IETF Logo Mail Archive

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

Ted Lemon <ted.lemon@nominum.com> Fri, 06 September 2013 15:46 UTC

Return-Path: <Ted.Lemon@nominum.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11C0021E8107 for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 08:46:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.44
X-Spam-Level:
X-Spam-Status: No, score=-106.44 tagged_above=-999 required=5 tests=[AWL=-0.141, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O3l1dktpnIHJ for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 08:46:26 -0700 (PDT)
Received: from exprod7og101.obsmtp.com (exprod7og101.obsmtp.com [64.18.2.155]) by ietfa.amsl.com (Postfix) with ESMTP id 50C1C21E8105 for <ietf@ietf.org>; Fri, 6 Sep 2013 08:46:26 -0700 (PDT)
Received: from shell-too.nominum.com ([64.89.228.229]) (using TLSv1) by exprod7ob101.postini.com ([64.18.6.12]) with SMTP ID DSNKUin40cC9k9HC5v5XZ1EjWuQbxkrBcRby@postini.com; Fri, 06 Sep 2013 08:46:26 PDT
Received: from archivist.nominum.com (archivist.nominum.com [64.89.228.108]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by shell-too.nominum.com (Postfix) with ESMTP id B2CD01B821D for <ietf@ietf.org>; Fri, 6 Sep 2013 08:46:25 -0700 (PDT)
Received: from webmail.nominum.com (cas-01.win.nominum.com [64.89.228.131]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by archivist.nominum.com (Postfix) with ESMTPS id 976D719007A; Fri, 6 Sep 2013 08:46:25 -0700 (PDT) (envelope-from Ted.Lemon@nominum.com)
Received: from [10.0.10.40] (192.168.1.10) by CAS-01.WIN.NOMINUM.COM (192.168.1.100) with Microsoft SMTP Server (TLS) id 14.2.318.4; Fri, 6 Sep 2013 08:46:18 -0700
Content-Type: text/plain; charset="windows-1252"
MIME-Version: 1.0 (Mac OS X Mail 7.0 \(1805\))
Subject: Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA
From: Ted Lemon <ted.lemon@nominum.com>
In-Reply-To: <20130906072539.GJ5700@besserwisser.org>
Date: Fri, 06 Sep 2013 11:46:17 -0400
Content-Transfer-Encoding: quoted-printable
Message-ID: <9AC2A86F-250C-4B3C-B9BA-8DF44C937B41@nominum.com>
References: <5F053C0B-4678-4680-A8BF-62FF282ADDCE@softarmor.com> <alpine.BSF.2.00.1309051743130.47262@hiroshima.bogus.com> <52293197.1060809@gmail.com> <5C7FECAB-8A22-4AF1-B023-456458E1B288@nominum.com> <522949C2.8010206@gmail.com> <52294C6D.7090206@gmail.com> <m2ppsmzgs5.wl%randy@psg.com> <5229686A.5090308@gmail.com> <31078634-5AEA-4FC9-80A8-2E77650BA530@piuha.net> <20130906072539.GJ5700@besserwisser.org>
To: Måns Nilsson <mansaxel@besserwisser.org>
X-Mailer: Apple Mail (2.1805)
X-Originating-IP: [192.168.1.10]
Cc: "ietf@ietf.org list" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2013 15:46:33 -0000

On Sep 6, 2013, at 3:25 AM, Måns Nilsson <mansaxel@besserwisser.org> wrote:
> I do think that more distributed technoligies like DANE play an important
> rôle here.

Right, because there's no way the NSA could ever pwn the DNS root key.

What we should probably be thinking about here is:

  - Mitigating single points of failure (IOW, we _cannot_ rely
    on just the root key)
  - Hybrid solutions (more trust sources means more work to
    compromise)
  - Sanity checking (if a key changes unexpectedly, we should
    be able to notice)
  - Multiple trust anchors (for stuff that really matters, we
    can't rely on the root or on a third party CA)
  - Trust anchor establishment for sensitive communications
    (e.g. with banks)

The threat model isn't really the NSA per se—if they really want to bug you, they will, and you can't stop them, and that's not a uniformly bad thing.   The problem is the breathtakingly irresponsible weakening of crypto systems that has been alleged here, and what we can do to mitigate that.   Even if we aren't sure that it's happened, or precisely what's happened, it's likely that it has happened, or will happen in the near future.  We should be thinking in those terms, not crossing our fingers and hoping for the best.

v2.23.0 | Report a Bug | By Email