Re: [E2ee] Does the presence of overt, "Non-Ghost" surveillance actors/bots, inhibit E2E Security?
Alec Muffett <alec.muffett@gmail.com> Thu, 29 July 2021 18:01 UTC
Return-Path: <alec.muffett@gmail.com>
X-Original-To: e2ee@ietfa.amsl.com
Delivered-To: e2ee@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 718303A12CF for <e2ee@ietfa.amsl.com>; Thu, 29 Jul 2021 11:01:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WQ3xTHkx5qpK for <e2ee@ietfa.amsl.com>; Thu, 29 Jul 2021 11:01:28 -0700 (PDT)
Received: from mail-qk1-x729.google.com (mail-qk1-x729.google.com [IPv6:2607:f8b0:4864:20::729]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48AC83A12CD for <e2ee@ietf.org>; Thu, 29 Jul 2021 11:01:28 -0700 (PDT)
Received: by mail-qk1-x729.google.com with SMTP id az7so6838287qkb.5 for <e2ee@ietf.org>; Thu, 29 Jul 2021 11:01:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=5qNmUcjYeeACiHYy9V9qmkSYvdBbflwVTzpXeVqcTZ4=; b=DNHcdGM14sUDRLVdnvOHO3uHl4rNx/Txm1g9zGMu6hcqCz07QIK7HDlLNCWOqTjEpX oFDvtFiaBrhplI9YGGZjCAHyMgc1ApDBpdBFkzZk6oYhxu5Dz9OYsl1pC87tbYh0jDu/ wW6KgZ4NW0qpFHjfLWaLXGD3aV/U8ZqzoAGfCbDgk75BJmF9X234eyNA21pUXqI1zhXv gCO83y4yjer3WSgsIbkkWkuJ79DarCUrABl7zFvadQd747kB1HuGmh4yxWS8jDXnH5W5 AFUB4KDw6NCXwV9GjD9+IfKFE8C7fOhp7wIoNLCkynXp2VDglPoq1tMpJMvac1QPd3yI JGbg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5qNmUcjYeeACiHYy9V9qmkSYvdBbflwVTzpXeVqcTZ4=; b=EQsMRfrqxMsLGHPdd12v/1sqR4jrhSsltmbev/0m2vU/I9LHWndF3+CHO4WeTMg9Cl p6Z7sZOoltColav/gi6/SK3E91p9jkDwYf3/stAjGxFJq6ZehF33EFGBVQSVlH8z/7d+ U1KXAdU69Rld6ZhujV5JZ9xPKvCYhnBkFH3JLXM7d28J1996n+7meMSmSHaeT2/P/4km qMscmw74FyjxYv99+m6IxBg/UZ7obPnO1eEgIcqz6T3bRByrL+4KloOo26JyIm0EyoI5 SgRJoyixtGiirbzM/XCoLUZmh30DwTRJv+ZSAPFnTNE8VeEIB3E2/NmRg1KdIJoN1Vpn aPqQ==
X-Gm-Message-State: AOAM531YI+zPgVMkClIjniwJRW2Wnb4S8L/4Z6t9u9SFakNnqrSyP6GF wFczGgGKRVWPPeLri6DXSX+dYVIjv2PKYXTnvBFtoEuGpyg=
X-Google-Smtp-Source: ABdhPJz+fcWlhbCaPuJ/ZkZ3SjNQwUIhlaiNSKHwt+sKehLIkjFq24ptKcKQBHrq2UVX4NxFCCvijmJttwh77EKUg5E=
X-Received: by 2002:a05:620a:129a:: with SMTP id w26mr6376614qki.330.1627581686475; Thu, 29 Jul 2021 11:01:26 -0700 (PDT)
MIME-Version: 1.0
References: <CAFWeb9JvrpHwsYXADHvAA4Do4OzQiNMCmTyY-QHHgu2MqHAeYg@mail.gmail.com> <238644631.6269.1627552490927@appsuite-gw1.open-xchange.com>
In-Reply-To: <238644631.6269.1627552490927@appsuite-gw1.open-xchange.com>
From: Alec Muffett <alec.muffett@gmail.com>
Date: Thu, 29 Jul 2021 19:00:50 +0100
Message-ID: <CAFWeb9LgdU_tgcyvU2zw+AtvAMaM1+wELzW-hFTOFnL_nFTZBQ@mail.gmail.com>
To: Vittorio Bertola <vittorio.bertola@open-xchange.com>
Cc: e2ee@ietf.org
Content-Type: multipart/alternative; boundary="00000000000043efac05c846e4a2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/e2ee/WwCRv1BDLzCfdttv8WGtgOGVhcY>
Subject: Re: [E2ee] Does the presence of overt, "Non-Ghost" surveillance actors/bots, inhibit E2E Security?
X-BeenThere: e2ee@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <e2ee.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/e2ee>, <mailto:e2ee-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/e2ee/>
List-Post: <mailto:e2ee@ietf.org>
List-Help: <mailto:e2ee-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/e2ee>, <mailto:e2ee-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jul 2021 18:01:34 -0000
Hi Vittorio - nice to talk to you again! On Thu, 29 Jul 2021 at 10:54, Vittorio Bertola < vittorio.bertola@open-xchange.com> wrote: > > I think that you are mixing three separate concepts: > 1) end-to-end encryption, which is a technical property of a communication system; > 2) end-to-end security, which is a somewhat abstract concept possibly including other factors than just the communication system; > 3) an appropriate disclosure policy for lawful interception, which is interesting but possibly out of scope for the IETF, and more in scope for law-making venues. Yes, I am. I feel that it is proper and appropriate, given that I am also placing bounds upon how they are being discussed. > By the way, the apps you mention (Whatsapp and Signal) do not provide "end-to-end encryption" but "managed end-to-end encryption" [deletia] I will let you argue definitions of end-to-end encryption with the people authoring the relevant draft for that term; my work is focused narrowly upon "end-to-end secure messaging". > Of course, managed e2ee is much easier to use while still providing a good degree of protection, but it requires you to trust the provider of the communication system, and there are clear reasons why people who really need absolute protection from any kind of screening should not rely on it; Absolutely - the exercise of user choice to import (say) Signal into one's Trusted Compute Base, is a huge and somewhat blind leap of (reputation-based?) trust. > In terms of #3, I'm not sure if it's on topic, but I will note that by definition lawful interception happens according to a law, so the fact that it exists is public. What you as a user do not generally know is if it has been turned on on your account, but there are reasons for that, and also - in democratic countries - appropriate guarantees. Nothing would anyway prevent the app from reminding that, in some cases, your communications could be reported according to a law or court order. Exactly so, per slide 25 at https://alecmuffett.com/alecm/ietf-111/draft-muffett-e2esm-v1.18a.pdf perhaps something like: > Messages you send to this chat and calls are now secured with end-to-end encryption, but may be subject to interception or review by ourselves, and law enforcement, safety communities, and outsourced agents from the following national governments that we have determined from your profile information: [...] ...might be appropriate for people who live in, or cross-, jurisdictions that do not permit them to communicate privately. You know, totalitarian states. That sort of thing. -a -- https://alecmuffett.com/about
- [E2ee] Does the presence of overt, "Non-Ghost" su… Alec Muffett
- Re: [E2ee] Does the presence of overt, "Non-Ghost… Vittorio Bertola
- Re: [E2ee] Does the presence of overt, "Non-Ghost… Alec Muffett