RE: [saag] Is opportunistic unauthenticated encryption a waste of time?

Bernard Aboba <> Sat, 23 August 2014 21:05 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 003F91A06DD; Sat, 23 Aug 2014 14:05:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.567
X-Spam-Status: No, score=-2.567 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id B_sFfwkZMTSi; Sat, 23 Aug 2014 14:05:08 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AES128-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B31831A0689; Sat, 23 Aug 2014 14:05:08 -0700 (PDT)
Received: from BLU181-W66 ([]) by with Microsoft SMTPSVC(7.5.7601.22712); Sat, 23 Aug 2014 14:05:08 -0700
X-TMN: [U09urDfR1vL/VuGIlO7HtFagPL74cN3l]
X-Originating-Email: []
Message-ID: <BLU181-W664365D566637BE6D0E67493D10@phx.gbl>
Content-Type: multipart/alternative; boundary="_a71e8999-16ac-4a7b-a6de-830cbbe2c32f_"
From: Bernard Aboba <>
To: Stephen Farrell <>, Nico Williams <>
Subject: RE: [saag] Is opportunistic unauthenticated encryption a waste of time?
Date: Sat, 23 Aug 2014 14:05:07 -0700
Importance: Normal
In-Reply-To: <>
References: <>, <>, <>, <>, <>, <>, <>, <>, <>, <BLU181-W84354FE6BEF12305A2A7DB93D10@phx.gbl>, <20140823040550.GQ5909@localhost> <BLU181-W307B52819C577693183E2D93D10@phx.gbl>,<>
MIME-Version: 1.0
X-OriginalArrivalTime: 23 Aug 2014 21:05:08.0246 (UTC) FILETIME=[EB736360:01CFBF15]
Cc: "" <>, "" <>
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 23 Aug 2014 21:05:10 -0000

Stephen Farrell:
> However, say we're wrong and someone who thinks OS is a waste
> of time is actually correct, what would such a person recommend
> that we do as well as, or instead of, OS?

[BA] It depends on who we are trying to protect, and from what (or whom).  
If the target is protection of dissidents from oppressive regimes, then you need something much more comprehensive than 'unauthenticated opportunistic encryption" (e.g. along the lines of Tor). 
If the target is protection against PM within wealthy nations, then you'd need something that can't be rendered harmless by a modest budget increase.A number of MITM protection mechanisms have been suggested (e.g. DANE, channel binding, etc.). 
Also, in this category should be mechanisms for protecting privacy against private-sector adversaries.  As long as private companies can amass huge dociers without resort to PM (or without the need to subvert OS), and are willing to sell that personal information to third parties (dodgy ones, let alone governments),  one wonders whether government agencies would make better use of their funds by "buying" surveillance, rather than trying to "build" it.