Re: IESG meeting thoughts
Phillip Hallam-Baker <phill@hallambaker.com> Fri, 20 May 2016 16:05 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49AD812DD92 for <ietf@ietfa.amsl.com>; Fri, 20 May 2016 09:05:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.4
X-Spam-Level:
X-Spam-Status: No, score=-2.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.198, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nbSbVy4lpg2h for <ietf@ietfa.amsl.com>; Fri, 20 May 2016 09:05:12 -0700 (PDT)
Received: from mail-qg0-x235.google.com (mail-qg0-x235.google.com [IPv6:2607:f8b0:400d:c04::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A8AA312DD38 for <ietf@ietf.org>; Fri, 20 May 2016 09:04:15 -0700 (PDT)
Received: by mail-qg0-x235.google.com with SMTP id w36so62699910qge.3 for <ietf@ietf.org>; Fri, 20 May 2016 09:04:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc; bh=hdE8gMqSVee7WN3cFns0JvNoTAl9RK5TFzPhuQvoRA4=; b=VdA0BZblwmCvQHzThr0/tmwiEmZk8Gq+5BuzIQa5xdj3pqKndyj9cqReiY5RkMXxN2 RUpPLVB7fqIoxfp8hA6IoW6+xkhLhZn5Bhwzzu6Thf+zepqmsdf+3LsKUkocarM9NfFc d6Rg0+5xQ0MMxYaXzAKjN6d6s7x6XmRSkRgk/U8hUn2/LcRsa7UEo1heF//U26wSRc6F Gx0i5POAvWIBD1eMWH2Z3lKcy2Zwu6VY+nfFdUzrYRAYwrV08C2zBeasvm31TXCqC8VX ME2y1KLdNRPgnm39ZYwTrUVs/QgCo4ljW0zXaptGw+AFU528znhkjzWB2CnEy7XQO41f 8FuA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc; bh=hdE8gMqSVee7WN3cFns0JvNoTAl9RK5TFzPhuQvoRA4=; b=SwhlxzYqIxmAw+/z4IR5oO+OsHLCQajd7Yl3Q0vHiwxPIERhm/EA2+tyvHM4R66q+S EDfrbEJXYbZGQ98II99zGPWgwoHBw2QvBy3aHyKzmVh6mbMlEUoAh9/PH2butRN1eaPw eidJfxIDEkDBE8/A+OEeLe7M5VAfxQP1RgtthmefsXDjklf/rc7IQQ1nbLuza+huV1fP 5YylGkkOjFE/kALJrc6mB3sL25DO8t1LtPnWRHSNbAUxyhqb5q8WYyTE4laRIDrz3f0r +HTuA4EJOZbnAqnTYTyOqSZx6bULppw134wIyi8awGiX0waqD8vCdTu54rUPCaeaswnh RbYA==
X-Gm-Message-State: AOPr4FXofyhUF7xuOBCD7137N454Xsf0DR76GGQrr7SJ9oOnIo2pd0/oHTEjfdZnToFXw/NSCMFrjFnRP7plJg==
MIME-Version: 1.0
X-Received: by 10.140.41.200 with SMTP id z66mr4083343qgz.20.1463760254693; Fri, 20 May 2016 09:04:14 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.55.25.105 with HTTP; Fri, 20 May 2016 09:04:14 -0700 (PDT)
In-Reply-To: <20160520041400.GG19530@localhost>
References: <1F81DAB9-AEE8-4250-B10D-C50E2FA66C3E@ietf.org> <573AE765.4010807@bwijnen.net> <573AEAFA.3000905@cs.tcd.ie> <5625.1463497891@obiwan.sandelman.ca> <ccc46108-1bad-02bd-4c38-bc111bbc8445@gmail.com> <573BA1F0.7000408@cs.tcd.ie> <CAMm+Lwjmj6YVv=0xgtpQOcacpz78ou+=wOVYErt2R3k12p+DJg@mail.gmail.com> <20160520041400.GG19530@localhost>
Date: Fri, 20 May 2016 12:04:14 -0400
X-Google-Sender-Auth: ytt7KCLr-x1xMMEZCEV_cg2xX7g
Message-ID: <CAMm+LwhF2gbCZFTgpHub=pPArgwLx0DYczhEeOkO4Fp7F2bVSw@mail.gmail.com>
Subject: Re: IESG meeting thoughts
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Nico Williams <nico@cryptonector.com>
Content-Type: multipart/alternative; boundary="001a11c13b840477890533483ead"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/2c4JNsEGmUWD3S9HybFqUnc-USA>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, "ietf@ietf.org list" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 May 2016 16:05:21 -0000
On Fri, May 20, 2016 at 12:14 AM, Nico Williams <nico@cryptonector.com> wrote: > On Tue, May 17, 2016 at 08:04:17PM -0400, Phillip Hallam-Baker wrote: > > Crypto doesn't actually solve any of your security problems. Not one, > > zilch, zero. > > > > What cryptography does is to reduce the size of your information security > > problem. It can reduce it in size from megabytes or even terrabytes to a > > 128 bit key or deciding whether or not to trust one of millions of Web > > sites to whether or not to trust the 50 WebPKI CAs (or ICANN if you are > > feeling really brave). But that is all cryptography does for you. It > > reduces the size of your security problem. > > > > You still have to work out how to keep that key secure or make sure you > > have the right trust anchor. Reducing problems in size is good but you > > still have to solve them. > > Yes, indeed. However, you can make HW that protects a small secret like > that really well, and that's what the dust up between the FBI and Apple > was about. It turns out that Apple can make that HW even better, and > they even might. The better that piece of hardware, the more expensive > to defeat it, the less likely it is that it will be defeated by > criminals -- and tyrants, but also legitimate state actors; HW and SW > doesn't know the difference. > The point I am driving at is that security is a property of the system and the role of cryptography is to reduce the system to manageable size so that the problem becomes solvable. I think that during the cryptowars a lot of us, myself included got way to invested in crypto and failed to see the broader picture. We also got rather too invested in public key over symmetric. Yes, public key is cool but it doesn't reduce the role of symmetric to being a mere support infrastructure like we suggested in the 90s. > Now, of course *convenience* is the achilles heel of any plan to secure > even a small secret. Thus we see courts demanding that people unlock > their mobile devices (and why should this surprise anyone? there's > nothing special about crypto in this regard). > And I think Apple's approach is broken because they failed to put the device beyond their power in the first place. I am not going to pledge to go to jail rather than release the keys that unlock the Mathematical Mesh. Nor am I going to pledge not to release the keys if someone puts a gun to my head or my children's head. Therefore to make the Mesh secure, I have to put it beyond my capability to compromise it. That is the approach Apple should have taken. What that leaves of course is the possibility of a backdoor built into the hardware or the algorithms. A choice of DH modulus that has been cracked, an RNG that is broken. But those types of backdoor would greatly compromise everyone's national security, including the US. 99% of the civil service would end up using the compromised devices which are made in China anyhow, That said, see the techniques I demonstrated for hardening key generation. > But dead people don't care about convenience, which is how one murderous > terrorist bastard managed to single-handedly greatly increase the tempo > of the current crypto war. One wonders whether that was their plan! > I doubt it. They physically destroyed all the phones that they might have used in their attack. The 1990s cryptowar was led by the NSA. I have recently spoken to people who are in the very top ranks of that organization and I really do not think they are leading the effort this time. What worries them today is that they are losing the defensive side of cyber-engagement. Whatever happens, US cyber command is never going to disable or destroy an ISIS nuclear power plant because they haven't got any. We have hundreds and they are all connected to the net in multiple ways in spite of all the airgap requirements. > The important thing is to provide a clear and correct understanding of > the issues to the bureaucrats and politicians, and also of the > trade-offs implied by any proposed policy. And the public too (but > that's much harder). > Well my contribution there is that I will shortly be giving a course 'Cryptography for Everyone'. It looks like the live course is oversubscribed but the material will be on the Web as a series of free podcasts. First thing is to set the baseline for what cryptography is about. Yes we all learn C.I.A. stands for Confidentiality, Integrity and something starting with A. But currently it takes us a decade of experience in the field to understand that security is really all about integrity, not confidentiality and then another decade to realize that it is availability.
- IESG meeting thoughts IETF Chair
- Re: IESG meeting thoughts Bert Wijnen (IETF)
- Re: IESG meeting thoughts Stephen Farrell
- Re: IESG meeting thoughts Randy Bush
- Re: IESG meeting thoughts Bert Wijnen (IETF)
- Re: IESG meeting thoughts Phillip Hallam-Baker
- Re: IESG meeting thoughts Michael Richardson
- Re: IESG meeting thoughts Michael Richardson
- Re: IESG meeting thoughts Phillip Hallam-Baker
- Re: IESG meeting thoughts Brian E Carpenter
- Re: IESG meeting thoughts Stephen Farrell
- Re: IESG meeting thoughts Phillip Hallam-Baker
- Re: IESG meeting thoughts Nico Williams
- Re: IESG meeting thoughts Phillip Hallam-Baker