Re: [saag] Is opportunistic unauthenticated encryption a waste of time?

Fernando Gont <fgont@si6networks.com> Mon, 25 August 2014 00:56 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31D361A88D5; Sun, 24 Aug 2014 17:56:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xmT8s8Z0YHfJ; Sun, 24 Aug 2014 17:56:04 -0700 (PDT)
Received: from web01.jbserver.net (web01.jbserver.net [IPv6:2a00:8240:6:a::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA4F01A88D1; Sun, 24 Aug 2014 17:56:03 -0700 (PDT)
Received: from 48-136-17-190.fibertel.com.ar ([190.17.136.48] helo=[192.168.3.107]) by web01.jbserver.net with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128) (Exim 4.84) (envelope-from <fgont@si6networks.com>) id 1XLiZl-00041F-Hh; Mon, 25 Aug 2014 02:56:01 +0200
Message-ID: <53FA8995.3050609@si6networks.com>
Date: Sun, 24 Aug 2014 21:55:49 -0300
From: Fernando Gont <fgont@si6networks.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: joel jaeggli <joelja@bogus.com>, Bernard Aboba <bernard_aboba@hotmail.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Nico Williams <nico@cryptonector.com>
Subject: Re: [saag] Is opportunistic unauthenticated encryption a waste of time?
References: <53F548E5.2070208@cs.tcd.ie>, <53F54F1C.1060405@dcrocker.net>, <53F5D303.1090400@cs.tcd.ie>, <CAMm+LwhmJpnU8E9ifA47baneGB=qjHzU_cy+wepPYLXrOhB+Pg@mail.gmail.com>, <20140821160402.GT14392@mournblade.imrryr.org>, <f5d8b5dc37b84f709c8f2df7c7a69daf@AMSPR06MB439.eurprd06.prod.outlook.com>, <CAK3OfOgZzoXVnrE8Nbs6mwN2xD_snbzH9jT8TsYOVt8UASahYQ@mail.gmail.com>, <a354d63505924d76a15b505e60e27a16@AMSPR06MB439.eurprd06.prod.outlook.com>, <20140822140000.GE14392@mournblade.imrryr.org>, <BLU181-W84354FE6BEF12305A2A7DB93D10@phx.gbl>, <20140823040550.GQ5909@localhost> <BLU181-W307B52819C577693183E2D93D10@phx.gbl>, <53F8FA97.2020607@cs.tcd.ie> <BLU181-W664365D566637BE6D0E67493D10@phx.gbl> <53F9F268.1030407@si6networks.com> <53FA4E25.6070700@bogus.com> <53FA7BE8.3070307@si6networks.com> <53FA7EB7.60207@bogus.com>
In-Reply-To: <53FA7EB7.60207@bogus.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/1YwHU5ikgMfx9b44Jt9FzdxhSLo
Cc: "saag@ietf.org" <saag@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Aug 2014 00:56:06 -0000

On 08/24/2014 09:09 PM, joel jaeggli wrote:
> On 8/24/14 4:57 PM, Fernando Gont wrote:
>> On 08/24/2014 05:42 PM, joel jaeggli wrote:
>>> On 8/24/14 7:10 AM, Fernando Gont wrote:
>>>> On 08/23/2014 06:05 PM, Bernard Aboba wrote:
[...]
>>
>> Good luck explaining that to the oppressive regime.
> 
> I don't have to. They are aware for example that all twitter api calls
> had a deadline over ssl since jan 1 2014. You cannot distinguish the
> intentions of the user by their (involuntary) use of encryption.

I suggest you talk to someone that's suffering from an oppressive regime
(both in terms of the stuff that they suffer, and what their regimes are
supposedly aware of).

My response is based on the lesson that I learned when I offered (a few
years ago) one of such folks an encrypted tunnel such that they could
avoid both censorship and monitoring.

Any technical explanation that you can give (no matter how correct or
true it is) is of no use if the guy suffering from an oppressive regime
is still going to have a hard time with their regime.

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492