Re: [ietf-privacy] draft-cooper-ietf-privacy-requirements-00.txt
Robin Wilton <wilton@isoc.org> Tue, 24 September 2013 11:31 UTC
Return-Path: <wilton@isoc.org>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C796611E8104 for <ietf-privacy@ietfa.amsl.com>; Tue, 24 Sep 2013 04:31:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.901
X-Spam-Level:
X-Spam-Status: No, score=-102.901 tagged_above=-999 required=5 tests=[AWL=0.698, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ABbVNCZ8Jza6 for <ietf-privacy@ietfa.amsl.com>; Tue, 24 Sep 2013 04:31:02 -0700 (PDT)
Received: from smtp190.iad.emailsrvr.com (smtp190.iad.emailsrvr.com [207.97.245.190]) by ietfa.amsl.com (Postfix) with ESMTP id 8A8E121F9A44 for <ietf-privacy@ietf.org>; Tue, 24 Sep 2013 04:31:02 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp49.relay.iad1a.emailsrvr.com (SMTP Server) with ESMTP id 1AFEA190518; Tue, 24 Sep 2013 07:31:01 -0400 (EDT)
X-Virus-Scanned: OK
Received: by smtp49.relay.iad1a.emailsrvr.com (Authenticated sender: wilton-AT-isoc.org) with ESMTPSA id 7FEF91904B6; Tue, 24 Sep 2013 07:31:00 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1283)
Content-Type: multipart/signed; boundary="Apple-Mail=_6C299F1B-E12F-4F7F-82E7-767D1FC587DD"; protocol="application/pkcs7-signature"; micalg="sha1"
From: Robin Wilton <wilton@isoc.org>
In-Reply-To: <524170C2.4080306@cs.tcd.ie>
Date: Tue, 24 Sep 2013 12:31:20 +0100
Message-Id: <20F43E57-4FD2-44C6-9399-9CC26D1B7457@isoc.org>
References: <52416C71.9000903@cisco.com> <524170C2.4080306@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.1283)
Cc: ietf-privacy@ietf.org
Subject: Re: [ietf-privacy] draft-cooper-ietf-privacy-requirements-00.txt
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-privacy>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Sep 2013 11:31:07 -0000
Hi all - On 24 Sep 2013, at 12:00, Stephen Farrell wrote: > > Hi Eliot, > > On 09/24/2013 11:41 AM, Eliot Lear wrote: > >> It is worth noting that by >> the use of the term, one could reasonably argue that TLS is >> opportunistic encryption because the encryption is not prearranged in >> advance by two parties. > > Ignoring the bare-keys TLS draft for the moment, that's not > correct (and hence not reasonable:-) > > The TLS client has to have a trust anchor to which the TLS > server's cetificate chains. That is pre-arranged, in current > browser implementations between the CAs, browsers and web-sites. I tend to Stephen's point of view here. Two parties cannot "bootstrap" a TLS session out of nothing. Even if the person on the client side apparently does nothing, at the time, to establish an encrypted rather than unencrypted session, there are pre-requisites that have to be in place (i.e. pre-arranged). This may seem like a nit-pick, but I have reasons for drawing attention to it, and TLS is a good 'case study'. What I've observed in PKI is that there's an inverse relationship between adoption volumes and the extent of functionality exposed to the user. Put bluntly, if you want PKI to scale, keep the user away from it. At one level, there are sound reasons for that: if you leave it up to users, few can be bothered to fiddle with security settings, so the technology goes unused. However, there are also risks: the more you insulate the user from the realities of securing online interaction, the less likely they are to care whether it's happening or not; and, of course, the less likely they are to know if it is not happening at all. So, I wanted to draw out this aspect because deployments in this area have to satisfy quite tricky, but implicit, requirements. Users need information that is reliable (a little padlock icon is not useful if it can easily be spoofed) and usable (too much detail scares users away; too little means they can't make informed decisions if necessary). This means we may have to design systems that *appear* opportunistic (such as establishing a TLS session with no apparent, explicit action on the part of the user) even though they may actually rely on a good deal of prior work to put the pre-reqs in place. Bottom line: we probably need to think carefully about how we define "opportunistic". HTH, Robin
- Re: [ietf-privacy] draft-cooper-ietf-privacy-requ… Stephen Farrell
- Re: [ietf-privacy] draft-cooper-ietf-privacy-requ… Robin Wilton
- [ietf-privacy] draft-cooper-ietf-privacy-requirem… Eliot Lear
- Re: [ietf-privacy] draft-cooper-ietf-privacy-requ… Eliot Lear
- Re: [ietf-privacy] draft-cooper-ietf-privacy-requ… Robin Wilton