Re: https at ietf.org

ned+ietf@mauve.mrochek.com Thu, 07 November 2013 20:31 UTC

Return-Path: <ned+ietf@mauve.mrochek.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F04D821E8186 for <ietf@ietfa.amsl.com>; Thu, 7 Nov 2013 12:31:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.578
X-Spam-Level:
X-Spam-Status: No, score=-2.578 tagged_above=-999 required=5 tests=[AWL=0.021, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z3rak4sFLfYD for <ietf@ietfa.amsl.com>; Thu, 7 Nov 2013 12:31:31 -0800 (PST)
Received: from mauve.mrochek.com (mauve.mrochek.com [66.59.230.40]) by ietfa.amsl.com (Postfix) with ESMTP id B67B221E8176 for <ietf@ietf.org>; Thu, 7 Nov 2013 12:31:31 -0800 (PST)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01P0I78TAEPC0005KZ@mauve.mrochek.com> for ietf@ietf.org; Thu, 7 Nov 2013 12:26:30 -0800 (PST)
MIME-version: 1.0
Content-type: TEXT/PLAIN; charset="Windows-1252"
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01P0DS85DTO000004G@mauve.mrochek.com> (original mail from NED@mauve.mrochek.com) for ietf@ietf.org; Thu, 7 Nov 2013 12:26:27 -0800 (PST)
From: ned+ietf@mauve.mrochek.com
Message-id: <01P0I78RY5YC00004G@mauve.mrochek.com>
Date: Thu, 07 Nov 2013 12:15:11 -0800
Subject: Re: https at ietf.org
In-reply-to: "Your message dated Thu, 07 Nov 2013 19:34:44 +0000" <269905B2-87CD-4E9B-B0D5-BED0380E6F0A@cert.org>
References: <20131107173346.7C90D18C0E2@mercury.lcs.mit.edu> <269905B2-87CD-4E9B-B0D5-BED0380E6F0A@cert.org>
To: Chris Inacio <inacio@cert.org>
Cc: Noel Chiappa <jnc@mercury.lcs.mit.edu>, IETF-Discussion Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Nov 2013 20:31:38 -0000

> If people can tamper with the process without traceability, is the process
> open?

OK, let me see if I understand what you're saying. You're saying that because
of the lack of protection on just one of the many means of getting public
information the IETF has produced, that someone is going to take advantage of
this to make some sort of nefarious change to some standards document, draft,
etc. and by doing so manage to change the outcome of a standards process.

If this is what you mean, then we've move to discussing what Bruce Scheier
calls a "movie-plot threat", and I suggest that you enter your idea into the
into the next contest Bruce runs.

It should do well there.

> ...

> HTTPS protects a user (presumably) from someone knowing which standard that
> downloaded or which mailing list archive they might have read.  If there is
> pervasive passive monitoring, it doesn’t protect them from being recognized as
> having gone to IETF.  And if you really have enough passive monitoring -
> determining which standard gets downloaded might be possible too, watch for the
> traffic spike, and check the size.  (It’s really easy for those reading NFS :)
> .)  Because the passive monitor can get all the standards too, and know their
> size just as well.

Which is why we should - and do - offer https access. And prefer it, if
possible.

But as you note - and as I have noted previously - this doesn't do squat about
traffic analysis, including but not limited to size checks. Perhaps rsyncing
the entire document collection is the best approach if size checks really are a
concern.

				Ned