IETF Logo Mail Archive

Re: HTTP/2 and Pervasive Monitoring

"Poul-Henning Kamp" <phk@phk.freebsd.dk> Sat, 16 August 2014 06:24 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CC251A6FF7 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 15 Aug 2014 23:24:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.57
X-Spam-Level:
X-Spam-Status: No, score=-7.57 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3DZcCDbTwVso for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 15 Aug 2014 23:24:35 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCE271A6FF4 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 15 Aug 2014 23:24:34 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XIXMR-00078o-9H for ietf-http-wg-dist@listhub.w3.org; Sat, 16 Aug 2014 06:21:07 +0000
Resent-Date: Sat, 16 Aug 2014 06:21:07 +0000
Resent-Message-Id: <E1XIXMR-00078o-9H@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <phk@phk.freebsd.dk>) id 1XIXLz-00071P-Em for ietf-http-wg@listhub.w3.org; Sat, 16 Aug 2014 06:20:39 +0000
Received: from phk.freebsd.dk ([130.225.244.222]) by maggie.w3.org with esmtp (Exim 4.72) (envelope-from <phk@phk.freebsd.dk>) id 1XIXLy-0000ml-Mm for ietf-http-wg@w3.org; Sat, 16 Aug 2014 06:20:39 +0000
Received: from critter.freebsd.dk (unknown [192.168.60.3]) by phk.freebsd.dk (Postfix) with ESMTP id 887171578; Sat, 16 Aug 2014 06:20:15 +0000 (UTC)
Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.14.9/8.14.9) with ESMTP id s7G6KDjH009933; Sat, 16 Aug 2014 06:20:14 GMT (envelope-from phk@phk.freebsd.dk)
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
cc: Greg Wilkins <gregw@intalio.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
In-reply-to: <53EEA563.4020703@cs.tcd.ie>
From: Poul-Henning Kamp <phk@phk.freebsd.dk>
References: <38BD57DB-98A9-4282-82DD-BB89F11F7C84@mnot.net> <CAH_y2NFr16YJEsN-=zUWjEdywuLpuOVijFmybjbXZtAE4LTMdg@mail.gmail.com> <DE8B5174-864A-4514-B2DC-6F1742535A8C@mnot.net> <CAH_y2NHOspsVugNZZgvD3XMZ522PzNkTRMS1dapcRDWQCL5ZsQ@mail.gmail.com> <8622.1408147394@critter.freebsd.dk> <53EEA563.4020703@cs.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-ID: <9931.1408170013.1@critter.freebsd.dk>
Content-Transfer-Encoding: 8bit
Date: Sat, 16 Aug 2014 06:20:13 +0000
Message-ID: <9932.1408170013@critter.freebsd.dk>
Received-SPF: none client-ip=130.225.244.222; envelope-from=phk@phk.freebsd.dk; helo=phk.freebsd.dk
X-W3C-Hub-Spam-Status: No, score=-3.7
X-W3C-Hub-Spam-Report: AWL=-3.068, RP_MATCHES_RCVD=-0.668
X-W3C-Scan-Sig: maggie.w3.org 1XIXLy-0000ml-Mm 006e7e84e289bcc7758ab1045051e028
X-Original-To: ietf-http-wg@w3.org
Subject: Re: HTTP/2 and Pervasive Monitoring
Archived-At: <http://www.w3.org/mid/9932.1408170013@critter.freebsd.dk>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/26629
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

--------
In message <53EEA563.4020703@cs.tcd.ie>, Stephen Farrell writes:

>PHK and I disagree a bit about the definition of PM in that respect.
>I conclude that BCP188 would include storing breakable ciphertext in
>the definition of PM. He doesn't.

Stephen, you're free to express your own opinion, but I think it
would be best if you let me express mine.

My argument is that if the attacker captures and stores N>1 connections
in the same time he manages to break the crypt on 1 connection,
then it is by definition not PM, since he will not ever be able to
decrypt all the traffic.

The footnote to this is that that the attacker still gets to chose
which fraction of the traffic to spend his limited resources breaking
the crypto on, so N has to be very large before it affects human
rights in a relevant fashion.  PM probably already only captures
metadata for most of the porn traffic, major news sites etc and
certainly would give such a resource constraint.

Also note, that getting the 99% out from under PM by sacrificing
the 1%, is not a final solution to the human rights problem, and
skirts dangerously Martin Niemöllers warning.

In the present situation my straw-man it at best just stopgap measure
until the political process implements the correct solution to the
PM problem.  On the long scale it could also vaccinate the net
against recurrences or regimes where political solutions are not
forthcoming.

The important thing in my straw-man is not if we should or shouldn't
do it, but the fact that PM can be made impossible with ciphersuites
you can break in a matter of seconds.

That observation should be made part of our BCP188 response, because
clearly a lot of people don't realize this.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

v2.35.0 | Report a Bug | By Email | System Status