Re: HTTP/2 and Pervasive Monitoring
Martin Thomson <martin.thomson@gmail.com> Wed, 20 August 2014 19:14 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B19C1A06F6 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 20 Aug 2014 12:14:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.669
X-Spam-Level:
X-Spam-Status: No, score=-7.669 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KyPtufT3yDFe for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 20 Aug 2014 12:14:20 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CC001A065B for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 20 Aug 2014 12:14:20 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XKBI3-0002RJ-Tx for ietf-http-wg-dist@listhub.w3.org; Wed, 20 Aug 2014 19:11:23 +0000
Resent-Date: Wed, 20 Aug 2014 19:11:23 +0000
Resent-Message-Id: <E1XKBI3-0002RJ-Tx@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <martin.thomson@gmail.com>) id 1XKBHj-0002Np-EE for ietf-http-wg@listhub.w3.org; Wed, 20 Aug 2014 19:11:03 +0000
Received: from mail-we0-f170.google.com ([74.125.82.170]) by maggie.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <martin.thomson@gmail.com>) id 1XKBHi-0008Vo-HL for ietf-http-wg@w3.org; Wed, 20 Aug 2014 19:11:03 +0000
Received: by mail-we0-f170.google.com with SMTP id w62so8393145wes.15 for <ietf-http-wg@w3.org>; Wed, 20 Aug 2014 12:10:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=hDeKGkudAGe3vETZnOzdVaDFVoyT0QcU+ByB/qQ7J+A=; b=ce1JaENjclAkOejc0QGWI6ya8gzjl6Fang2QZAaGIWk7js/zXMWSjq0miNzwqLeDxb iEcWgUv1nufVvGchvBrMZn0FBpvPwvQOsNMfQ9eLtG7IVjZa+ZSfpvrVKRiSGawtt1yx LPWbJRyB0esRoXzYE+UMOBIt+4LPqVGj+5Z0WcGw0Q5PElWE7VoVe61pZ0fOyaiBdCHe lY3uH7qZ/YhZehp+qV09SegByvlQYhogcOF+bY7JsMDAYMmajlRJgM6ohCa5EflINg4e KiWJC1oCAC3T135Qtw9dVywP1V7wx7lhYuZIBwPK/3x9crSIn7psk8T2FJoIWeR/huD/ kfqA==
MIME-Version: 1.0
X-Received: by 10.180.103.74 with SMTP id fu10mr17464244wib.47.1408561836264; Wed, 20 Aug 2014 12:10:36 -0700 (PDT)
Received: by 10.194.6.229 with HTTP; Wed, 20 Aug 2014 12:10:36 -0700 (PDT)
In-Reply-To: <23351.1408559797@critter.freebsd.dk>
References: <38BD57DB-98A9-4282-82DD-BB89F11F7C84@mnot.net> <4851.1408094168@critter.freebsd.dk> <EB5B7C64-165B-48F1-94FF-1354E917A10F@mnot.net> <5871.1408106089@critter.freebsd.dk> <A9F561E4-E5C6-4E1D-89B1-F1EDA9FA1BAC@mnot.net> <10689.1408519778@critter.freebsd.dk> <CABkgnnVvm6vz=Tcv2n9YtH13E9-AUgdyXVY5RxLvmKkCcNSpgg@mail.gmail.com> <23351.1408559797@critter.freebsd.dk>
Date: Wed, 20 Aug 2014 12:10:36 -0700
Message-ID: <CABkgnnUVHgkRdUKBYKoKec1UO_fF+GZEiqMXmirwd4XKjtYf2Q@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=74.125.82.170; envelope-from=martin.thomson@gmail.com; helo=mail-we0-f170.google.com
X-W3C-Hub-Spam-Status: No, score=-3.5
X-W3C-Hub-Spam-Report: AWL=-2.743, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1XKBHi-0008Vo-HL 0fb9e87a533865f179896118d49fe809
X-Original-To: ietf-http-wg@w3.org
Subject: Re: HTTP/2 and Pervasive Monitoring
Archived-At: <http://www.w3.org/mid/CABkgnnUVHgkRdUKBYKoKec1UO_fF+GZEiqMXmirwd4XKjtYf2Q@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/26680
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On 20 August 2014 11:36, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > Last I looked AES had 128 bit and larger keys, so that would be 2^127 ? No, 2^64. https://en.wikipedia.org/wiki/Birthday_attack And to be fair, I did some more scratching and came up with USD 2.8M, and I'll probably get a different number next time as well. > Your 1e-10 number I cannot find any basis for. Take the 170K number and reduce the search space by 2^48; then reduce again by the performance gain (4). It gets small fast. > To stop PM, we don't need unbreakable crypto, we just need crypto > which is sufficiently expensive to break. That's all we ever have. We just draw the line in different places. My point is that the line is close enough to what is state of the art to not bother with anything less. There are other factors at play other than simply the cost of a brute-force attack.
- HTTP/2 and Pervasive Monitoring Mark Nottingham
- Re: HTTP/2 and Pervasive Monitoring Amos Jeffries
- Re: HTTP/2 and Pervasive Monitoring Greg Wilkins
- RE: HTTP/2 and Pervasive Monitoring K.Morgan
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Mark Nottingham
- Re: HTTP/2 and Pervasive Monitoring Mark Nottingham
- Re: HTTP/2 and Pervasive Monitoring Eliot Lear
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Martin Nilsson
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- RE: HTTP/2 and Pervasive Monitoring Albert Lunde
- Re: HTTP/2 and Pervasive Monitoring Cory Benfield
- Re: HTTP/2 and Pervasive Monitoring Erik Nygren
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Roland Zink
- Re: HTTP/2 and Pervasive Monitoring Martin Thomson
- Re: HTTP/2 and Pervasive Monitoring Brian Smith
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Eliot Lear
- Re: HTTP/2 and Pervasive Monitoring Greg Wilkins
- Re: HTTP/2 and Pervasive Monitoring Greg Wilkins
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Stephen Farrell
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Roland Zink
- Re: HTTP/2 and Pervasive Monitoring Stephen Farrell
- Re: HTTP/2 and Pervasive Monitoring Amos Jeffries
- Re: HTTP/2 and Pervasive Monitoring Eliot Lear
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Ilari Liusvaara
- Re: HTTP/2 and Pervasive Monitoring Mark Nottingham
- Re: HTTP/2 and Pervasive Monitoring Greg Wilkins
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Martin Thomson
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Martin Thomson
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp