Re: The CIA mentions us

Vinayak Hegde <vinayakh@gmail.com> Thu, 09 March 2017 21:18 UTC

Return-Path: <vinayakh@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1F4912954D for <ietf@ietfa.amsl.com>; Thu, 9 Mar 2017 13:18:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ILfXJQeRUVkR for <ietf@ietfa.amsl.com>; Thu, 9 Mar 2017 13:18:43 -0800 (PST)
Received: from mail-qk0-x22f.google.com (mail-qk0-x22f.google.com [IPv6:2607:f8b0:400d:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14E57129546 for <ietf@ietf.org>; Thu, 9 Mar 2017 13:18:43 -0800 (PST)
Received: by mail-qk0-x22f.google.com with SMTP id v125so137561255qkh.2 for <ietf@ietf.org>; Thu, 09 Mar 2017 13:18:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=eqfSdKZqu2dmYagECFRwAwDCbP3CHHN9HD5m/yyg13g=; b=VGNzEKVeHf6gyeJEgfU4iesccQGqn5nUhYWNTw9cfCciJprZ+gr/bn/J3+BbmaaVrf xyBC77ONnbCLCK698q9wLb8IUzrTzTOUJ0pnXvy085BFJS8mCeLLoRi23bY8P5nMOTUX IYF6npQ9wIfh+tJv0+FhmU4sv0h+yWL7FD23akE1Ow3bbUsYILtaJ0/47GwobKzu0Kz3 pGJI8LFDl0ODzTNGxJpOScKyLBaONB/xKz6wVM7qwYE2nLSsaqzQb9Qq1cNkDuQpGsr0 v3mPpTZUE/iVem7jc2b3JgqLwj44kf9Bv45yJ5hoz90U6NshmsOlcZpzZHuJOaNTOmc/ GIHw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=eqfSdKZqu2dmYagECFRwAwDCbP3CHHN9HD5m/yyg13g=; b=l+YxnlCRyFwNrve54HiUkN0OzMEOpUvMnIntKGMHUg+0DKix0i4BRiC/CEtQrjaFG5 D95A4pSvIQiXu/tW+uQOnTQiIIFb16qfVU42VYh/NSAc/JiDYCV6WCIlHwWLTniVKH0a Ln93cHeT/OVLj0i4siXFs5IvExLMTVjHY1AwhKQ4qw3WQ/JEfhLt/c0Bmpw42eehmQIp xm3IPZks4IXi8hMlT3qMSlf2pk4PqnXrAHYvOnRUyv7TC9XdlPl2UdQQoVNsjN57Mfct YYvcoCXMQqv27IHmgI9+RKNTYoLfwOxBBZMT5oCKcDkdWYwBwTH4dSiyurCYCZrC6tIq 73Og==
X-Gm-Message-State: AMke39kyFswnvp8TnVIhqzntjavXqbRlmR5HGw31+9UQhenQzEraHbyFtMpjhuDu3VC7ICoY5taLvep7eYSBMw==
X-Received: by 10.200.33.141 with SMTP id 13mr17490712qty.83.1489094322096; Thu, 09 Mar 2017 13:18:42 -0800 (PST)
MIME-Version: 1.0
Received: by 10.237.50.228 with HTTP; Thu, 9 Mar 2017 13:18:41 -0800 (PST)
In-Reply-To: <CAMm+Lwg1MzDOn9xQ_-3oKcZ1odFF552sPGJhu17KRTP0SNR2vw@mail.gmail.com>
References: <20170307155346.fwhhpnsm4wl6zzoo@nic.fr> <CAMm+Lwh5E-NPXsVWQpK2tA8Rr+6SpvJJKxMbiks7_F1umxz2FQ@mail.gmail.com> <20170307160840.duv7wwg5sm23nrek@nic.fr> <44d06f90-0f38-f6de-8eb1-cf8262369cd5@bogus.com> <c6df6333-1a08-aa0c-c1de-55d335234f2a@si6networks.com> <alpine.LRH.2.01.1703071034050.3764@egate.xpasc.com> <CAMm+LwioHOJxDZudH8Ya9SYv5DT1fPMJ5ypDR8O5JGa4HwxPvg@mail.gmail.com> <F950C538-05E4-451B-8AC0-A42010DAA8D6@piuha.net> <00A55B3A256BD71DFB1866B4@PSB> <CAMm+Lwg1MzDOn9xQ_-3oKcZ1odFF552sPGJhu17KRTP0SNR2vw@mail.gmail.com>
From: Vinayak Hegde <vinayakh@gmail.com>
Date: Fri, 10 Mar 2017 02:48:41 +0530
Message-ID: <CAKe6YvOaOZd4WAea6BgcuzpfHL2GhCfVYLnVHU_fFHtVrj9p+w@mail.gmail.com>
Subject: Re: The CIA mentions us
To: Phillip Hallam-Baker <phill@hallambaker.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/WwhFmPhBOmPipXt5Cdxteb_9sZE>
Cc: John C Klensin <john-ietf@jck.com>, IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Mar 2017 21:18:44 -0000

On Fri, Mar 10, 2017 at 2:41 AM, Phillip Hallam-Baker
<phill@hallambaker.com> wrote:
> There are two issues
>
> 1) Requirements, how should this data be secured?
> 2) Technology, how can the requirements be met?
>
> I totally agree that transport layer encryption is not enough here. The
> security requirement is end to end.

Agreed. IETF typically looks mostly at data-in-transit[1]. However
taking a systems perspective we need to look at data-in-use[2] and
data-at-rest[3] as well. Other important aspects such as key-mgmt also
matter here but I am not sure how much of this falls under the purview
of the IETF.

-- Vinayak
1. https://en.wikipedia.org/wiki/Data_in_transit
2. https://en.wikipedia.org/wiki/Data_in_use
3. https://en.wikipedia.org/wiki/Data_at_rest