IETF Logo Mail Archive

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

Phillip Hallam-Baker <hallam@gmail.com> Sun, 15 September 2013 13:48 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFD1221F9FAC for <ietf@ietfa.amsl.com>; Sun, 15 Sep 2013 06:48:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.372
X-Spam-Level:
X-Spam-Status: No, score=-2.372 tagged_above=-999 required=5 tests=[AWL=-0.088, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, SARE_MILLIONSOF=0.315]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J+Ee9zL62jzf for <ietf@ietfa.amsl.com>; Sun, 15 Sep 2013 06:48:36 -0700 (PDT)
Received: from mail-lb0-x22f.google.com (mail-lb0-x22f.google.com [IPv6:2a00:1450:4010:c04::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 4A37321F9EC4 for <ietf@ietf.org>; Sun, 15 Sep 2013 06:48:36 -0700 (PDT)
Received: by mail-lb0-f175.google.com with SMTP id y6so3378706lbh.6 for <ietf@ietf.org>; Sun, 15 Sep 2013 06:48:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=1c0VPGl2n93jjExFuQCouth8nwXp2szo4HrEd5Ahg4o=; b=R2ElgJg2rkO2D2lubD1nMohhdYj2IVB+C2NEM7FYZEaoBUVOOPQnR1tekWH20rhF5f Yk569lXLX0XFW46fjQVJ3z91LLm3lk34U7XlJTSoO83sje1E/r/egEqIbg0wB4JfY8eU YPOoauGwQ9dUpmUSukm9qSM9OdsViA0DMXMt0nuDdb2I/Yi6YEq+uW5FBdNEA3rXtrRJ wgeI/Vzo7vSRdIWU0g7OdfICqNNuw/y3Ui65YvvJGkR74hTkKn+QhtaiJDJsBElKzNkT dKYp7Z4u9Rgx1ZBOo1JPcOm5rqhfnfLFy38p2o+ztD+CKoaG85NU1IIv1ou77bsZ5F8c 4dzA==
MIME-Version: 1.0
X-Received: by 10.112.72.229 with SMTP id g5mr21131962lbv.10.1379252915140; Sun, 15 Sep 2013 06:48:35 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Sun, 15 Sep 2013 06:48:35 -0700 (PDT)
In-Reply-To: <5235B1BE.8040609@gondrom.org>
References: <5F053C0B-4678-4680-A8BF-62FF282ADDCE@softarmor.com> <alpine.BSF.2.00.1309051743130.47262@hiroshima.bogus.com> <52293197.1060809@gmail.com> <CAMm+LwjdN478yyU=J7=GTpQxqtdgP8wtdEtna50X+WtA-bV3hg@mail.gmail.com> <52294BDC.4060707@gmail.com> <20130906033254.GH62204@mx1.yitter.info> <CAMm+Lwg9kJymBWaEXwZfQ=P5Uo-UmYoNvvzewnXjUu+mhg+QTQ@mail.gmail.com> <006001ceaad6$61f39640$4001a8c0@gateway.2wire.net> <5229D6B0.1040709@qti.qualcomm.com> <20130906141612.GC1249@thunk.org> <6F39C53D-D758-47F8-A6C5-968C6254150C@hopcount.ca> <D1E2C7E887348378A546E9F9@JcK-HP8200.jck.com> <alpine.LSU.2.00.1309061656580.8632@hermes-2.csi.cam.ac.uk> <F20BF431557B1975BA2BB03C@JcK-HP8200.jck.com> <93C11E36-57E5-4B19-8F29-1C21B0EC6CEA@live555.com> <522D8704.4020802@cisco.com> <5235B1BE.8040609@gondrom.org>
Date: Sun, 15 Sep 2013 09:48:35 -0400
Message-ID: <CAMm+Lwg+g=5pOHTt79_25W6DSmghBKwN0J7xMHbMgRp739a=BQ@mail.gmail.com>
Subject: Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Tobias Gondrom <tobias.gondrom@gondrom.org>
Content-Type: multipart/alternative; boundary="001a11c238e80ffe3004e66c583b"
Cc: IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Sep 2013 13:48:37 -0000

On Sun, Sep 15, 2013 at 9:10 AM, Tobias Gondrom
<tobias.gondrom@gondrom.org>wrote:

>  On 09/09/13 09:29, Eliot Lear wrote:
>
> We're talking.
>
> Eliot
>
>
> On 9/9/13 10:20 AM, Ross Finlayson wrote:
>
>  So, has Bruce Schneier actually been invited to speak at the Technical Plenary (or elsewhere) during the Vancouver IETF?  I recall him giving an informative talk at least one previous Tech Plenary, and in light of his 'proposal', if would be interesting to hear what he believes to be broken, and what the IETF might be able to do to help fix it.
>
> 	Ross.
>
>
>
>
>
> A small comment: actually I would like to (read: expect to) read what he
> (and others) believe to be broken _before_ the next Plenary and giving a
> speak there. And as specific and constructive as possible. That way we will
> be much more effective talking about issues at the plenary and starting
> stuff at WGs.
>

Quite, pointing out what is broken is exactly the type of contribution
Schneier could make. He is very good at spotting holes in security schemes.
I must say I am a little annoyed by his approach. He could deign to post on
the IETF lists himself rather than give oracular statements and then take
the credit.

Security is all about risk mitigation, not risk elimination, as I argued to
Bruce in the wake of his 15 risks of PKI article before he wrote Secrets
and Lies. Security design means tradeoffs and designing to mitigate the
chief risks. Unlike generals who can spend millions of tax payer dollars
making their operations room look like the bridge of the Enterprise, I have
to consider resources.

We do have several areas where we could make significant advances however:

1) Technical improvements to TLS such as recommending sites turn on PFS by
default and remove weak ciphers.

2) Stop sending authentication cookies in the clear whether or not they are
sent inside an encrypted tunnel.

http://tools.ietf.org/html/draft-hallambaker-httpsession-01

3) Fix the missing 5% that stops people using secure email. We have PGP
that has mindshare and S/MIME that has deployment and both are too much
trouble for most IETF people to use, let alone the typical Internet user.
We can and should fix that.


Phill



-- 
Website: http://hallambaker.com/

v2.23.0 | Report a Bug | By Email