RE: [saag] Is opportunistic unauthenticated encryption a waste of time?
Bernard Aboba <bernard_aboba@hotmail.com> Sat, 23 August 2014 21:05 UTC
Return-Path: <bernard_aboba@hotmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 003F91A06DD; Sat, 23 Aug 2014 14:05:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.567
X-Spam-Level:
X-Spam-Status: No, score=-2.567 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B_sFfwkZMTSi; Sat, 23 Aug 2014 14:05:08 -0700 (PDT)
Received: from BLU004-OMC4S4.hotmail.com (blu004-omc4s4.hotmail.com [65.55.111.143]) (using TLSv1.2 with cipher AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B31831A0689; Sat, 23 Aug 2014 14:05:08 -0700 (PDT)
Received: from BLU181-W66 ([65.55.111.136]) by BLU004-OMC4S4.hotmail.com with Microsoft SMTPSVC(7.5.7601.22712); Sat, 23 Aug 2014 14:05:08 -0700
X-TMN: [U09urDfR1vL/VuGIlO7HtFagPL74cN3l]
X-Originating-Email: [bernard_aboba@hotmail.com]
Message-ID: <BLU181-W664365D566637BE6D0E67493D10@phx.gbl>
Content-Type: multipart/alternative; boundary="_a71e8999-16ac-4a7b-a6de-830cbbe2c32f_"
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Nico Williams <nico@cryptonector.com>
Subject: RE: [saag] Is opportunistic unauthenticated encryption a waste of time?
Date: Sat, 23 Aug 2014 14:05:07 -0700
Importance: Normal
In-Reply-To: <53F8FA97.2020607@cs.tcd.ie>
References: <53F548E5.2070208@cs.tcd.ie>, <53F54F1C.1060405@dcrocker.net>, <53F5D303.1090400@cs.tcd.ie>, <CAMm+LwhmJpnU8E9ifA47baneGB=qjHzU_cy+wepPYLXrOhB+Pg@mail.gmail.com>, <20140821160402.GT14392@mournblade.imrryr.org>, <f5d8b5dc37b84f709c8f2df7c7a69daf@AMSPR06MB439.eurprd06.prod.outlook.com>, <CAK3OfOgZzoXVnrE8Nbs6mwN2xD_snbzH9jT8TsYOVt8UASahYQ@mail.gmail.com>, <a354d63505924d76a15b505e60e27a16@AMSPR06MB439.eurprd06.prod.outlook.com>, <20140822140000.GE14392@mournblade.imrryr.org>, <BLU181-W84354FE6BEF12305A2A7DB93D10@phx.gbl>, <20140823040550.GQ5909@localhost> <BLU181-W307B52819C577693183E2D93D10@phx.gbl>,<53F8FA97.2020607@cs.tcd.ie>
MIME-Version: 1.0
X-OriginalArrivalTime: 23 Aug 2014 21:05:08.0246 (UTC) FILETIME=[EB736360:01CFBF15]
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/q4L2jlEe9sEZTlLfxW2mTUHbkPU
Cc: "saag@ietf.org" <saag@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Aug 2014 21:05:10 -0000
Stephen Farrell: > However, say we're wrong and someone who thinks OS is a waste > of time is actually correct, what would such a person recommend > that we do as well as, or instead of, OS? [BA] It depends on who we are trying to protect, and from what (or whom). If the target is protection of dissidents from oppressive regimes, then you need something much more comprehensive than 'unauthenticated opportunistic encryption" (e.g. along the lines of Tor). If the target is protection against PM within wealthy nations, then you'd need something that can't be rendered harmless by a modest budget increase.A number of MITM protection mechanisms have been suggested (e.g. DANE, channel binding, etc.). Also, in this category should be mechanisms for protecting privacy against private-sector adversaries. As long as private companies can amass huge dociers without resort to PM (or without the need to subvert OS), and are willing to sell that personal information to third parties (dodgy ones, let alone governments), one wonders whether government agencies would make better use of their funds by "buying" surveillance, rather than trying to "build" it.
- Adept Encryption: Was: [saag] DANE should be more… Phillip Hallam-Baker
- Re: Adept Encryption: Was: [saag] DANE should be … Paul Wouters
- Re: Adept Encryption: Was: [saag] DANE should be … Stephen Farrell
- Re: Adept Encryption: Was: [saag] DANE should be … Nico Williams
- Re: Adept Encryption: Was: [saag] DANE should be … Dave Crocker
- Re: Adept Encryption: Was: [saag] DANE should be … Scott Kitterman
- RE: Adept Encryption: Was: [saag] DANE should be … l.wood
- Re: Adept Encryption: Was: [saag] DANE should be … Stephen Farrell
- Re: Adept Encryption: Was: [saag] DANE should be … Phillip Hallam-Baker
- Re: Adept Encryption: Was: [saag] DANE should be … Stephen Kent
- Re: Adept Encryption: Was: [saag] DANE should be … Viktor Dukhovni
- Re: Adept Encryption: Was: [saag] DANE should be … Viktor Dukhovni
- Re: [saag] Adept Encryption: Was: DANE should be … Nico Williams
- RE: Adept Encryption: Was: [saag] DANE should be … Christian Huitema
- Re: Adept Encryption: Was: [saag] DANE should be … Nico Williams
- RE: Adept Encryption: Was: [saag] DANE should be … l.wood
- Re: [saag]: Review of: Opportunistic Security -03… Viktor Dukhovni
- Re: [saag] Adept Encryption: Was: DANE should be … Nico Williams
- RE: [saag] Adept Encryption: Was: DANE should be … l.wood
- Re: Adept Encryption: Was: [saag] DANE should be … Stephen Farrell
- Re: [saag] Is opportunistic unauthenticated encry… Viktor Dukhovni
- Re: [saag]: Review of: Opportunistic Security -03… Paul Wouters
- Re: [saag] : Review of: Opportunistic Security -0… Stephen Kent
- Re: [saag] Adept Encryption: Was: DANE should be … Stephen Kent
- RE: [saag] Is opportunistic unauthenticated encry… Bernard Aboba
- Re: [saag] Is opportunistic unauthenticated encry… Theodore Ts'o
- RE: [saag] Is opportunistic unauthenticated encry… Christian Huitema
- Re: [saag] Is opportunistic unauthenticated encry… Nico Williams
- RE: [saag] Is opportunistic unauthenticated encry… Bernard Aboba
- Re: [saag] Is opportunistic unauthenticated encry… Stephen Farrell
- RE: [saag] Is opportunistic unauthenticated encry… Bernard Aboba
- Re: [saag] Is opportunistic unauthenticated encry… Viktor Dukhovni
- Re: [saag] Is opportunistic unauthenticated encry… Stephen Farrell
- Re: [saag] Is opportunistic unauthenticated encry… Fernando Gont
- Re: Is traffic analysis really a target (was Re: … Eric Burger
- Re: Is traffic analysis really a target (was Re: … Michael StJohns
- Re: [saag] Is opportunistic unauthenticated encry… Dave Crocker
- Re: Is traffic analysis really a target (was Re: … Brian E Carpenter
- Re: [saag] Is opportunistic unauthenticated encry… joel jaeggli
- Re: [saag] Is opportunistic unauthenticated encry… Fernando Gont
- Re: [saag] Is opportunistic unauthenticated encry… joel jaeggli
- Re: [saag] Is opportunistic unauthenticated encry… Fernando Gont
- Re: Is traffic analysis really a target (was Re: … Mark Andrews
- Re: [saag] Is traffic analysis really a target (w… Henry B (Hank) Hotz, CISSP
- Re: Is traffic analysis really a target (was Re: … Ted Hardie
- RE: [saag] Is opportunistic unauthenticated encry… Hosnieh Rafiee
- Re: Is traffic analysis really a target (was Re: … Brian E Carpenter
- Re: Is traffic analysis really a target (was Re: … Nico Williams
- Re: Is traffic analysis really a target (was Re: … Eric Burger