Re: The CIA mentions us
John C Klensin <john-ietf@jck.com> Thu, 09 March 2017 21:02 UTC
Return-Path: <john-ietf@jck.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CAE20129534 for <ietf@ietfa.amsl.com>; Thu, 9 Mar 2017 13:02:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0auhaazBzBn8 for <ietf@ietfa.amsl.com>; Thu, 9 Mar 2017 13:02:45 -0800 (PST)
Received: from bsa2.jck.com (ns.jck.com [70.88.254.51]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89E6012940C for <ietf@ietf.org>; Thu, 9 Mar 2017 13:02:45 -0800 (PST)
Received: from [198.252.137.70] (helo=PSB) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1cm5Cq-000FCO-Fy; Thu, 09 Mar 2017 16:02:40 -0500
Date: Thu, 09 Mar 2017 16:02:34 -0500
From: John C Klensin <john-ietf@jck.com>
To: Jari Arkko <jari.arkko@piuha.net>, Phillip Hallam-Baker <phill@hallambaker.com>
Subject: Re: The CIA mentions us
Message-ID: <00A55B3A256BD71DFB1866B4@PSB>
In-Reply-To: <F950C538-05E4-451B-8AC0-A42010DAA8D6@piuha.net>
References: <20170307155346.fwhhpnsm4wl6zzoo@nic.fr> <CAMm+Lwh5E-NPXsVWQpK2tA8Rr+6SpvJJKxMbiks7_F1umxz2FQ@mail.gmail.com> <20170307160840.duv7wwg5sm23nrek@nic.fr> <44d06f90-0f38-f6de-8eb1-cf8262369cd5@bogus.com> <c6df6333-1a08-aa0c-c1de-55d335234f2a@si6networks.com> <alpine.LRH.2.01.1703071034050.3764@egate.xpasc.com> <CAMm+LwioHOJxDZudH8Ya9SYv5DT1fPMJ5ypDR8O5JGa4HwxPvg@mail.gmail.com> <F950C538-05E4-451B-8AC0-A42010DAA8D6@piuha.net>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Connect-IP: 198.252.137.70
X-SA-Exim-Mail-From: john-ietf@jck.com
X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/9aWUUgeA-2Mp4yprYE9kxLC2Zxg>
Cc: IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Mar 2017 21:02:47 -0000
Jari,
Let me suggest one addition to your list (with which I otherwise
agree):
5. No matter how strong the in-transit encryption or other
measures, they doesn't mean much if the relevant endpoint hosts,
or intermediate hosts that have the traffic in the clear, can be
compromised. We all know that, but we seem to sometimes need
reminding. In particular, while it is definitely not an
argument against link encryption, we need to be cautious that we
are not protecting things in a way that inadvertently shifts the
points of vunerability from one place to another (especially
another that is either more easily compromised or that
constitutes larger and more concentrated single point of
failure) and then assume that it makes things more secure
overall.
best,
john
--On Thursday, March 9, 2017 22:36 +0200 Jari Arkko
<jari.arkko@piuha.net> wrote:
> Up-leveling a bit from the discussion of best practices for
> surveillance organisations and virus builders (who apparently
> are partly the same crowd). We can make some more general
> observations, I think, maybe a bit more relevant for the rest
> of us.
>
> I don't think the reported findings are particularly
> surprising. But they seem to support what I think we knew
> already:
>
> 1. Security isn't a single feature, but needs to be thought
> in terms of the whole. Comms security and devices and ...
>
> 2. There is no such thing as privileged access to the good
> guys. It will leak / break / be shared.
>
> 3. Secretly held vulnerabilities make us all less safe.
>
> 4. The security of our communications and applications matters
> a lot. Lives are at stake, not just your browsing history.
>
> Jari
>
- The CIA mentions us Stephane Bortzmeyer
- Re: The CIA mentions us Phillip Hallam-Baker
- Re: The CIA mentions us Phillip Hallam-Baker
- Re: The CIA mentions us Stephane Bortzmeyer
- Re: The CIA mentions us joel jaeggli
- Re: The CIA mentions us Fernando Gont
- Re: The CIA mentions us David Morris
- Re: The CIA mentions us Fernando Gont
- Re: The CIA mentions us Phillip Hallam-Baker
- Re: The CIA mentions us Phillip Hallam-Baker
- Re: The CIA mentions us Jari Arkko
- Re: The CIA mentions us John C Klensin
- Re: The CIA mentions us Phillip Hallam-Baker
- Re: The CIA mentions us Vinayak Hegde
- Re: The CIA mentions us willi uebelherr
- Re: The CIA mentions us Michael Richardson
- Re: The CIA mentions us Dave Cridland
- Re: The CIA mentions us Phillip Hallam-Baker
- Re: The CIA mentions us Jari Arkko
- Re: The CIA mentions us Ted Lemon
- Re: The CIA mentions us Bob Hinden
- Re: The CIA mentions us Jari Arkko
- Re: The CIA mentions us Stephen Farrell
- Re: The CIA mentions us Phillip Hallam-Baker
- Re: The CIA mentions us joel jaeggli
- Re: The CIA mentions us Rich Kulawiec
- Re: The CIA mentions us Ted Lemon
- Re: The CIA mentions us Phillip Hallam-Baker
- Re: The CIA mentions us willi uebelherr
- Re: The CIA mentions us Yoav Nir
- Re: The CIA mentions us willi uebelherr
- RE: The CIA mentions us Tony Hain