Re: The CIA mentions us
Phillip Hallam-Baker <phill@hallambaker.com> Fri, 10 March 2017 18:50 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68A611295A9 for <ietf@ietfa.amsl.com>; Fri, 10 Mar 2017 10:50:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.349
X-Spam-Level:
X-Spam-Status: No, score=-2.349 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q8hpz6TX_gL1 for <ietf@ietfa.amsl.com>; Fri, 10 Mar 2017 10:49:59 -0800 (PST)
Received: from mail-yw0-x231.google.com (mail-yw0-x231.google.com [IPv6:2607:f8b0:4002:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 70077129583 for <ietf@ietf.org>; Fri, 10 Mar 2017 10:49:59 -0800 (PST)
Received: by mail-yw0-x231.google.com with SMTP id p77so29304317ywg.1 for <ietf@ietf.org>; Fri, 10 Mar 2017 10:49:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=zr891jBl6ldF3KTTMhqbUnqJqHPNJr9z0F8AKNAK3QU=; b=qjdFFb4RMKlMQvAe7FtU/OD6ANiuSkvJKVRga1VoAwOVIOwBUgkJPDzCk11ZB6iNrm KhxfGw/wbzEY3pUdTmWJGpKkK4Dr76SpfAdDQrtcm2jp2B8YuOwy6EEyRgCw1v+zXMsI RP119t9/0Y8bmxCyfSktg1wLF02JZi5MlS8Mf3QWrFnFCYkoO8RnqpVswZw6fiiOey0t hjt8dAW6Tzj+ATe0Xm7Tz0tmEPP4x+zQLDnZlVYkURhiEYph+BF5hI1V3dnX2xQm/+Yo kWSOvPSGfG5l4CATzCX+hQuRasvMbnWFKLY0gHndLR6yQM9Hu/n0X1sw3nKYQBFtSQhp 69yg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=zr891jBl6ldF3KTTMhqbUnqJqHPNJr9z0F8AKNAK3QU=; b=f9yJJcT8CzueP64WlHE2mLHiMBJct2uNHzkUvaW48gvkF62o+3G5HeHH139rjoE7ZX h27IRnikFRtHDBn8VoD+xnJP57vwli70HmTAH0IdANNtj8JDAIsgPDz4EdESZbQaiSvc 86jtZD316muI1ESN41uRFc4hNTRBdP64GVkNaqjtaKze2jODBEhy3bvcH2m+TbVPrzie kdIAXd8bUQL3mBWdm0tYahtAcyB4AjN7rxo4nPBHk6pwxdVepqS05FfIgkR+FHvJMABF lvADqdI6lmU3QdehmyB6o3EuzeRiZVVYS7KNt6FFI8IapSYDev6uWNcMTwXp8vCgBD9G QAvw==
X-Gm-Message-State: AMke39kE5xi1bzWl6wR8hROVgmi0/c/Symk7cMrYhHH5+rfFEplHU0ImGg70h1ayvsK7FDIQbJA8wGvR2vZutQ==
X-Received: by 10.129.109.75 with SMTP id i72mr8785721ywc.340.1489171798599; Fri, 10 Mar 2017 10:49:58 -0800 (PST)
MIME-Version: 1.0
Sender: hallam@gmail.com
Received: by 10.83.19.20 with HTTP; Fri, 10 Mar 2017 10:49:57 -0800 (PST)
In-Reply-To: <405.1489156027@obiwan.sandelman.ca>
References: <20170307155346.fwhhpnsm4wl6zzoo@nic.fr> <CAMm+Lwh5E-NPXsVWQpK2tA8Rr+6SpvJJKxMbiks7_F1umxz2FQ@mail.gmail.com> <20170307160840.duv7wwg5sm23nrek@nic.fr> <44d06f90-0f38-f6de-8eb1-cf8262369cd5@bogus.com> <c6df6333-1a08-aa0c-c1de-55d335234f2a@si6networks.com> <alpine.LRH.2.01.1703071034050.3764@egate.xpasc.com> <CAMm+LwioHOJxDZudH8Ya9SYv5DT1fPMJ5ypDR8O5JGa4HwxPvg@mail.gmail.com> <F950C538-05E4-451B-8AC0-A42010DAA8D6@piuha.net> <00A55B3A256BD71DFB1866B4@PSB> <CAMm+Lwg1MzDOn9xQ_-3oKcZ1odFF552sPGJhu17KRTP0SNR2vw@mail.gmail.com> <405.1489156027@obiwan.sandelman.ca>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Fri, 10 Mar 2017 13:49:57 -0500
X-Google-Sender-Auth: iF4xGrgB3Z6ALYxJOuj4Bmxo6CA
Message-ID: <CAMm+Lwj9=t6UtQJ8880QR1zycJfpcuCZX1MgQtko1wef_1PwDQ@mail.gmail.com>
Subject: Re: The CIA mentions us
To: Michael Richardson <mcr+ietf@sandelman.ca>
Content-Type: multipart/alternative; boundary="001a114db4ac10b0fe054a64d4b5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/DxM8v2RZHhIsMQGfq0Mx0YACWNs>
Cc: John C Klensin <john-ietf@jck.com>, IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Mar 2017 18:50:01 -0000
I do not mean either transport or snake oil. DRM has been a bust because two problems were conflated 1) Limiting access to confidential documents to those with a need to know 2) Preventing disclosure but those granted access. The first is a completely tractable problem of cryptographic engineering that I have a working, almost open (November) solution for with MIT License reference code. The second is never going to have an absolute solution. Even with trustworthy hardware, there are techniques that can break a device if you are prepared to pay a lot of money to do so. Techniques that involve electron microscopes and sanding down the back of devices. Even FIPS-140 level 3 are not absolutely immune. But this disclosure would probably have been prevented with (1) alone and almost certainly with (1) plus pervasive accountability controls. Which incidentally, Mesh/Recrypt does support. I want to establish an international norm that cyber commands secure their attack code end to end and I am proposing an infrastructure that does exactly that. Now the utility of such a scheme embedded into Office, OfficeLibre and the like would be vastly wider than just cyber commands. But one of the pathologies of the US government research funding programs is that the only work that can be funded is work that has a military application. So I am framing the problem in this form for the benefit of DARPA program managers looking to give me money to work on this. I call my subset of the DRM problem Confidential Data Control. The introduction of 'rights' into the problem statement is entirely spurious. Right now, the crypto code works in Ed25519 and will probably work for Ed448 by this evening. Getting it to work on Montgomery curves is a little more complicated as I have to figure out how to do point addition as a primitive separate from multiplication. If someone could shoot me some code to copy, it would help me save a few hours and spend some quality time with my daleks this evening. On Fri, Mar 10, 2017 at 9:27 AM, Michael Richardson <mcr+ietf@sandelman.ca> wrote: > > Phillip Hallam-Baker <phill@hallambaker.com> wrote: > > However, it is not just the US agencies doing this work. There are > now > > 117 cyber commands and there is a real problem of 'loose > > cyber-weapons'. It is to the interest of the US and to all the other > > cyber-commands that a norm is established that cyber weapons are > > secured end to end throughout their lifecyle and tools produced to > > enable that to be achieved. > > I'm not really sure I understand what it means to secure a cyber weapon. > > You could be talking about keeping the source code in locked briefcases, > or you could be talking about some kind of snake-oil DRM on the binaries, > like the movie and game industries thinks they have "invented". Or > something > else completely. > > > Such tools do not currently exist. However some key patent expiries > > that have occurred and will be complete in November this year make > true > > end to end data level encryption practical. I have proof of concept > but > > short of infringing code running in the lab which I will push out as > > soon as I can together with the supporting specifications. > > Now here you seem to be talking about securing things in transit. > > if I may air some of my griping: tcpdump has recently dealt with some > hundred > potential vulnerabilities found by futzing. I was interested to find a > file > called "PCAP" in the Vault 7 archives, but it's not really released yet. > > What's annoying is that there is money for attack tools, and there are > rewards for finding exploits, but not much for fixing bugs, and many > serious > disincentives to good design in the first place. > > > -- > Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works > -= IPv6 IoT consulting =- > > > >
- The CIA mentions us Stephane Bortzmeyer
- Re: The CIA mentions us Phillip Hallam-Baker
- Re: The CIA mentions us Phillip Hallam-Baker
- Re: The CIA mentions us Stephane Bortzmeyer
- Re: The CIA mentions us joel jaeggli
- Re: The CIA mentions us Fernando Gont
- Re: The CIA mentions us David Morris
- Re: The CIA mentions us Fernando Gont
- Re: The CIA mentions us Phillip Hallam-Baker
- Re: The CIA mentions us Phillip Hallam-Baker
- Re: The CIA mentions us Jari Arkko
- Re: The CIA mentions us John C Klensin
- Re: The CIA mentions us Phillip Hallam-Baker
- Re: The CIA mentions us Vinayak Hegde
- Re: The CIA mentions us willi uebelherr
- Re: The CIA mentions us Michael Richardson
- Re: The CIA mentions us Dave Cridland
- Re: The CIA mentions us Phillip Hallam-Baker
- Re: The CIA mentions us Jari Arkko
- Re: The CIA mentions us Ted Lemon
- Re: The CIA mentions us Bob Hinden
- Re: The CIA mentions us Jari Arkko
- Re: The CIA mentions us Stephen Farrell
- Re: The CIA mentions us Phillip Hallam-Baker
- Re: The CIA mentions us joel jaeggli
- Re: The CIA mentions us Rich Kulawiec
- Re: The CIA mentions us Ted Lemon
- Re: The CIA mentions us Phillip Hallam-Baker
- Re: The CIA mentions us willi uebelherr
- Re: The CIA mentions us Yoav Nir
- Re: The CIA mentions us willi uebelherr
- RE: The CIA mentions us Tony Hain