Re: [saag] Is opportunistic unauthenticated encryption a waste of time?

Nico Williams <nico@cryptonector.com> Sat, 23 August 2014 04:05 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EDA31A6FF5; Fri, 22 Aug 2014 21:05:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.666
X-Spam-Level:
X-Spam-Status: No, score=-1.666 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VOq17MANXcJA; Fri, 22 Aug 2014 21:05:53 -0700 (PDT)
Received: from homiemail-a87.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 7C9DC1A6FED; Fri, 22 Aug 2014 21:05:53 -0700 (PDT)
Received: from homiemail-a87.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a87.g.dreamhost.com (Postfix) with ESMTP id 3F93C26C063; Fri, 22 Aug 2014 21:05:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=cBy02uYXMZytlJ voogNnClkF0a0=; b=m6QyjLa6rLQrzlkipE6uS670//KFCIiNB2qhpvz2UVRPKd UNDwN5OoqpLHZ0WC/8Pq+I777TPAuMTFN3PYyafuj65q4xSF4BZ8so/mf4GRYKDm MVz3db8l8az9aD7wWk8cy53iQ37QJWiTQLkWQaRQFJcBuTf9zlF14ZcPcsHJQ=
Received: from localhost (108-207-244-174.lightspeed.austtx.sbcglobal.net [108.207.244.174]) (Authenticated sender: nico@cryptonector.com) by homiemail-a87.g.dreamhost.com (Postfix) with ESMTPA id D691426C05E; Fri, 22 Aug 2014 21:05:52 -0700 (PDT)
Date: Fri, 22 Aug 2014 23:05:52 -0500
From: Nico Williams <nico@cryptonector.com>
To: Bernard Aboba <bernard_aboba@hotmail.com>
Subject: Re: [saag] Is opportunistic unauthenticated encryption a waste of time?
Message-ID: <20140823040550.GQ5909@localhost>
References: <53F548E5.2070208@cs.tcd.ie> <53F54F1C.1060405@dcrocker.net> <53F5D303.1090400@cs.tcd.ie> <CAMm+LwhmJpnU8E9ifA47baneGB=qjHzU_cy+wepPYLXrOhB+Pg@mail.gmail.com> <20140821160402.GT14392@mournblade.imrryr.org> <f5d8b5dc37b84f709c8f2df7c7a69daf@AMSPR06MB439.eurprd06.prod.outlook.com> <CAK3OfOgZzoXVnrE8Nbs6mwN2xD_snbzH9jT8TsYOVt8UASahYQ@mail.gmail.com> <a354d63505924d76a15b505e60e27a16@AMSPR06MB439.eurprd06.prod.outlook.com> <20140822140000.GE14392@mournblade.imrryr.org> <BLU181-W84354FE6BEF12305A2A7DB93D10@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <BLU181-W84354FE6BEF12305A2A7DB93D10@phx.gbl>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/IdHRNch0Uh4TXluGNaLhaSrO9Vw
Cc: "saag@ietf.org" <saag@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Aug 2014 04:05:56 -0000

On Fri, Aug 22, 2014 at 07:13:54PM -0700, Bernard Aboba wrote:
> > It used to be easy to dismiss opportunistic security as a waste of time, it is now clear to most that it is ....
> 
> [BA] Merely a waste of money. 
> "Opportunistic unauthenticated encryption" that does not defend
> against man-in-the-middle attacks has no value against targeted
> surveillance.  So if the goal is to protect dissidents, look
> elsewhere.  Unfortunately, the line between "targeted surveillance"
> and  "mass surveillance" is a thin one.   

For me OS is not about anti-PM, or at least not mainly anti-PM.  See
below.

> The value against mass surveillance is predicated on the assumption
> that "large scale targeted surveillance" is infeasible or that the
> cost of large scale meta-data collection can be increased to the point
> where it is too costly even for a nation-state.   
>
> The first assertion, is likely to be proven false by the first gear to
> include built-in man-in-the-middle attack support.  Care to wager
> which appears first, carrier-class gear supporting man-in-the-middle
> attacks, or significant deployment of "opportunistic" encryption?  

MITM HW, if need be, will materialize and will be deployed.  I don't
doubt this.

That doesn't mean that active attacks are not more costly than passive
ones, or that it's not worth providing protection against passive
attacks.

Attackers not operating under the color of law can only really build a
massive PM active attack system by building edge-most router botnets,
which seems unlikely to go unnoticed, those routers almost certainly
lacking the necessary CPU oomph...  Therefore OS can go a long distance
relative to criminals in many situations.

Sovereign powers will be able to do build active PM systems, no doubt.

But if the end-state for OS is something like DANE then the sovereigns
will either have to MITM DNSSEC or force services to furnish them with
authentication keys.  Both of those are potentially very expensive
politically (because they will be noticeable intrusions).  If not, then
they will at least be clarifying.  If a nation's people don't mind their
government monitoring them, they still ought to be able to get
protection relative to third parties (routers, criminals, foreign
powers).

Nico
--