IETF Logo Mail Archive

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

Keith Moore <moore@network-heretics.com> Fri, 06 September 2013 20:26 UTC

Return-Path: <moore@network-heretics.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08BA211E812C for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 13:26:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.503
X-Spam-Level:
X-Spam-Status: No, score=-3.503 tagged_above=-999 required=5 tests=[AWL=0.096, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PbP5jVnjAl5q for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 13:26:51 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) by ietfa.amsl.com (Postfix) with ESMTP id D113011E810A for <ietf@ietf.org>; Fri, 6 Sep 2013 13:26:51 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.mail.srv.osa [10.202.2.43]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 863B321561 for <ietf@ietf.org>; Fri, 6 Sep 2013 16:26:50 -0400 (EDT)
Received: from frontend2 ([10.202.2.161]) by compute3.internal (MEProxy); Fri, 06 Sep 2013 16:26:50 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:date:from:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; s=smtpout; bh=fOUb8fb4vDtX+5jKxlGt1T HbBkc=; b=pE5OZxyNOynUAXforloaQI836s9uv8zhQ2M4pu+PTRah4MZDGJMGdL SrOc1EiYlyg47lFAGYR6lKST2ztyofllzK+Oiy/RkXmZtIi2z7NX4D3z9wvQx0hu C0z6gfA0yXdz8KGJ2qWwuMS5SA82XKl6P6akyEEte1YVcS8oKDKKM=
X-Sasl-enc: SxlozXGS8MDU0zp8xoztuNgi2vBBLp4GKjwXPbQCJA6G 1378499209
Received: from [192.168.1.4] (unknown [65.16.145.177]) by mail.messagingengine.com (Postfix) with ESMTPA id A3B3A6800B1; Fri, 6 Sep 2013 16:26:49 -0400 (EDT)
Message-ID: <522A3A84.80701@network-heretics.com>
Date: Fri, 06 Sep 2013 16:26:44 -0400
From: Keith Moore <moore@network-heretics.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130803 Thunderbird/17.0.8
MIME-Version: 1.0
To: ietf@ietf.org
Subject: Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA
References: <5F053C0B-4678-4680-A8BF-62FF282ADDCE@softarmor.com> <alpine.BSF.2.00.1309051743130.47262@hiroshima.bogus.com> <52293197.1060809@gmail.com> <5C7FECAB-8A22-4AF1-B023-456458E1B288@nominum.com> <522949C2.8010206@gmail.com> <52294C6D.7090206@gmail.com> <m2ppsmzgs5.wl%randy@psg.com> <5229686A.5090308@gmail.com> <31078634-5AEA-4FC9-80A8-2E77650BA530@piuha.net> <20130906072539.GJ5700@besserwisser.org> <9AC2A86F-250C-4B3C-B9BA-8DF44C937B41@nominum.com>
In-Reply-To: <9AC2A86F-250C-4B3C-B9BA-8DF44C937B41@nominum.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2013 20:26:57 -0000

On 09/06/2013 11:46 AM, Ted Lemon wrote:
> The threat model isn't really the NSA per se—if they really want to bug you, they will, and you can't stop them, and that's not a uniformly bad thing. 

I disagree, or at least, I think that your statement conflates two
different threat models.

One kind of threat is that the NSA will bug you specifically.   And yes,
if they consider it important to do so, they very likely will.  There is
almost certainly some vulnerability in your hardware or software or
physical security, and they have lots of resources that can be invested
in finding it.

The other kind of threat, is that NSA will bug you because it's
currently really easy for them to engage in mass surveillance.   Most
traffic isn't even encrypted; and at least some of what is encrypted is
trivially broken.

I don't think IETF can (or should) do much about the former kind of
threat.   Most of it is out of our scope.    But we should be working
hard to address the latter kind of threat.

Keith

v2.23.0 | Report a Bug | By Email