IETF Logo Mail Archive

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

Phillip Hallam-Baker <hallam@gmail.com> Fri, 06 September 2013 03:11 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A983311E8230 for <ietf@ietfa.amsl.com>; Thu, 5 Sep 2013 20:11:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.669
X-Spam-Level:
X-Spam-Status: No, score=-1.669 tagged_above=-999 required=5 tests=[AWL=-0.929, BAYES_20=-0.74, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UU8SoW8wgIyG for <ietf@ietfa.amsl.com>; Thu, 5 Sep 2013 20:11:02 -0700 (PDT)
Received: from mail-la0-x229.google.com (mail-la0-x229.google.com [IPv6:2a00:1450:4010:c03::229]) by ietfa.amsl.com (Postfix) with ESMTP id 1E81311E822B for <ietf@ietf.org>; Thu, 5 Sep 2013 20:11:01 -0700 (PDT)
Received: by mail-la0-f41.google.com with SMTP id ec20so2289946lab.14 for <ietf@ietf.org>; Thu, 05 Sep 2013 20:11:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=FUwxzq/ye06oZ5NgIXhI1zY93RSXy9ymFXssSnSPIqs=; b=jY0tLzGJ5u5EG8MHsLlmuqQ0KEANcbAtGK0grsQuZBF3Azrv7Vc98jYJrciPjfVdg0 6teuxBw8V5mG63aSjL/6lc2imkQVAJwlzaxWilRG6+w5JndFWQK5vHL4YvQFBQK5uu// sZPRW6kXtf/1MUUSscxPe7am3qsJoAwVEPHMbGzkpM/S5QADMCk00AsT3O97r0fT+9Tz bW0ngCAlYGv9fQSB5xn9uAJyAvkSDBmMl7QvD/+K9IYOseEtwsddl3iTnXn5/rOOn6aW 3Rf5cg1cPRKxhWyfnMsLYlnFJRH7XcfzMGS9ArnRHW6LQsPw/GcgGbzhk81TF0sQl2Zi /VXA==
MIME-Version: 1.0
X-Received: by 10.152.9.37 with SMTP id w5mr151687laa.23.1378437060992; Thu, 05 Sep 2013 20:11:00 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Thu, 5 Sep 2013 20:11:00 -0700 (PDT)
In-Reply-To: <52293197.1060809@gmail.com>
References: <5F053C0B-4678-4680-A8BF-62FF282ADDCE@softarmor.com> <alpine.BSF.2.00.1309051743130.47262@hiroshima.bogus.com> <52293197.1060809@gmail.com>
Date: Thu, 05 Sep 2013 23:11:00 -0400
Message-ID: <CAMm+LwjdN478yyU=J7=GTpQxqtdgP8wtdEtna50X+WtA-bV3hg@mail.gmail.com>
Subject: Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Content-Type: multipart/alternative; boundary="089e014946f45da60504e5ae63fd"
Cc: "ietf@ietf.org Discussion" <ietf@ietf.org>, Dean Willis <dean.willis@softarmor.com>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2013 03:11:03 -0000

On Thu, Sep 5, 2013 at 9:36 PM, Brian E Carpenter <
brian.e.carpenter@gmail.com> wrote:

> I'm sorry, I don't detect the emergency.
>
> I'm not saying there's no issue or no work to do, but what's new about
> any of this?
>
> Was PRISM a surprise to anyone who knew that the Five Eyes sigint
> organisations have been cooperating since about 1942 and using
> intercontinental data links since 1944)? Was Xkeyscore a surprise
> to anyone who's been observing the whole Big Data scene? Is any
> ISP or router vendor actually unaware of the security issues in
> routers? Aren't most of them o/s implementation issues in any case?
> Hasn't the IETF been working on BGP4 security for quite a while now?
>
> I'm very glad we did RFC 1984 and RFC 2804 when we did, but it's
> probably more important that we did RFC 3552. We certainly need
> to apply it.
>
> I am against any panic response to the hype. If someone can identify
> any specific, new, protocol-based threats in the recent media stories,
> that would be worth an I-D and appropriate IETF action.
>
> Regards
>    Brian Carpenter



As I have suggested to several people, we can turn lemons into lemonade.

The NSA has conspicuously failed to keep the state secrets of the US
secret. Clapper should be forced to resign or be sacked. The NSA is too big
to keep secrets.

But they have also failed on the technical mission to develop and deploy
technology to protect secrets. They have harassed people trying to deploy
strong crypto, myself included. I don't think it is exactly a coincidence I
had my car searched three times on a round trip between Geneva and London
when I started working on security. Or that the harassment suddenly stopped
after I used my family connections to make a complaint.


I knew that the CERN hub was compromised when I was at CERN. I have known
that the System-X telephone system in the UK is expressly designed to allow
any telephone handset in the UK to be turned into a passive room bug. But
until the Snowden materials were released I have found it difficult to
convince other people of the extent of those capabilities or the risks that
they pose.

The CIA has finally admitted that they were behind the Operation Ajax coup
that replaced democracy in Iran with a convenient dictator. At least until
the rabble rouser the US embassy hired to set up the riots that brought the
government down toppled the convenient despot in the 1979 revolution. What
has not yet come out is that the coup was only possible because the NSA had
cracked the Iranian ciphers and that is how the CIA knew which army
officers might be sympathetic.

So I don't think that the unrestricted ability to read other gentlemen's
mail is quite the boon that some imagine.

Now I also have known for over twenty years that when some of us were
trying to bring the East German government down because the communist
system was a disgrace to humanity my own Prime Minister was meeting with
Gorbachev begging him to send in the tanks and stop the regime collapsing.

There are many things that I know and have known but I don't generally
mention because mentioning such things without the ability to prove them
tends to make you look like a bloody fool. Thanks to Snowden I can now
confirm that HEPNET was tapped at CERN without looking a bloody fool.


S/MIME is almost what we need to secure email. What is missing is an
effective key discovery scheme. We could add that and add Ben Laurie's
Certificate Transparency and have a pretty good start on a PRISM Proof
email scheme.

What we lack is not the technology, it is demand for deployment. Snowden
supplies that demand in two ways. First by revealing the extent of NSA and
GCHQ surveillance, second by exposing the fact that the agency is badly,
sloppily run and likely riddled with Snowdens from Russia, China and
goodness knows where else.


At this point the closure of PRISM and BULLRUN and the rest is
inevitable.  Likely not under this President but the next won't owe the
same debts.Clapper has to go and so has Alexander. Heads have to roll when
there is a security breach caused by such abject incompetence and a failure
of the NSA mission to protect US government secrets, especially their own.

What we can achieve instead is to secure the Internet. I don't care what
bogeyman is that motivates people to do what is necessary provided that
they do it. We have to lock down the nuclear power stations that have
control systems based on MODBUS and no authentication controls whatsoever.
We have to lock down electricity, water, gas.


The mission here is to make our countries safe. Making our countries unsafe
to protect the ability of idiots to play wargames is notthe act of a
patriot, it is the act of a traitor.


-- 
Website: http://hallambaker.com/

v2.23.0 | Report a Bug | By Email