Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

Brian E Carpenter <brian.e.carpenter@gmail.com> Fri, 06 September 2013 01:36 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A52E21E819C for <ietf@ietfa.amsl.com>; Thu, 5 Sep 2013 18:36:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.667
X-Spam-Level:
X-Spam-Status: No, score=-102.667 tagged_above=-999 required=5 tests=[AWL=-0.068, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 23gnbt35O4CO for <ietf@ietfa.amsl.com>; Thu, 5 Sep 2013 18:36:17 -0700 (PDT)
Received: from mail-pa0-x234.google.com (mail-pa0-x234.google.com [IPv6:2607:f8b0:400e:c03::234]) by ietfa.amsl.com (Postfix) with ESMTP id BBE6B21E8197 for <ietf@ietf.org>; Thu, 5 Sep 2013 18:36:17 -0700 (PDT)
Received: by mail-pa0-f52.google.com with SMTP id kq13so2621803pab.25 for <ietf@ietf.org>; Thu, 05 Sep 2013 18:36:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=7PfMqI6upI84OPkoMLZ4Qko4J3WZpkdvbKYqzxFvoV8=; b=WtQeEadTCgcwu2vZBsf1hM4p9azJq/LUPoqdhFMnpfq+Ey/TlmLWcrnBuecJrl1q9Y 5dJayGov+TLhYzH+4UaEa06YKFjVnbpwFU8v09/flpp2VJpFuvwOuzI/EUVR+gD/m1bj iY6AGvSKkyU3fxiS39y2pWljofnV2Dhj1i62JzsI4vVllihG6uJIM77nlzAsolyKGwLh TYlqmKBs4hISs62V7hTyWlJFjhuGfIEgYz2Bhgo5SAif1B4pg9z/XlQdYQTVmAYJu4Ui FUWCUSFJeuFZDeiNFXoT75lcC/zEtutJy4FlSfhD7k4gRv8zXlMDQARSdyRc+1DsiiBy i/Aw==
X-Received: by 10.66.119.136 with SMTP id ku8mr961167pab.121.1378431377473; Thu, 05 Sep 2013 18:36:17 -0700 (PDT)
Received: from [192.168.178.20] (132.199.69.111.dynamic.snap.net.nz. [111.69.199.132]) by mx.google.com with ESMTPSA id xe9sm888645pab.0.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 05 Sep 2013 18:36:16 -0700 (PDT)
Message-ID: <52293197.1060809@gmail.com>
Date: Fri, 06 Sep 2013 13:36:23 +1200
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Lucy Lynch <llynch@civil-tongue.net>
Subject: Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA
References: <5F053C0B-4678-4680-A8BF-62FF282ADDCE@softarmor.com> <alpine.BSF.2.00.1309051743130.47262@hiroshima.bogus.com>
In-Reply-To: <alpine.BSF.2.00.1309051743130.47262@hiroshima.bogus.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: "ietf@ietf.org Discussion" <ietf@ietf.org>, Dean Willis <dean.willis@softarmor.com>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2013 01:36:18 -0000

I'm sorry, I don't detect the emergency.

I'm not saying there's no issue or no work to do, but what's new about
any of this?

Was PRISM a surprise to anyone who knew that the Five Eyes sigint
organisations have been cooperating since about 1942 and using
intercontinental data links since 1944)? Was Xkeyscore a surprise
to anyone who's been observing the whole Big Data scene? Is any
ISP or router vendor actually unaware of the security issues in
routers? Aren't most of them o/s implementation issues in any case?
Hasn't the IETF been working on BGP4 security for quite a while now?

I'm very glad we did RFC 1984 and RFC 2804 when we did, but it's
probably more important that we did RFC 3552. We certainly need
to apply it.

I am against any panic response to the hype. If someone can identify
any specific, new, protocol-based threats in the recent media stories,
that would be worth an I-D and appropriate IETF action.

Regards
   Brian Carpenter

On 06/09/2013 12:46, Lucy Lynch wrote:
> On Thu, 5 Sep 2013, Dean Willis wrote:
> 
>>
>> This is bigger than the "perpass" list.
>>
>> I suggested that the surveillance/broken crypto challenge represents
>> "damage to the Internet". I'm not the only one thinking that way.
> 
> an additional call to action can be found here:
> 
> http://www.newamerica.net/pressroom/2013/statement_oti_statement_on_new_leaks_of_nsa_defeating_encryption_technology_3
> 
> 
> "In the interim, technologists need to take a hard look at how to
> reengineer the Internet to avoid this type of massive undermining of our
> privacy rights. Our current trajectory is toward a more fractured, less
> safe Internet, and only major, meaningful reforms will restore trust and
> prevent even more detrimental outcomes."
> 
>> I'd like to share the challenge raised by Bruce Schneier in:
>>
>> http://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet-nsa-spying
>>
>>
>>
>> To quote:
>>
>> -----------
>> We need to know how exactly how the NSA and other agencies are
>> subverting routers, switches, the internet backbone, encryption
>> technologies and cloud systems. I already have five stories from
>> people like you, and I've just started collecting. I want 50. There's
>> safety in numbers, and this form of civil disobedience is the moral
>> thing to do.
>>
>> Two, we can design. We need to figure out how to re-engineer the
>> internet to prevent this kind of wholesale spying. We need new
>> techniques to prevent communications intermediaries from leaking
>> private information.
>>
>> We can make surveillance expensive again. In particular, we need open
>> protocols, open implementations, open systems – these will be harder
>> for the NSA to subvert.
>>
>> The Internet Engineering Task Force, the group that defines the
>> standards that make the internet run, has a meeting planned for early
>> November in Vancouver. This group needs dedicate its next meeting to
>> this task. This is an emergency, and demands an emergency response.
>> ------------
>>
>> The gauntlet is in our face. What are we going to do about it?
>>
>>
>> -- 
>> Dean Willis
>