IETF Logo Mail Archive

Re: Is traffic analysis really a target (was Re: [saag] Is opportunistic unauthenticated encryption a waste of time?)

Mark Andrews <marka@isc.org> Mon, 25 August 2014 02:36 UTC

Return-Path: <marka@isc.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F72D1A89C5; Sun, 24 Aug 2014 19:36:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.569
X-Spam-Level:
X-Spam-Status: No, score=-2.569 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RWcWjeBQO91n; Sun, 24 Aug 2014 19:36:29 -0700 (PDT)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [IPv6:2001:500:60::65]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 26CCF1A88CE; Sun, 24 Aug 2014 19:36:29 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) by mx.ams1.isc.org (Postfix) with ESMTP id 7C5C51FCB20; Mon, 25 Aug 2014 02:36:25 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id EBBE1160057; Mon, 25 Aug 2014 02:48:00 +0000 (UTC)
Received: from rock.dv.isc.org (c211-30-183-50.carlnfd1.nsw.optusnet.com.au [211.30.183.50]) by zmx1.isc.org (Postfix) with ESMTPSA id BB01C160056; Mon, 25 Aug 2014 02:48:00 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id A28411D724E3; Mon, 25 Aug 2014 12:36:19 +1000 (EST)
To: Eric Burger <eburger@standardstrack.com>
From: Mark Andrews <marka@isc.org>
References: <53F548E5.2070208@cs.tcd.ie>, <53F54F1C.1060405@dcrocker.net>, <53F5D303.1090400@cs.tcd.ie>, <CAMm+LwhmJpnU8E9ifA47baneGB=qjHzU_cy+wepPYLXrOhB+Pg@mail.gmail.com>, <20140821160402.GT14392@mournblade.imrryr.org>, <f5d8b5dc37b84f709c8f2df7c7a69daf@AMSPR06MB439.eurprd06.prod.outlook.com>, <CAK3OfOgZzoXVnrE8Nbs6mwN2xD_snbzH9jT8TsYOVt8UASahYQ@mail.gmail.com>, <a354d63505924d76a15b505e60e27a16@AMSPR06MB439.eurprd06.prod.outlook.com>, <20140822140000.GE14392@mournblade.imrryr.org>, <BLU181-W84354FE6BEF12305A2A7DB93D10@phx.gbl>, <20140823040550.GQ5909@localhost> <BLU181-W307B52819C577693183E2D93D10@phx.gbl>, <53F8FA97.2020607@cs.tcd.ie> <BLU181-W664365D566637BE6D0E67493D10@phx.gbl> <53F908A1.6040207@cs.tcd.ie> <8BBAE4BE-F816-4170-9533-6400ACE463EA@cs.georgetown.edu> <6461D9C5-8B0B-42D3-9877-32DB3E6150C6@standardstrack.com>
Subject: Re: Is traffic analysis really a target (was Re: [saag] Is opportunistic unauthenticated encryption a waste of time?)
In-reply-to: Your message of "Sun, 24 Aug 2014 12:32:15 -0400." <6461D9C5-8B0B-42D3-9877-32DB3E6150C6@standardstrack.com>
Date: Mon, 25 Aug 2014 12:36:19 +1000
Message-Id: <20140825023619.A28411D724E3@rock.dv.isc.org>
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/oIW77hF9tGiIh2r4aRd0voETrgA
Cc: "saag@ietf.org" <saag@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Aug 2014 02:36:30 -0000

In message <6461D9C5-8B0B-42D3-9877-32DB3E6150C6@standardstrack.com>, Eric Burger writes:
>
> I am concerned with the drive to make all traffic totally opaque. I'll be
> brief: we have an existence proof of the mess that happens when we make
> all traffic look benign. It is called "everything over port 80." That
> `practical' approach drove the development of deep packet inspection,
> because everything running over port 80 was no longer HTTP traffic. It
> meant we could no longer prioritize traffic (in a good sense - *I* want
> to make sure my VoIP gets ahead of my Web surfing ahead of my FTP). It
> meant we could no longer apply enterprise policy on different
> applications. It drove `investment' in the tools that today dominate
> pervasive monitoring.
>
> Good job folks for unintended consequences.

And everyone went to port 80 because people put up blocks for other
ports often for no other reason than "we can".

You have idiots with firewalls blocking access to submission yet
allowing access to webmail services.

You have idiots with firewalls blocking access to imaps/pops yet
allowing access to webmail services.

You have idiots with firewalls blocking access to ... yet allowing
https through.

As for VIOP traffic, have the originating device set TOS/TCLASS.
It really isn't that hard having set both TOS and TCLASS in the
application sometimes on a per packet basis.

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email