Re: The CIA mentions us

Phillip Hallam-Baker <> Mon, 13 March 2017 23:13 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 66B1B12962B for <>; Mon, 13 Mar 2017 16:13:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.349
X-Spam-Status: No, score=-2.349 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id bGO_xWuIh__1 for <>; Mon, 13 Mar 2017 16:13:18 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4003:c06::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3C5991297C3 for <>; Mon, 13 Mar 2017 16:13:13 -0700 (PDT)
Received: by with SMTP id 126so85220088oig.3 for <>; Mon, 13 Mar 2017 16:13:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=aBT4rghe5wfz/HoM84bSYGNff+z7nzuhqkBS4Q1rrZc=; b=ngEmeynIFzehTzkUjFw0FDcn2LA2g2zXThS1ktQ2Ge13i6Ycbu55bfzrVu7HN+dBlD Qumgq4C87pev0y9Cf2We9iYnYX1J+R/IGlnqRVm20/7EVigXht7r/DQXZGdnm/F3l4bd ZQz+sz0rBXrOf/gKpA5qt3rcpnby+CHg5Aw/TwXYwNdZFBr9+q3ESdXoLpSzW8vNBQMQ //0Yyt8ergj7TzcV7vJXi+V4Bfaer/XZNOHTytosf59Rj8vUGr8gs0ZPvEF/Z0VkbKr8 gWUplPUGmk7h4GimYTFM9ufDjMg6538NmRqk82sD5PkcrF8oyU4lc1PNkOjheXn8uG2W GREA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=aBT4rghe5wfz/HoM84bSYGNff+z7nzuhqkBS4Q1rrZc=; b=MfNbcmwRF6fvicEweAlWlshnMKhT4OSHDhZ815LE3UMtcN3eE2IjbioPbZAg7ZsOf/ tKTVUKUAayyDB8DbE/N0zCwr7fGd8I8N9SbnmKfXZee4/f0poDJxRVHOtnrCZ7rvR1Rw 7MaaixLRJx+pumjFUMeVE1TweroEArO9kJWjjGt3QRlfWvUBGXq2rLJYWhybElZDh8pj kpUxhssnKcazQOdWjuHZizu8IWbUcdA3CHhRaC9YXtp4Wquh+UD1nMkSnTfDPt8KSUAY QkluD2QVrqzAzxhiRLbvfMxxJKs/GMtdszPXp0W3T6mdSmico3Zv1wDhfzApf8pJJWAm C2bg==
X-Gm-Message-State: AMke39ksYILGdzZssxZ7tazJzj/kCK1KWw1IUcqaIpxrP9GY5s+SZ3pjZqmTYCUQBX6wDygNAEzyhjJhFh8K9w==
X-Received: by with SMTP id w192mr16395054oia.85.1489446792422; Mon, 13 Mar 2017 16:13:12 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Mon, 13 Mar 2017 16:13:11 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <>
From: Phillip Hallam-Baker <>
Date: Mon, 13 Mar 2017 19:13:11 -0400
X-Google-Sender-Auth: qZA-rLvyGv3RlJbD5uqzH-f5XDg
Message-ID: <>
Subject: Re: The CIA mentions us
To: Ted Lemon <>
Content-Type: multipart/alternative; boundary=001a1134e4c4f96ac5054aa4da36
Archived-At: <>
Cc: Bob Hinden <>, IETF <>
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 13 Mar 2017 23:13:23 -0000

I think this particular failure demonstrates the situation pretty well:

A) Without transport encryption, every network link is a potential point of
compromise via traffic analysis.

B) Without end-to-end data level encryption, every non endpoint device,
every hard drive or removable storage is a potential point of compromise

C) Without end point security, the end points are a potential point of

D) Without trustworthy personnel, you are vulnerable to an insider threat.

The security controls you need depends on your information security assets
and your security concerns.

If you are a high level security target then you need A + B + C + D. They
are not alternatives, they are all requirements. It is really completely
unhelpful for people to suggest tackling these separable concerns
separately is 'useless'.

Just as I would not consider personnel or physical security at the same
time as end point security, I do not want to consider data level security
at the same time as end point.

To get back to the CIA leak, that 'hole you can drive a truck through' did
not actually exist when the AV package was connected to the Internet. What
we are seeing here is not a set of vulnerabilities, it is a set of research
notes being compiled by people searching for vulnerabilities that has
subsequently been exfiltrated, filtered to remove the good stuff and

If you do end point security right, you can really be a 'PITA' to the
people trying to break these systems. So the idea that end point security
is futile is utterly misguided. If you use default deny approaches, end
point security can be very effective. But end point security really isn't
in scope for IETF unless we were to get into protocols for attestation of
trustworthy hardware or the like.

The reason I keep coming back to the data level security issue is that

1) It is in scope for IETF. Data level security protects data at rest and
in motion.

2) There have been recent expiries and are imminent pending expiries of key
IPR that makes a solution much easier.

3) It is one of the things we can fix that has the greatest security payoff.