Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

Dave Crocker <dhc@dcrocker.net> Fri, 06 September 2013 15:20 UTC

Return-Path: <dhc@dcrocker.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E744921E80B5 for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 08:20:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.562
X-Spam-Level:
X-Spam-Status: No, score=-6.562 tagged_above=-999 required=5 tests=[AWL=0.037, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8px5I8AgDCh2 for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 08:20:40 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) by ietfa.amsl.com (Postfix) with ESMTP id B9C1121E80B0 for <ietf@ietf.org>; Fri, 6 Sep 2013 08:20:35 -0700 (PDT)
Received: from [192.168.1.66] (76-218-9-215.lightspeed.sntcca.sbcglobal.net [76.218.9.215]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id r86FKWdx030714 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <ietf@ietf.org>; Fri, 6 Sep 2013 08:20:35 -0700
Message-ID: <5229F2B1.70109@dcrocker.net>
Date: Fri, 06 Sep 2013 08:20:17 -0700
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: ietf@ietf.org
Subject: Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA
References: <20130906144548.C22C618C0DA@mercury.lcs.mit.edu>
In-Reply-To: <20130906144548.C22C618C0DA@mercury.lcs.mit.edu>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.66]); Fri, 06 Sep 2013 08:20:35 -0700 (PDT)
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2013 15:20:45 -0000

> There are a lot more threats to privacy than just the NSA

We currently do not have a concise catalog the basic 'privacy' threats 
and their typical mitigations, appropriate for concern with IETF 
protocols.  In effect, every new protocol effort must start with a blank 
sheet, and invent its own list of threats and possible protections 
against them.

One common outcome from this is that we tend to think of very localized 
mechanisms, rather than end-to-end.  So we assume a model of things 
being one-hop or we implicitly trust intermediaries.  (Hint, the web is 
often not 1-hop, what with proxies, etc...)

We need privacy templates for protocol design.

d/
-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net