Re: HTTP/2 and Pervasive Monitoring

Martin Thomson <martin.thomson@gmail.com> Wed, 20 August 2014 19:14 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B19C1A06F6 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 20 Aug 2014 12:14:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.669
X-Spam-Level:
X-Spam-Status: No, score=-7.669 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KyPtufT3yDFe for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 20 Aug 2014 12:14:20 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CC001A065B for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 20 Aug 2014 12:14:20 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XKBI3-0002RJ-Tx for ietf-http-wg-dist@listhub.w3.org; Wed, 20 Aug 2014 19:11:23 +0000
Resent-Date: Wed, 20 Aug 2014 19:11:23 +0000
Resent-Message-Id: <E1XKBI3-0002RJ-Tx@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <martin.thomson@gmail.com>) id 1XKBHj-0002Np-EE for ietf-http-wg@listhub.w3.org; Wed, 20 Aug 2014 19:11:03 +0000
Received: from mail-we0-f170.google.com ([74.125.82.170]) by maggie.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <martin.thomson@gmail.com>) id 1XKBHi-0008Vo-HL for ietf-http-wg@w3.org; Wed, 20 Aug 2014 19:11:03 +0000
Received: by mail-we0-f170.google.com with SMTP id w62so8393145wes.15 for <ietf-http-wg@w3.org>; Wed, 20 Aug 2014 12:10:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=hDeKGkudAGe3vETZnOzdVaDFVoyT0QcU+ByB/qQ7J+A=; b=ce1JaENjclAkOejc0QGWI6ya8gzjl6Fang2QZAaGIWk7js/zXMWSjq0miNzwqLeDxb iEcWgUv1nufVvGchvBrMZn0FBpvPwvQOsNMfQ9eLtG7IVjZa+ZSfpvrVKRiSGawtt1yx LPWbJRyB0esRoXzYE+UMOBIt+4LPqVGj+5Z0WcGw0Q5PElWE7VoVe61pZ0fOyaiBdCHe lY3uH7qZ/YhZehp+qV09SegByvlQYhogcOF+bY7JsMDAYMmajlRJgM6ohCa5EflINg4e KiWJC1oCAC3T135Qtw9dVywP1V7wx7lhYuZIBwPK/3x9crSIn7psk8T2FJoIWeR/huD/ kfqA==
MIME-Version: 1.0
X-Received: by 10.180.103.74 with SMTP id fu10mr17464244wib.47.1408561836264; Wed, 20 Aug 2014 12:10:36 -0700 (PDT)
Received: by 10.194.6.229 with HTTP; Wed, 20 Aug 2014 12:10:36 -0700 (PDT)
In-Reply-To: <23351.1408559797@critter.freebsd.dk>
References: <38BD57DB-98A9-4282-82DD-BB89F11F7C84@mnot.net> <4851.1408094168@critter.freebsd.dk> <EB5B7C64-165B-48F1-94FF-1354E917A10F@mnot.net> <5871.1408106089@critter.freebsd.dk> <A9F561E4-E5C6-4E1D-89B1-F1EDA9FA1BAC@mnot.net> <10689.1408519778@critter.freebsd.dk> <CABkgnnVvm6vz=Tcv2n9YtH13E9-AUgdyXVY5RxLvmKkCcNSpgg@mail.gmail.com> <23351.1408559797@critter.freebsd.dk>
Date: Wed, 20 Aug 2014 12:10:36 -0700
Message-ID: <CABkgnnUVHgkRdUKBYKoKec1UO_fF+GZEiqMXmirwd4XKjtYf2Q@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=74.125.82.170; envelope-from=martin.thomson@gmail.com; helo=mail-we0-f170.google.com
X-W3C-Hub-Spam-Status: No, score=-3.5
X-W3C-Hub-Spam-Report: AWL=-2.743, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1XKBHi-0008Vo-HL 0fb9e87a533865f179896118d49fe809
X-Original-To: ietf-http-wg@w3.org
Subject: Re: HTTP/2 and Pervasive Monitoring
Archived-At: <http://www.w3.org/mid/CABkgnnUVHgkRdUKBYKoKec1UO_fF+GZEiqMXmirwd4XKjtYf2Q@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/26680
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 20 August 2014 11:36, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
> Last I looked AES had 128 bit and larger keys, so that would be 2^127 ?

No, 2^64.

https://en.wikipedia.org/wiki/Birthday_attack

And to be fair, I did some more scratching and came up with USD 2.8M,
and I'll probably get a different number next time as well.

> Your 1e-10 number I cannot find any basis for.

Take the 170K number and reduce the search space by 2^48; then reduce
again by the performance gain (4).  It gets small fast.

> To stop PM, we don't need unbreakable crypto, we just need crypto
> which is sufficiently expensive to break.

That's all we ever have.  We just draw the line in different places.
My point is that the line is close enough to what is state of the art
to not bother with anything less.  There are other factors at play
other than simply the cost of a brute-force attack.