IETF Logo Mail Archive

RE: [saag] Is opportunistic unauthenticated encryption a waste of time?

Bernard Aboba <bernard_aboba@hotmail.com> Sat, 23 August 2014 20:27 UTC

Return-Path: <bernard_aboba@hotmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A6501A88DD; Sat, 23 Aug 2014 13:27:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.167
X-Spam-Level:
X-Spam-Status: No, score=-1.167 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZJnqmN9hVBYY; Sat, 23 Aug 2014 13:27:53 -0700 (PDT)
Received: from BLU004-OMC4S27.hotmail.com (blu004-omc4s27.hotmail.com [65.55.111.166]) (using TLSv1.2 with cipher AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 943321A06A4; Sat, 23 Aug 2014 13:27:53 -0700 (PDT)
Received: from BLU181-W30 ([65.55.111.136]) by BLU004-OMC4S27.hotmail.com with Microsoft SMTPSVC(7.5.7601.22712); Sat, 23 Aug 2014 13:27:52 -0700
X-TMN: [p342fPnBVwEo0pVbRgVKCEfOgHDYSjfE]
X-Originating-Email: [bernard_aboba@hotmail.com]
Message-ID: <BLU181-W307B52819C577693183E2D93D10@phx.gbl>
Content-Type: multipart/alternative; boundary="_373daf7d-75a6-4849-bd11-854c0ae9876e_"
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: Nico Williams <nico@cryptonector.com>
Subject: RE: [saag] Is opportunistic unauthenticated encryption a waste of time?
Date: Sat, 23 Aug 2014 13:27:52 -0700
Importance: Normal
In-Reply-To: <20140823040550.GQ5909@localhost>
References: <53F548E5.2070208@cs.tcd.ie>, <53F54F1C.1060405@dcrocker.net>, <53F5D303.1090400@cs.tcd.ie>, <CAMm+LwhmJpnU8E9ifA47baneGB=qjHzU_cy+wepPYLXrOhB+Pg@mail.gmail.com>, <20140821160402.GT14392@mournblade.imrryr.org>, <f5d8b5dc37b84f709c8f2df7c7a69daf@AMSPR06MB439.eurprd06.prod.outlook.com>, <CAK3OfOgZzoXVnrE8Nbs6mwN2xD_snbzH9jT8TsYOVt8UASahYQ@mail.gmail.com>, <a354d63505924d76a15b505e60e27a16@AMSPR06MB439.eurprd06.prod.outlook.com>, <20140822140000.GE14392@mournblade.imrryr.org>, <BLU181-W84354FE6BEF12305A2A7DB93D10@phx.gbl>, <20140823040550.GQ5909@localhost>
MIME-Version: 1.0
X-OriginalArrivalTime: 23 Aug 2014 20:27:52.0934 (UTC) FILETIME=[B719D860:01CFBF10]
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/pmg3z0QNew25GvWHuMBNvgF76k0
Cc: "saag@ietf.org" <saag@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Aug 2014 20:27:55 -0000

Nico said: 

> For me OS is not about anti-PM, or at least not mainly anti-PM.  See below.
 
[BA] I agree - but IMHO it would be useful if we were clear about this in problem statement documents.  

>Therefore OS can go a long distance relative to criminals in many situations.
 
[BA] We certainly do have a problem with criminals targeting payment networks to great effect.  However, given the urgency and potential deployment lags, is OS the most timely potential response to that problem? 

> Sovereign powers will be able to do build active PM systems, no doubt.
 
[BA] In many cases (and certainly in the case of virtually all oppressive regimes), major portions of the Internet infrastructure are under control of the state.  So if the issue is oppressive regimes (and protection of dissidents), something considerably more comprehensive than OS is needed (e.g. more along the lines of Tor). 
 
[nico]  But if the end-state for OS is something like DANE 


  



                          



            

            



    

[Huitema] It is also fairly easy for OS conscious applications to use channel binding schemes and detect the MITM. 
[BA] If we are talking about DANE and channel binding schemes, aren't we out of the realm of "unauthenticated" opportunistic encryption?  
 
[IanG] "Agreed on both points.  And this is a big win.  Because then we know what they are doing and can provide evidence."
[Ted] This won't help in a totalitarian regime, certainly, but in democratic
societies having law enforcement agencies engaging in mass,
surreptitious surveilance might be less likely to be tolerated.

 
[BA] AFAIK, the surveillance budget is not a matter of public record in most nations of the world.  And as far as "toleration" in democratic societies is concerned, are there democratic societies in which there are comprehensive reform proposals that have a good chance of passage?  Just wondered if I was missing something.

v2.23.0 | Report a Bug | By Email