IETF Logo Mail Archive

RE: [saag] Is opportunistic unauthenticated encryption a waste of time?

Christian Huitema <huitema@microsoft.com> Sat, 23 August 2014 03:57 UTC

Return-Path: <huitema@microsoft.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CC171A03B1; Fri, 22 Aug 2014 20:57:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Level:
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id svhlGuAPEtPs; Fri, 22 Aug 2014 20:57:24 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2lp0238.outbound.protection.outlook.com [207.46.163.238]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4DD4D1A0149; Fri, 22 Aug 2014 20:57:24 -0700 (PDT)
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com (25.160.96.17) by DM2PR0301MB0654.namprd03.prod.outlook.com (25.160.96.16) with Microsoft SMTP Server (TLS) id 15.0.1010.18; Sat, 23 Aug 2014 03:57:23 +0000
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com ([25.160.96.17]) by DM2PR0301MB0655.namprd03.prod.outlook.com ([25.160.96.17]) with mapi id 15.00.1015.017; Sat, 23 Aug 2014 03:57:22 +0000
From: Christian Huitema <huitema@microsoft.com>
To: Theodore Ts'o <tytso@mit.edu>, Bernard Aboba <bernard_aboba@hotmail.com>
Subject: RE: [saag] Is opportunistic unauthenticated encryption a waste of time?
Thread-Topic: [saag] Is opportunistic unauthenticated encryption a waste of time?
Thread-Index: AQHPvhF40HplM2hILkOzAbbw4a9vopvdc6MAgAANrACAAA6XoA==
Date: Sat, 23 Aug 2014 03:57:22 +0000
Message-ID: <52b6dc3d1e9a43a48b3e05fb48bd2599@DM2PR0301MB0655.namprd03.prod.outlook.com>
References: <53F548E5.2070208@cs.tcd.ie> <53F54F1C.1060405@dcrocker.net> <53F5D303.1090400@cs.tcd.ie> <CAMm+LwhmJpnU8E9ifA47baneGB=qjHzU_cy+wepPYLXrOhB+Pg@mail.gmail.com> <20140821160402.GT14392@mournblade.imrryr.org> <f5d8b5dc37b84f709c8f2df7c7a69daf@AMSPR06MB439.eurprd06.prod.outlook.com> <CAK3OfOgZzoXVnrE8Nbs6mwN2xD_snbzH9jT8TsYOVt8UASahYQ@mail.gmail.com> <a354d63505924d76a15b505e60e27a16@AMSPR06MB439.eurprd06.prod.outlook.com> <20140822140000.GE14392@mournblade.imrryr.org> <BLU181-W84354FE6BEF12305A2A7DB93D10@phx.gbl> <20140823030250.GT11085@thunk.org>
In-Reply-To: <20140823030250.GT11085@thunk.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [24.16.156.113]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;UriScan:;
x-forefront-prvs: 031257FE13
x-forefront-antispam-report: SFV:NSPM; SFS:(6009001)(189002)(199003)(74662001)(21056001)(2171001)(81342001)(74316001)(80022001)(83322001)(107046002)(85306004)(99396002)(99286002)(74502001)(66066001)(101416001)(2656002)(20776003)(54356999)(95666004)(92566001)(77096002)(50986999)(81542001)(108616004)(76176999)(33646002)(106356001)(76576001)(79102001)(83072002)(76482001)(86362001)(87936001)(31966008)(4396001)(64706001)(85852003)(46102001)(105586002)(77982001)(106116001)(90102001)(93886004)(24736002); DIR:OUT; SFP:; SCL:1; SRVR:DM2PR0301MB0654; H:DM2PR0301MB0655.namprd03.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/yU6mLBFBcgXYAJMjYW2PSfhAkfI
Cc: "saag@ietf.org" <saag@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Aug 2014 03:57:26 -0000

> This assumes that the telecom carriers and/or the suppliers of the
> carrier grade equipment would cooperate with the nation-states in
> question.  That could happen, certainly, but it becomes much more
> difficult to do this surreptitiously.

It is also fairly easy for OS conscious applications to use channel binding schemes and detect the MITM. At that point, the spies have to move from covert monitoring to overt surveillance, which should have some noticeable political consequences.

-- Christian Huitema

v2.23.0 | Report a Bug | By Email