IETF Logo Mail Archive

Re: The CIA mentions us

Michael Richardson <mcr+ietf@sandelman.ca> Fri, 10 March 2017 14:27 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D9E112958E for <ietf@ietfa.amsl.com>; Fri, 10 Mar 2017 06:27:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D7NZ0a7Wcg3X for <ietf@ietfa.amsl.com>; Fri, 10 Mar 2017 06:27:09 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14DC7129579 for <ietf@ietf.org>; Fri, 10 Mar 2017 06:27:09 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 06718E206; Fri, 10 Mar 2017 09:49:57 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 043466381A; Fri, 10 Mar 2017 09:27:08 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Phillip Hallam-Baker <phill@hallambaker.com>
Subject: Re: The CIA mentions us
In-Reply-To: <CAMm+Lwg1MzDOn9xQ_-3oKcZ1odFF552sPGJhu17KRTP0SNR2vw@mail.gmail.com>
References: <20170307155346.fwhhpnsm4wl6zzoo@nic.fr> <CAMm+Lwh5E-NPXsVWQpK2tA8Rr+6SpvJJKxMbiks7_F1umxz2FQ@mail.gmail.com> <20170307160840.duv7wwg5sm23nrek@nic.fr> <44d06f90-0f38-f6de-8eb1-cf8262369cd5@bogus.com> <c6df6333-1a08-aa0c-c1de-55d335234f2a@si6networks.com> <alpine.LRH.2.01.1703071034050.3764@egate.xpasc.com> <CAMm+LwioHOJxDZudH8Ya9SYv5DT1fPMJ5ypDR8O5JGa4HwxPvg@mail.gmail.com> <F950C538-05E4-451B-8AC0-A42010DAA8D6@piuha.net> <00A55B3A256BD71DFB1866B4@PSB> <CAMm+Lwg1MzDOn9xQ_-3oKcZ1odFF552sPGJhu17KRTP0SNR2vw@mail.gmail.com>
X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Fri, 10 Mar 2017 09:27:07 -0500
Message-ID: <405.1489156027@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/PUI58mbF_rSF5TYHM2mdjv7V5GI>
Cc: John C Klensin <john-ietf@jck.com>, IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Mar 2017 14:27:10 -0000

Phillip Hallam-Baker <phill@hallambaker.com> wrote:
    > However, it is not just the US agencies doing this work. There are now
    > 117 cyber commands and there is a real problem of 'loose
    > cyber-weapons'. It is to the interest of the US and to all the other
    > cyber-commands that a norm is established that cyber weapons are
    > secured end to end throughout their lifecyle and tools produced to
    > enable that to be achieved.

I'm not really sure I understand what it means to secure a cyber weapon.

You could be talking about keeping the source code in locked briefcases,
or you could be talking about some kind of snake-oil DRM on the binaries,
like the movie and game industries thinks they have "invented".  Or something
else completely.

    > Such tools do not currently exist. However some key patent expiries
    > that have occurred and will be complete in November this year make true
    > end to end data level encryption practical. I have proof of concept but
    > short of infringing code running in the lab which I will push out as
    > soon as I can together with the supporting specifications.

Now here you seem to be talking about securing things in transit.

if I may air some of my griping: tcpdump has recently dealt with some hundred
potential vulnerabilities found by futzing.  I was interested to find a file
called "PCAP" in the Vault 7 archives, but it's not really released yet.

What's annoying is that there is money for attack tools, and there are
rewards for finding exploits, but not much for fixing bugs, and many serious
disincentives to good design in the first place.


--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email