IETF Logo Mail Archive

Re: Bruce Schneier's Proposal to dedicate November meeting to savingthe Internet from the NSA

John C Klensin <john-ietf@jck.com> Fri, 06 September 2013 14:02 UTC

Return-Path: <john-ietf@jck.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB46411E82B8 for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 07:02:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.561
X-Spam-Level:
X-Spam-Status: No, score=-102.561 tagged_above=-999 required=5 tests=[AWL=0.038, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NQq84a8ejFZN for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 07:02:31 -0700 (PDT)
Received: from bsa2.jck.com (bsa2.jck.com [70.88.254.51]) by ietfa.amsl.com (Postfix) with ESMTP id B7D4C11E82B7 for <ietf@ietf.org>; Fri, 6 Sep 2013 07:02:31 -0700 (PDT)
Received: from [198.252.137.115] (helo=JcK-HP8200.jck.com) by bsa2.jck.com with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1VHwcD-000DxS-23; Fri, 06 Sep 2013 10:02:25 -0400
Date: Fri, 06 Sep 2013 10:02:19 -0400
From: John C Klensin <john-ietf@jck.com>
To: Pete Resnick <presnick@qti.qualcomm.com>, "t.p." <daedulus@btconnect.com>
Subject: Re: Bruce Schneier's Proposal to dedicate November meeting to savingthe Internet from the NSA
Message-ID: <59C958339C8533E20B11F2C3@JcK-HP8200.jck.com>
In-Reply-To: <5229D6B0.1040709@qti.qualcomm.com>
References: <5F053C0B-4678-4680-A8BF-62FF282ADDCE@softarmor.com> <alpine.BSF.2.00.1309051743130.47262@hiroshima.bogus.com> <52293197.1060809@gmail.com> <CAMm+LwjdN478yyU=J7=GTpQxqtdgP8wtdEtna50X+WtA-bV3hg@mail.gmail.com> <52294BDC.4060707@gmail.com> <20130906033254.GH62204@mx1.yitter.info> <CAMm+Lwg9kJymBWaEXwZfQ=P5Uo-UmYoNvvzewnXjUu+mhg+QTQ@mail.gmail.com> <006001ceaad6$61f39640$4001a8c0@gateway.2wire.net> <5229D6B0.1040709@qti.qualcomm.com>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Cc: IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2013 14:02:37 -0000

--On Friday, September 06, 2013 06:20 -0700 Pete Resnick
<presnick@qti.qualcomm.com> wrote:

> Actually, I disagree that this fallacy is at play here. I
> think we need to separate the concept of end-to-end encryption
> from authentication when it comes to UI transparency. We
> design UIs now where we get in the user's face about doing
> encryption if we cannot authenticate the other side and we
> need to get over that. In email, we insist that you
> authenticate the recipient's certificate before we allow you
> to install it and to start encrypting, and prefer to send
> things in the clear until that is done. That's silly and is
> based on the assumption that encryption isn't worth doing
> *until* we know it's going to be done completely safely. We
> need to separate the trust and guarantees of safeness (which
> require *later* out-of-band verification) from the whole
> endeavor of getting encryption used in the first place.

Pete,

At one level, I completely agree.  At another, it depends on the
threat model.  If the presumed attacker is skilled and has
access to packets in transit then it is necessary to assume that
safeguards against MITM attacks are well within that attacker's
resource set.  If those conditions are met, then encrypting on
the basis of a a key or certificate that can't be authenticated
is delusional protection against that threat.  It may still be
good protection against more casual attacks, but we do the users
the same disservice by telling them that their transmissions are
secure under those circumstances that we do by telling them that
their data are secure when they see a little lock in their web
browsers.

Certainly "encrypt first, authenticate later" is reasonable if
one doesn't send anything sensitive until authentication has
been established, but it seems to me that would require a rather
significant redesign of how people do things, not just how
protocols work.

best,
   john

v2.23.0 | Report a Bug | By Email