Re: IETF Chair
Phillip Hallam-Baker <phill@hallambaker.com> Wed, 14 October 2020 17:49 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66A773A0F97 for <ietf@ietfa.amsl.com>; Wed, 14 Oct 2020 10:49:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.649
X-Spam-Level:
X-Spam-Status: No, score=-1.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KMJM_QyNxhuR for <ietf@ietfa.amsl.com>; Wed, 14 Oct 2020 10:49:53 -0700 (PDT)
Received: from mail-yb1-f179.google.com (mail-yb1-f179.google.com [209.85.219.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6445C3A0F99 for <ietf@ietf.org>; Wed, 14 Oct 2020 10:49:53 -0700 (PDT)
Received: by mail-yb1-f179.google.com with SMTP id d15so617187ybl.10 for <ietf@ietf.org>; Wed, 14 Oct 2020 10:49:53 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=P91Wv7F0fLKW/l6hwCkpQzAEIf7eACcuWHQxc9nin9U=; b=bMHBzt86NM9xxxdWpT7BuvYqDPy6tFePDMxAlMH/hMAFqETGJZodtA0Gd2uvnEO2UH Louf7xNjgt8PGCm+c0TXpOz5NWS/X2WNs6ZVYA+Vxvl7BE64wce/jHRGMWSgPyy9O9zy GHkK7IyNqKjMjhFaCHEJsc1XKy05PWd4RpsYY18ZEohO+aeFq+oZ9qrLfa3zYljoGtZn 7YCYDxbH4A+GlBxmJCxvpLjEBDqPFMrQbGyODEIsc34xm1YiLnPvM0zKcEk1vjAFbz11 +2JJTn8PHa93SX0FLASLytGXUMxRJ+6XxsFK2/UjK8stX6cvHe9EcvQScr9gt+8Q8EIg KNww==
X-Gm-Message-State: AOAM531QOBHs8mpU8dcrdOFqGAuGWIaHp7yBUYTuAQQkiKY3D94m8VdC kn80+dSBm9h0Xm75/IQUCqTBcoeJ32aC6rAnP1g=
X-Google-Smtp-Source: ABdhPJyOSz+xoMD8giubMIwewN+nTpFLnJEgXXXImlEoZ8TnluSx29nqKzsI3nSXrAZYWL+MAIhoOjIQLfv4rVkcGA8=
X-Received: by 2002:a25:8708:: with SMTP id a8mr798673ybl.302.1602697792356; Wed, 14 Oct 2020 10:49:52 -0700 (PDT)
MIME-Version: 1.0
References: <2B51679C-2BED-4F7B-B146-FF1524B00AA5@akamai.com> <C775E80B-9A31-492E-BA6A-96F9FE831316@akamai.com> <128277543.164613.1602611739735@email.ionos.com> <CAMm+LwjCGVUuFXK+fAzpV176hseXB9iLzC-7OZQZf=ca9+3x0A@mail.gmail.com> <20201014141954.GB18373@mit.edu>
In-Reply-To: <20201014141954.GB18373@mit.edu>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Wed, 14 Oct 2020 13:49:41 -0400
Message-ID: <CAMm+LwgqTHVQTj=6wz01WXGYARzuqM3=FkeB4R=bxu65WgHCzQ@mail.gmail.com>
Subject: Re: IETF Chair
To: "Theodore Y. Ts'o" <tytso@mit.edu>
Cc: Timothy Mcsweeney <tim@dropnumber.com>, "ietf@ietf.org" <ietf@ietf.org>, "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="0000000000009884e205b1a528e4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/fwLOwLkTJtKUv_xsq0rUGU9TM9A>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Oct 2020 17:49:55 -0000
On Wed, Oct 14, 2020 at 10:20 AM Theodore Y. Ts'o <tytso@mit.edu> wrote: > On Tue, Oct 13, 2020 at 07:22:10PM -0400, Phillip Hallam-Baker wrote: > > The biggest security problem we face today is breach of data at rest, a > > confidentiality problem. But 90% of the efforts of the academy and 99% of > > those of commerce are focused on the Blockchain, an integrity technology. > > Meanwhile it has taken me most of the last five years working in various > > forums to persuade people to look at threshold decryption, a technology > > developed in the 1990s that is actually a confidentiality control capable > > of securing data at rest. > > I'd agree, but at the same time, I'll note that securing data at rest > is generally not an issue which is solved via internet protocols and > interoperability guarantees, but rather is something that needs to be > designed in hardware (e.g., trusted key stores, firmware verification) > and in software (trusted boot, multiple layers of encryption in the > software stack, bring your own key for those customers who demand it) > and in operational practices (reduction of people with privileged > access, two person controls, auditing, etc.). > That is how we have been trying to do it for 20 years. And the result was the Snowden breach. If the NSA can't run that stack and make it work, it is hardly surprising if nobody else can either. All the things you describe are useful as part of a solution. But they don't get to the heart of the matter which in my view is separation of duties. You cannot expect security if you place absolute trust in any one individual or service. There will always be an insider threat. Which is why we need to divide the private keys. Once you start to look at applying threshold on a large scale, it is clear that you need a threshold key infrastructure to manage the issue and use of the key shares. And once you start to look at managing the shares it becomes clear that you need to make use of threshold techniques to do that. An example of the sorts of things which are needed to secure data at > rest can be found here[1], from my employer, but all cloud providers > should have something similar (or they'd better, if they want to > retain customer trust). > > [1] https://cloud.google.com/security/overview/whitepaper Right now, Google has how many billion passwords stored in its cloud services? One day, one of the lawyers will look at that and realize that you have collected what one of my Microsoft friends used to describe as a steaming pile of liability. There are many commercial offerings out there but few that have even explained their security controls and none that I am aware of that have been subject to full public review. And it is hardly surprising that password vaults have been one of the chief targets of hackers. The problem with the password vault providers is that their mission is to provide a proprietary solution that makes using passwords easy. What the Internet desperately needs is a solution that provides a transition path out of using passwords altogether. Every device that is configured to use my password vault has end to end security - the service provider does not have any form of access (that is not a unique claim, but I have yet to see anyone else provide proof of that claim). But the mechanisms I use to provision decryption key shares to devices allowing them to access the password vault also provisions public keys for authentication. So those devices can also authenticate using FIDO (or equivalent). No smartcards needed. If you look at this, you'll find that most of it is out of scope for > the IETF. > PKIX was IETF work and one of the few security area protocols that actually succeeded. If PKI is in scope for IETF then TKI needs to be. The audience I need to convince to make this work is not the audience here. It is the board rooms. I used to sell seven figure PKIs to C-suite members. In the 20 years I worked for other people, I made very sure that I kept on top of every new technology that might affect our business so that when I got a call from the CEO, I could tell them exactly what it was about. Perhaps some folk here might want to start considering the power of threshold encryption and what it means for cloud security now just in case they get asked rather than reassuring themselves that the current approach is working.
- IETF Chair Salz, Rich
- Re: IETF Chair Brian E Carpenter
- Re: IETF Chair Sarah Banks
- Re: IETF Chair Carsten Bormann
- RE: IETF Chair Khaled Omar
- Re: IETF Chair Salz, Rich
- Re: IETF Chair Timothy Mcsweeney
- RE: IETF Chair Khaled Omar
- Re: IETF Chair Kyle Rose
- RE: IETF Chair Khaled Omar
- Re: IETF Chair Kyle Rose
- Re: IETF Chair Timothy Mcsweeney
- RE: IETF Chair Khaled Omar
- Re: IETF Chair Carsten Bormann
- RE: IETF Chair Khaled Omar
- Re: IETF Chair Salz, Rich
- Re: IETF Chair Timothy Mcsweeney
- RE: IETF Chair Khaled Omar
- Re: IETF Chair Salz, Rich
- RE: IETF Chair Khaled Omar
- RE: IETF Chair Khaled Omar
- Re: IETF Chair Mezgani Ali
- RE: IETF Chair Khaled Omar
- Re: IETF Chair Phillip Hallam-Baker
- Re: IETF Chair Phillip Hallam-Baker
- Re: IETF Chair Theodore Y. Ts'o
- Re: IETF Chair Leif Johansson
- Data at rest (was Re: IETF Chair) Robert Sparks
- Connections, and timing (was: IETF chair) Keith Moore
- Re: IETF Chair Phillip Hallam-Baker
- Re: IETF Chair Barry Leiba
- Re: IETF Chair Phillip Hallam-Baker
- Re: blockchain, not IETF Chair John Levine
- Re: IETF Chair Michael Thomas
- Re: IETF Chair Phillip Hallam-Baker
- Re: IETF Chair Benjamin Kaduk
- Re: IETF Chair Stephen Farrell
- Blockchain is alchemy Phillip Hallam-Baker
- Re: Connections, and timing (was: IETF chair) Amelia Andersdotter
- Re: IETF Chair Ben Laurie
- Re: IETF Chair Larry Masinter
- Re: IETF Chair Timothy Mcsweeney
- Re: IETF Chair Timothy Mcsweeney
- Re: IETF Chair Timothy Mcsweeney