IETF Logo Mail Archive

Re: Bruce Schneier's Proposal to dedicate November meeting to savingthe Internet from the NSA

t.p. <daedulus@btconnect.com> Fri, 06 September 2013 07:57 UTC

Return-Path: <daedulus@btconnect.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E05A21E80D3 for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 00:57:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.753
X-Spam-Level:
X-Spam-Status: No, score=-3.753 tagged_above=-999 required=5 tests=[AWL=-0.154, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2EMh+RTAw6mm for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 00:57:41 -0700 (PDT)
Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe004.messaging.microsoft.com [216.32.180.14]) by ietfa.amsl.com (Postfix) with ESMTP id 4055C11E8173 for <ietf@ietf.org>; Fri, 6 Sep 2013 00:57:20 -0700 (PDT)
Received: from mail10-va3-R.bigfish.com (10.7.14.239) by VA3EHSOBE001.bigfish.com (10.7.40.21) with Microsoft SMTP Server id 14.1.225.22; Fri, 6 Sep 2013 07:57:17 +0000
Received: from mail10-va3 (localhost [127.0.0.1]) by mail10-va3-R.bigfish.com (Postfix) with ESMTP id E7D291A0121; Fri, 6 Sep 2013 07:57:17 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:157.56.249.85; KIP:(null); UIP:(null); IPV:NLI; H:AMSPRD0710HT004.eurprd07.prod.outlook.com; RD:none; EFVD:NLI
X-SpamScore: -16
X-BigFish: PS-16(zz98dI9371Id772h542I1432I1418Izz1f42h208ch1ee6h1de0h1fdah2073h1202h1e76h1d1ah1d2ah1fc6hzz1de098h1033IL1de097h8275bh8275dhz2dh2a8h5a9h839h947hd24hf0ah1177h1179h1288h12a5h12a9h12bdh137ah139eh13b6h1441h1504h1537h162dh1631h1758h17f1h184fh1898h18e1h1946h19b5h19ceh1ad9h1b0ah1d0ch1d2eh1d3fh1dfeh1dffh1e1dh1e23h304l1d11m1155h)
Received: from mail10-va3 (localhost.localdomain [127.0.0.1]) by mail10-va3 (MessageSwitch) id 1378454166277130_25540; Fri, 6 Sep 2013 07:56:06 +0000 (UTC)
Received: from VA3EHSMHS020.bigfish.com (unknown [10.7.14.227]) by mail10-va3.bigfish.com (Postfix) with ESMTP id 34B16380041; Fri, 6 Sep 2013 07:56:06 +0000 (UTC)
Received: from AMSPRD0710HT004.eurprd07.prod.outlook.com (157.56.249.85) by VA3EHSMHS020.bigfish.com (10.7.99.30) with Microsoft SMTP Server (TLS) id 14.16.227.3; Fri, 6 Sep 2013 07:56:05 +0000
Received: from AMXPRD0310HT005.eurprd03.prod.outlook.com (157.56.248.133) by pod51017.outlook.com (10.255.160.167) with Microsoft SMTP Server (TLS) id 14.16.353.4; Fri, 6 Sep 2013 07:55:58 +0000
Message-ID: <006001ceaad6$61f39640$4001a8c0@gateway.2wire.net>
From: "t.p." <daedulus@btconnect.com>
To: Phillip Hallam-Baker <hallam@gmail.com>, Andrew Sullivan <ajs@anvilwalrusden.com>
References: <5F053C0B-4678-4680-A8BF-62FF282ADDCE@softarmor.com><alpine.BSF.2.00.1309051743130.47262@hiroshima.bogus.com><52293197.1060809@gmail.com><CAMm+LwjdN478yyU=J7=GTpQxqtdgP8wtdEtna50X+WtA-bV3hg@mail.gmail.com><52294BDC.4060707@gmail.com><20130906033254.GH62204@mx1.yitter.info> <CAMm+Lwg9kJymBWaEXwZfQ=P5Uo-UmYoNvvzewnXjUu+mhg+QTQ@mail.gmail.com>
Subject: Re: Bruce Schneier's Proposal to dedicate November meeting to savingthe Internet from the NSA
Date: Fri, 06 Sep 2013 08:54:50 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Originating-IP: [157.56.248.133]
X-OriginatorOrg: btconnect.com
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
Cc: IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2013 07:57:54 -0000

----- Original Message -----
From: "Phillip Hallam-Baker" <hallam@gmail.com>
To: "Andrew Sullivan" <ajs@anvilwalrusden.com>
Cc: "IETF Discussion Mailing List" <ietf@ietf.org>
Sent: Friday, September 06, 2013 4:56 AM
> On Thu, Sep 5, 2013 at 11:32 PM, Andrew Sullivan
<ajs@anvilwalrusden.com>wrote:
>
> > On Fri, Sep 06, 2013 at 03:28:28PM +1200, Brian E Carpenter wrote:
> > >
> > > OK, that's actionable in the IETF, so can we see the I-D before
> > > the cutoff?
> >
> > Why is that discussion of this nailed to the cycle of IETF meetings?
>
>
> It is not. I raised the challenge over a week ago in another forum.
Last
> thing I would do is to give any institution veto power.
>
>
> The design I think is practical is to eliminate all UI issues by
insisting
> that encryption and decryption are transparent. Any email that can be
sent
> encrypted is sent encrypted.

That sounds like the 'End User Fallacy number one' that I encounter all
the time in my work.  If only everything were encrypted, then we would
be completely safe.  Well, no (as you Phillip know well).  It depends on
the strength of the ciphers (you can get a little padlock on your screen
with SSL 2 which was the default in my local public access system until
recently).  It depends on the keys being secret (one enterprise system I
was enrolled on in 2003 will not let me change my password, ever - only
the system administrator has that power).  It depends on authentication
(I have a totally secure channel, unbreakable in the next 50 years, but
it is not to my bank but to a Far Eastern Power).  And so on.  Yet every
few weeks I hear the media saying, 'look for the padlock'.

I think that the obvious step to improving security is to get the world
at large possessing and using certificates, in the same way as the
governments of the world, not very long agao, persuaded us to use
passports.

Tom Petch

>
> So that means that we have to have a key distribution infrastructure
such
> that when you register a key it becomes available to anyone who might
need
> to send you a message. We would also wish to apply the Certificate
> Transparency approach to protect the Trusted Third Parties from being
> coerced, infiltrated or compromised.
>
> Packaging the implementation is not difficult, a set of proxies for
IMAP
> and SUBMIT enhance and decrypt the messages.
>
> The client side complexity is separated from the proxy using
Omnibroker.
>

v2.23.0 | Report a Bug | By Email