IETF Logo Mail Archive

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

jnc@mercury.lcs.mit.edu (Noel Chiappa) Fri, 06 September 2013 03:15 UTC

Return-Path: <jnc@mercury.lcs.mit.edu>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4830711E8222 for <ietf@ietfa.amsl.com>; Thu, 5 Sep 2013 20:15:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.447
X-Spam-Level:
X-Spam-Status: No, score=-6.447 tagged_above=-999 required=5 tests=[AWL=0.152, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H8HhAcYdZd3g for <ietf@ietfa.amsl.com>; Thu, 5 Sep 2013 20:15:10 -0700 (PDT)
Received: from mercury.lcs.mit.edu (mercury.lcs.mit.edu [18.26.0.122]) by ietfa.amsl.com (Postfix) with ESMTP id 2597D11E8230 for <ietf@ietf.org>; Thu, 5 Sep 2013 20:15:10 -0700 (PDT)
Received: by mercury.lcs.mit.edu (Postfix, from userid 11178) id 4DFB818C126; Thu, 5 Sep 2013 23:15:07 -0400 (EDT)
To: ietf@ietf.org
Subject: Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA
Message-Id: <20130906031507.4DFB818C126@mercury.lcs.mit.edu>
Date: Thu, 05 Sep 2013 23:15:07 -0400
From: jnc@mercury.lcs.mit.edu
Cc: jnc@mercury.lcs.mit.edu
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2013 03:15:15 -0000

    > From: Dean Willis <dean.willis@softarmor.com>

    > The [IETF] .. needs dedicate its next meeting to this task. This is
    > an emergency, and demands an emergency response.

The thing is that I'm not sure how much of this is the NSA 'breaking'
protocols/algorithms, and how much is finding ways past/around that security.
E.g. some of it (from accounts in the news) is definitely back doors,
inserted into hardware or software, and clearly we can't fix those.

Most importantly, in one news story I read, Snowden was quoted as saying
"Unfortunately, endpoint security is so terrifically weak that NSA can
frequently find ways around it".

If this is accurate, we can fix protocols till the cows come home, and people
who wish to gain access to the data will just break into the hosts, and grab
the data before/after it crosses the network. So it's not at all clear than
the IETF can really fix (much of) the problem.

	Noel

v2.23.0 | Report a Bug | By Email