: the DNS can be compromised, or not.
If it is compromised, the resolver returns the hackerz IP address. The browser connects to it and negotiates SSL. It sees the Chinese-signed certificate for www.foo.gov, verifies the public key, and says "yup".
If it is not compromised, the resolver returns the government's IP address. The browser connects to it and negotiates SSL. It sees the Chinese-signed certificate for www.foo.gov, verifies the public key, and says "yup".
Same process either way. There is never a step in which the certificate authority is verified as "authoritative" for the given domain, and that's a huge problem.
Remember, DNS is highly involved in the certificate verification process. You have to spoof both the certificate and the DNS entries in order to "take over" an address.
True, and it doesn't relate to what you're saying at all.
There is never a point where the resolver queries the DNS system to see if a certificate authority is legitimate; any CA in the root store is automatically assumed legitimate. DANE and DNSSEC would change that, but nobody uses them.
Actually, the certificate was issued by Verisign to the manufacturer of her VPN appliance.
VPN appliances accept mail now?
jeff47
(26,549 posts)The "negotiates SSL" step requires encrypting a message with the Chinese certificate's public key, and sending it to the US government server. Which will be unable to decrypt the message, and thus the negotiation fails.
Recursion
(56,582 posts)The client retrieves whatever certificate is on whatever server, and checks it against the public key it stores locally. And generally fails to check the revocation list.
You were claiming the .gov CA can't sign except for .gov, which isn't true. The administrator of a site can put whatever the hell certificate he wants to on it.
Just like a .gov machine can, if desired, have a Chinese-signed certificate on it, a .com machine can, if desired, have a US Government signed certificate on it.
There is never a point where the CA is checked for the "permission" to sign a certificate for that domain.
jeff47
(26,549 posts)Nope, I'm not claiming that. I'm claiming that the person who set up the USG server will configure it to use the certificate for that server. What certificate the server uses during SSL negotiation has nothing to do with root CAs.
FBI.gov has a different certificate than DHS.gov, which is different than IRS.gov, and so on. Each of these have a chain of trust to a root CA, but each one is a different certificate.
The Chinese cert won't match the certificate installed on the USG server, so SSL negotiation will fail. Even though both certificates have a chain of trust to valid root CAs.
http://www.symantec.com/connect/blogs/how-does-ssl-work-what-ssl-handshake
Step 4 will fail if the client is trying to use the Chinese certificate on the real USG server.
Recursion
(56,582 posts)Just like a .com server can have a USG signed cert, which was the whole point here.
Let me put it a different way: if a USG sysasmin used a Chinese CA to sign his .gov cert, are you saying my browser would warn me?
It would not. The browser would not care, just like it would not care if the USG CA signed a .com certificate. There's absolutely no connection there; a trusted CA is trusted for any certificate whatsoever.
jeff47
(26,549 posts)It did not have a US government certificate. It did not need one. It's certificate, which you can pull yourself by going to clintonemail.com, was not issued by the US Government.
Recursion
(56,582 posts)The USG CA doesn't publish a list of what certs it has signed. We know a commercial cert was made for a VPN device, but that doesn't remotely mean it was used for the mail server. We don't even know what the MX records for the domain were.
jeff47
(26,549 posts)The server literally hands it out to anyone who asks. It was issued by her ISP. The root CA for it was from Verisign.
If the MX records were pointed elsewhere, then she couldn't have received any email on this server, and this entire issue would not exist.
Recursion
(56,582 posts)So, you can't say what the MX records should have been. You're making a lot of assumptions here.
A host may have multiple A records pointing to it. A server may use multiple certificates in different situations. You're just assuming this was a standard SO/HO turnkey setup, which I see no reason to do.
jeff47
(26,549 posts)Bad A record and she can't connect to the VPN and she can't get her email. Bad MX record and no other mail system sends the mail to her server.
Multiple A records? Well then she's shipping the same cert off to multiple responses. Multiple certs? Well, then she's listening on multiple ports, and guess what? You can port-scan a host and get all the certificates.
Super-secret protocol? Then her blackberry wouldn't be able to retrieve the email. Which was the entire point of this server.
Well, so far you are claiming it is an indisputable fact that she had a government-issued certificate. Got anything to back that up? Every single media story that got far enough into the technical details indicated she had a commercial certificate.
Recursion
(56,582 posts)My main server's IP address is 104.237.158.238
Tell me what certificates I do or don't have.
You claim some confidence in that.
jeff47
(26,549 posts)You can't put classified information on a system connected to the Internet.
(There's a few narrow exceptions, and Clinton's email server did not fall into any of them)
Recursion
(56,582 posts)The classified network is completely segregated. If that address was getting emails, it doesn't matter where the server was; it's a violation either way.
DemocraticWing
(1,290 posts)If it becomes an issue, I'm guessing she'll either drop out or collapse before Iowa. If this turns out to be another non-scandal live Benghazi (and realistically, it probably will) then nothing will change.
If for some reason the 1% chance that this is a big, illegal deal and she manages to suppress it until after winning the nomination, it will be a disaster for us all.
YOHABLO
(7,358 posts)Personally I don't care what she did, obviously she wasn't aware that she was doing something wrong. It's not like Hillary's and half of the congress's emails haven't been hacked in by the NSA or the CIA. And someone up there mentioned China. Who gives a rat's ass?
Cosmic Kitten
(3,498 posts)We'll, I'd vote for you in any election!
sabrina 1
(62,325 posts)make good leaders. She has had poor judgement on many issues. Kerry eg, knew better.
The point is, she is always 'evolving' which is nice, but a leader needs to have the foresight and judgement necessary AT THE TIME on issues that will affect the lives of milliions of people, eg, the Iraq War, the Welfare Reform Bill and so many other issues.
I personally want leaders who are already evolved on major issues because if they are not, WE the people suffer while they learn.
Beartracks
(12,806 posts)mikehiggins
(5,614 posts)drop this topic. We all know the GOPukes are going to hammer this every chance they can. Lets not help them.
dreamnightwind
(4,775 posts)and Manny's post was entirely relevant to this. He is commenting on the possibility that Republicans will hammer her with this in the general election. They don't need and won't use our help, they have paid staff going over all of this, we are amateur internet posters speculating, there's no comparison, they will be very thorough, looking for anything to nail her with. We ignore these things at our peril.
We have to consider all such things now, before nominating a candidate that has baggage that will harm them in the general election. If we ignore such things, it only makes it more likely that we'll nominate someone who will get trashed by scandal that we didn't bother to vet in the primary.
Personally I don't see a lot to the classified issue, seems like desperate Republicans. I could be wrong, haven't bothered to look into it much.
I do think people are missing the main thing that was wrong about the private email server, and it's significant. It was about her having the ultimate control of prior review to any discovery requests, and to anything that gets reviewed later for historical understanding of what kind of things were being said and done by the head of our State Department. The way she set it up, anything that gets to anyone in a deposition, FOI request, or later in the National Security Acrchives (I am guessing they normally have access to such material, don't know though) is only what she and her staff decide they can see.
She uses the "mixed with personal email" excuse to not turn over the entire server, and even if she did I wouldn't trust that she hadn't had some of the material removed.
That, to me, is entirely unacceptable. It would be entirely unacceptable if a Republican did it, and it is the same if a Democrat does it.
Scuba
(53,475 posts)LiberalLovinLug
(14,168 posts)I'm a fellow Sanders supporter, but if Her Inevitableness does win the nomination, we don't need ever more GOP stoked "scandals" to perpetrate. IMO, we have to pick our battles. Focusing on her vagueness on dealing with the Wall Street Casino, and her Hawkish foreign policy platforms is much more poignant.
Besides, I really don't think the American public will think this is such a burning issue. Email security? Its a technical issue that is not uncommon in a lot of workplaces. I'm pretty sure that Hillary herself did not set up and administer her email accounts. We hear stories all the time about problems with net security, this issue is not something that has legs, or any kind of sustainable interest to the general public, at least as a huge deal.
cherokeeprogressive
(24,853 posts)If it was it DOESN'T MATTER what she deleted... you know, the 30,000 emails about the Downward Dog positions and wedding preparations and her Mother's funeral.
jeff47
(26,549 posts)The VPN appliance put between her server and the Internet used the default encryption keys. So we can pretty much guarantee competent government "cyberwarfare" units got in. I would be utterly floored if China and Russia do not have copies of everything on that server.
Scuba
(53,475 posts)Not exactly the qualities I'm looking for in a candidate.
fadedrose
(10,044 posts)"very few" to "whole bunch."
Am voting for someone I think has better judgment, myself. But then again, that's just me, pickyunish and fussy. Them that knows better will not agree.
Zorra
(27,670 posts)after the republicans get through with her, the Green Party candidate will get more votes than she will.
restorefreedom
(12,655 posts)she would just drop out now. This is just another log on the fire of scandal, mistrust, and a legacy of doubt and lies between her and her husband that will destroy her in the general election. But she won't drop out. Because she feels like she's above it all and she will hand this country over to the Republicans before dropping out.
Dr Hobbitstein
(6,568 posts)Evergreen Emerald
(13,069 posts)zentrum
(9,865 posts)
.voters, nuance doesn't matter. It's all a matter of perception. She looks like she did something sneaky, or illegal, or untrustworthy, or arrogant and regardless of what really happened, the perception is what will effect the average lowinformation voter.
Democrats need to take this very seriously because if she's the candidate we've banked on, she's a candidate that, to the majority, keeps looking dodgy.
Cosmic Kitten
(3,498 posts)In March 2013, an adviser to Clinton, Sidney Blumenthal, had his e-mail hacked by "Guccifer" -- the Romanian hacker perhaps best known for revealing George W. Bush's paintings to the world. At the time, Gawker reported that Blumenthal was communicating with an account that appeared to belong to Clinton at the "clintonemail.com" domain. The content of some of those e-mails was published by RT.com.
http://www.washingtonpost.com/blogs/the-fix/wp/2015/03/02/hacked-emails-indicate-that-hillary-clinton-used-a-domain-registered-the-day-of-her-senate-hearings/
And Hillary believes China is hacking EVERYTHING...
obviously, everything included the email of
the Secretary of State, right
Clintons remarks come three months after the U.S. government learned of a massive breach of federal databases that compromised the personal records of millions of federal employees. State officials believe the hackers were operating out of China, an allegation Beijing has called irresponsible and unscientific. A year ago, the New York Times reported that U.S. security agencies traced a similar incident last March to China, though it remains unclear if those hackers were state mercenaries or acting alone.
http://time.com/3946275/hillary-clinton-china-hacking-cyberwarfare-usa/
The issue IS NOT if Hillary committed a crime.
The issue IS, did she allow classified information
to be hacked by adversaries because she broke protocol?
randome
(34,845 posts)Your other post on this topic was an epic failure and what do you do? Double down with a slightly different spin on it.
It doesn't particularly matter what you're trying to do here. The mystery is that you invest so much energy on attacks that never go anywhere.
That is more of a mystery than your baseless speculation on Clinton's emails.
[hr][font color="blue"][center]A 90% chance of rain means the same as a 10% chance:
It might rain and it might not.[/center][/font][hr]
Cosmic Kitten
(3,498 posts)If she is the nominee the
presidential race will be nothing
but one "scandal" or distraction
after another.
She would be completely ineffective
as POTUS if only because of the distraction
created by the character of both Bill and Hillary.
May as well hire Jerry Springer as
White House Press Secretary!
perdita9
(1,144 posts)I support Bernie Sanders because of what he's offering. The email controversy is something the GOP and the American media ginned up between themselves. Unless someone can show me a bad outcome because of her personal server, I consider this topic to be irrelevant.
MineralMan
(146,284 posts)given that you celebrated massive leaks of classified information and their exposure via Wikileaks. There's zero evidence that any sensitive materials were leaked or hacked from Clinton's private server. Nothing sensitive was exposed. On the other hand huge numbers of classified State Department were stolen and transmitted to a foreign third party by someone you have championed on this very website. I find that fascinating.
It seems to me that your interest isn't in classified materials at all, but in trying to hurt one Democratic presidential candidate. Truly, it seems that way.
marble falls
(57,063 posts)MineralMan
(146,284 posts)That was a different thing.
No, I'm not suggesting she get a pass for anything. She'll be answering questions on this again, soon, and has done so before. I'm suggesting that there is irony in this. A great deal of irony, in fact.
randome
(34,845 posts)If she allowed classified documents to be given to foreign nationals, that would be worth looking at. But there is nothing to support the idea that this happened. It's all just wishful thinking. A particularly vile piece of wishful thinking, IMO.
[hr][font color="blue"][center]Aspire to inspire.[/center][/font][hr]
MineralMan
(146,284 posts)Whatever negative that can be found or created about Hillary Clinton will show up here and elsewhere. No question about it. What I'm not sure about is what will happen if she gets the nomination, which still seems very likely to me. What will people do then? It's worrisome, I think.
MannyGoldstein
(34,589 posts)unless there is an extraordinary reason not to.
Snowden released sensitive information in order to help us understand the unbelievable degree to which we're all being spied on by our own government. He had no other viable mechanism to get this point across. He did so at the risk of his life. He was very careful to do this is in a way that would make the point while minimizing damage. His actions led to important conversations, and important changes.
Hillary Clinton did not release sensitive information in order to help us. She evaded State Department policies, and attempted to evade FOIA requests. Under the very most charitable scenario, she did it so... she wouldn't have to carry two cell phones.
I will not be voting for Snowden for President, if that helps.
Can you please refrain from working so hard to attribute the nastiest possible motive to everything I write?
MineralMan
(146,284 posts)Two different things, altogether. Snowden's leaks were far more widespread in origin. I didn't think I needed to explain or bring up Chelsea Manning. Glenn Greenwald was supportive of both, however. I don't mind bringing him up.
They came earlier than that, as I'm sure you're aware. As for your motives, I have no way to know them. I pointed out some irony in what you posted. That's all. You don't see the irony? It seems crystal clear to me. Only you know your motives. I would not mention them, since I don't know you.
MannyGoldstein
(34,589 posts)other than the video of helicopter pilots showing a wanton disregard for civilian lives.
msanthrope
(37,549 posts)t o see your support.
FYI......Stephen Colbert ripped Assange apart for editing out the man who had the RPG tube in that video.......
it's worth watching the un edited version....... which is why the UN declinedto investigate the matter.
MannyGoldstein
(34,589 posts)Other than the video?
A simple and direct answer is appreciated.
I decried Manning's torture, as would any decent human being.
msanthrope
(37,549 posts)Would be for you to produce a post where you decried the dump.
heck I'd also love to see posts of yours regarding Assange and rape charges he's facing
MannyGoldstein
(34,589 posts)to hoping I decried it.
I believe that I did, but chasing moving goalposts is a fool's errand. So I'll leave that as an exercise for you.
msanthrope
(37,549 posts)I simply suggested that any person who wish to know your viewpoint perform a simple Google search in the handy search box provided by the site's administration.
I think your words speak for themselves.
MannyGoldstein
(34,589 posts)Ok then.
MannyGoldstein
(34,589 posts)that I celebrated the WikiLeaks dump?
MineralMan
(146,284 posts)Glenn Greenwald. He was right there in support of Assange at that time. As were you, I believe. I don't remember what you thought of Chelsea Manning's role, either. I don't have time to go searching.
MannyGoldstein
(34,589 posts)There go the goalposts...
MineralMan
(146,284 posts)JoePhilly
(27,787 posts)MannyGoldstein
(34,589 posts)I guess ending it there fits your personal narrative, so that would make you comfortable.
morningfog
(18,115 posts)She's a liability to the party.
Metric System
(6,048 posts)lunatica
(53,410 posts)She shouldn't be President because what? She's what? A traitor? Un-American? A criminal bent on being dictator? Ready to destroy this country?
What's your point?
Kablooie
(18,623 posts)Its a republican weapon that she will have to deflect.
phoenixpcrod
(9 posts)NYTIMES botched the story. There was an inquiry but not criminal.
randome
(34,845 posts)Even if he has to ignore anything that refutes him.
[hr][font color="blue"][center]Aspire to inspire.[/center][/font][hr]
MannyGoldstein
(34,589 posts)fadedrose
(10,044 posts)When Bill & Hill were in the WH, the FBI asked for the return of a bunch of files they said hadn't been returned. WH said they couldn't find them or some kind of excuse on why they couldn't be returned.
A long time after that, the files "appeared on a table" somewhere in the hallway, and nobody knew how they got there.
Clueless, careless, senility, or did I just remember this wrong?
And this is a least important matter that nobody cared enough to find out how they got there?
Progressive dog
(6,900 posts)I'm surprised that anyone remembers Kenneth Starr as some sort of FBI official. The files were billing records (from the 1980's) of the Rose law firm. Starr was still looking for a way to blame anything on Bill or Hillary, including the savings and loan crisis under Reagan. Starr thought the records would prove that Hillary did legal work for bad people.
This e-mail stuff is some of the same BS as-- the Vince Foster suicide, Whitewater, too much profit from commodity trading, filegate, travel office, Benghazi, the Clinton foundation. I'm sure the Republicans will try to keep it alive, I would hope that others wouldn't.
fadedrose
(10,044 posts)This one was about files about previous White House occupants and employees....
Impeachment hadn't happened yet..
FBI Files were not about the Clintons.
https://en.wikipedia.org/wiki/White_House_FBI_files_controversy
The files were requested by the FBI, and turned up mysteriously on a table.
I love mysteries.
fadedrose
(10,044 posts)The files found on the table are from this:
http://www.nytimes.com/1996/06/05/us/hillary-clinton-s-fingerprints-among-those-found-on-papers.html
Sorry about that.
Progressive dog
(6,900 posts)not with Hillary Clinton. It is just more RW crap. I'm always surprised when "Democrats" continue to echo these RW attacks.
fadedrose
(10,044 posts)President Obama was subjected to a lot of smears - his birthplace, his mortgage on his Chicago home, his preacher, etc., and I could never believe any of it because of his ambiance and the crednce of his responses. The smears finally ended, but his judgment goes on challenged all the time, and he bears it well.
It's about the heat in the kitchen.
Craig Livingston was fired (I never did learn why he wanted all those FBI files on former WH figures) and HC said he was hired because his mother was a good friend of hers, yet she failed to recognize her in a picture. I don't know is this is true or not, but it seems there's always something. HC will have to go thru all this stuff again when the nominees have been picked, and so far the RW is pretty much leaving her alone, except for the emails, but once she has been nominated, the gloves will come off. We can't afford to lose the WH and the choices a RWer will have for the Supreme Court.
Progressive dog
(6,900 posts)the RW will attack them. If they don't, it will only be because they think they're too weak to bother with.
The RW attacks on Hillary before the nomination are meant to prevent her from being the nominee. I don't intend to help them win.
bvar22
(39,909 posts)Snowden can probably help Hillary get resettled in Russia.
Response to MannyGoldstein (Original post)
LiberalArkie This message was self-deleted by its author.
alfredo
(60,071 posts)She may not have known about info being classified if it was classified at a later date. If that was the case, then she is home free, if not, she fucked up.
Never talk shop off the job, especially if that job deals with sensitive data.
Cheviteau
(383 posts)Nice way to help the Republicans while pretending to help the Democrats. This is pure bullshite. Plain & simply. I'm not necessarily a Clinton fan but, she may be our nominee and she doesn't need this crap. She gets enough of that from the Republicans. Oh, and you haven't made me a Sanders fan either.
840high
(17,196 posts)a Sanders fan. It's up to you to see or not see his value to America.
BeanMusical
(4,389 posts)jimlup
(7,968 posts)Republicans? Just have not researched this story that closely.
liberal N proud
(60,334 posts)Benghazi
If that doesn't stick, REPEAT!
awake
(3,226 posts)Why do you want to change the subject?
I do not know what was or was not in her emails I only know how she has handled the issue has been clumsy.
She needs to up her game the real BS from the republicans has not started. No need to start it here
Adrahil
(13,340 posts)Only now be perpetrated by Democrats. Makes me feel all warm and fuzzy inside....
msanthrope
(37,549 posts)stevenleser
(32,886 posts)not the OP even though he relied on that source for the info.
Very telling.
stevenleser
(32,886 posts)MannyGoldstein
(34,589 posts)and if it is I'll write a correction.
Again, be specific.
Recursion
(56,582 posts)which isn't true.
MannyGoldstein
(34,589 posts)MannyGoldstein
(34,589 posts)1StrongBlackMan
(31,849 posts)1StrongBlackMan
(31,849 posts)that we weren't suppose to trust, 8 years ago, and suddenly became trustworthy during the (President) Obama/G.A.S. days, has done it to you again!
http://mobile.nytimes.com/blogs/publiceditor/2015/07/27/a-clinton-story-fraught-with-inaccuracies-how-it-happened-and-what-next/?referrer=
MannyGoldstein
(34,589 posts)Whether it's pretending that my post is inaccurate because it references some undisputed parts an article that had some othet inaccuracies, or claiming that I make jokes about chicken and wathermelon on DU while being utterly unable to to produce such jokes, there you are. While claiming that I only want economic justice because you claim I don't think I get paid enough
If you (or the jury) needs links to any of this crap, just ask - I'll be happy to spend a few minutes finding some.
1StrongBlackMan
(31,849 posts)about the pack of dogs and a rock is more colorful.
MannyGoldstein
(34,589 posts)Addressing facts instead of casting aspersions.
1StrongBlackMan
(31,849 posts)addresses your "facts" ... the casting aspersions part is just the noting you tend to run around half cocked and, in a Bill Kristol kind of way, getting it wrong (loudly but consistently) every darned time cherry on top.
Cosmic Kitten
(3,498 posts)The issues at hand is if Hillary allowed
classified information to be mishandled.
Hillary acknowledges that rivals are
"hacking everything".
She is aware of the concerns of espionage,
and as SoS should have been particularly
meticulous regarding national security.
Your link does not seem to address the facts.
A line stating: in fairness, its doubtful
is hardly reassuring nor factual
1StrongBlackMan
(31,849 posts)Cosmic Kitten
(3,498 posts)1StrongBlackMan
(31,849 posts)on 4 words, of a almost 400 word we screwed up admission by the outlets editor ... it's probably not a good defense.
But you will believe what you want to believe ... no matter how impracticable/improbable.
Cosmic Kitten
(3,498 posts)The specific concern is mishandling
of classified documents, partially
due to circumvention of protocol
and the dubious and misleading
excuse for commingling business
and personal affairs.
Your link does not seem
to address those specific concerns?