Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 06 September 2013 10:51 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F5B111E8294 for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 03:51:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ezF1aKZzJHTu for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 03:51:21 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 3DAC911E8285 for <ietf@ietf.org>; Fri, 6 Sep 2013 03:51:21 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 3DAA4BE4D for <ietf@ietf.org>; Fri, 6 Sep 2013 11:51:18 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RO4ySqW2bdvI for <ietf@ietf.org>; Fri, 6 Sep 2013 11:51:18 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 238DDBE4C for <ietf@ietf.org>; Fri, 6 Sep 2013 11:51:18 +0100 (IST)
Message-ID: <5229B3A7.90305@cs.tcd.ie>
Date: Fri, 06 Sep 2013 11:51:19 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130803 Thunderbird/17.0.8
MIME-Version: 1.0
To: "ietf@ietf.org Discussion" <ietf@ietf.org>
Subject: Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA
References: <5F053C0B-4678-4680-A8BF-62FF282ADDCE@softarmor.com> <alpine.BSF.2.00.1309051743130.47262@hiroshima.bogus.com> <52293197.1060809@gmail.com> <5C7FECAB-8A22-4AF1-B023-456458E1B288@nominum.com> <522949C2.8010206@gmail.com> <5229AEDE.8090202@cisco.com>
In-Reply-To: <5229AEDE.8090202@cisco.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2013 10:51:26 -0000

Summarising a *lot* :-)

On 09/06/2013 11:30 AM, Stewart Bryant wrote:
> 
> There is a whole bunch of stuff we can do

I fully agree. Some more detail on one of those...

We setup the perpass list [1] as a venue for triaging
specific proposals in this space. A few weeks in, we
have one I-D [2] (very much a -00) that tries to describe
a threat model that matches the recent revelations,
and that could be a good reference when folks are
developing protocols.

We have found volunteers to write a draft for a BCP
on how to use perfect forward secrecy in TLS, more
common use of which (we still think) would mitigate a
bunch of the ways in which TLS traffic could be
subverted, given various forms of collusion/coercion.
I hope the -00 for that will pop out in a weekish.

We've had some discussion about how to do better with
email, but that's not yet landed on specifics that
could be taken further. And a couple of other topics
have come up. More are welcome.

For any such topic that looks like it'll turn into
something actionable (in the IETF context), I'm very
happy to push to get it adopted by a relevant WG or
to get it AD sponsored.

If you care about this stuff, then get on that list
and make concrete proposals and write I-Ds about ways
the IETF can improve the situation. If the content
is good, you'll find you're pushing on an open door
(at least as far as the SEC ADs are concerned:-).

And as we all know the IETF cannot "solve the problem"
here, but as Stewart rightly said: there is stuff we
can do better. So let's do it.

I do think some kind of session in Vancouver would be
useful to move this along some more and there's
discussion ongoing within the IESG and IAB on how to
best do that. If we (IESG/IAB) fail in that, please do
beat us up mightily at the mic in Vancouver.

Cheers,
S.

[1] https://www.ietf.org/mailman/listinfo/perpass
[2] http://tools.ietf.org/html/draft-trammell-perpass-ppa