Re: [Model-t] draft-thomson-tmi
Christian Huitema <huitema@huitema.net> Wed, 22 July 2020 15:10 UTC
Return-Path: <huitema@huitema.net>
X-Original-To: model-t@ietfa.amsl.com
Delivered-To: model-t@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D2613A0882 for <model-t@ietfa.amsl.com>; Wed, 22 Jul 2020 08:10:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2OZ0_luszx6M for <model-t@ietfa.amsl.com>; Wed, 22 Jul 2020 08:10:46 -0700 (PDT)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04F853A086C for <model-t@iab.org>; Wed, 22 Jul 2020 08:10:44 -0700 (PDT)
Received: from xse198.mail2web.com ([66.113.196.198] helo=xse.mail2web.com) by mx128.antispamcloud.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1jyGO2-000p2K-BP for model-t@iab.org; Wed, 22 Jul 2020 17:10:40 +0200
Received: from xsmtp22.mail2web.com (unknown [10.100.68.61]) by xse.mail2web.com (Postfix) with ESMTPS id 4BBf5y5j4Rz1wkL for <model-t@iab.org>; Wed, 22 Jul 2020 08:10:14 -0700 (PDT)
Received: from [10.5.2.14] (helo=xmail04.myhosting.com) by xsmtp22.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1jyGNq-0001ui-Lm for model-t@iab.org; Wed, 22 Jul 2020 08:10:14 -0700
Received: (qmail 25295 invoked from network); 22 Jul 2020 15:10:14 -0000
Received: from unknown (HELO [192.168.1.107]) (Authenticated-user:_huitema@huitema.net@[172.58.43.134]) (envelope-sender <huitema@huitema.net>) by xmail04.myhosting.com (qmail-ldap-1.03) with ESMTPA for <model-t@iab.org>; 22 Jul 2020 15:10:14 -0000
To: Martin Thomson <mt@lowentropy.net>
Cc: model-t@iab.org
References: <422978b2-028d-48e1-85ed-ddaa36e36052@www.fastmail.com> <1164022876.4302.1594630518489@appsuite-gw2.open-xchange.com> <004e5fc9-e284-4c84-8a3c-7872ceb1d20b@www.fastmail.com> <a5838569-2b93-e982-1c9f-df773456c494@huitema.net> <CABcZeBOjcSJAt4G3q87ew3UNrLS2YkSN-+=TTUm6RVW22jfaLg@mail.gmail.com> <8d7b79d6-22f6-2212-d3c1-9b6580cea009@huitema.net> <825777D0-B098-466F-A832-BC7CAB01A9F9@kuehlewind.net> <012A2EDB-4F72-4FE3-8B43-08ACB858BF95@tzi.org> <CACsn0cnWy-mphcGBL3dhyshoFCTkbzp9=FERz27Xa3iozgK1qA@mail.gmail.com> <a1b1781d-e410-698a-51da-045d4451bb31@huitema.net> <51178433-702e-4185-8c13-b9fe420a6824@www.fastmail.com>
From: Christian Huitema <huitema@huitema.net>
Autocrypt: addr=huitema@huitema.net; prefer-encrypt=mutual; keydata= mDMEXtavGxYJKwYBBAHaRw8BAQdA1ou9A5MHTP9N3jfsWzlDZ+jPnQkusmc7sfLmWVz1Rmu0 J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PoiWBBMWCAA+FiEEw3G4 Nwi4QEpAAXUUELAmqKBYtJQFAl7WrxsCGwMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwECHgEC F4AACgkQELAmqKBYtJQbMwD/ebj/qnSbthC/5kD5DxZ/Ip0CGJw5QBz/+fJp3R8iAlsBAMjK r2tmyWyJz0CUkVG24WaR5EAJDvgwDv8h22U6QVkAuDgEXtavGxIKKwYBBAGXVQEFAQEHQJoM 6MUAIqpoqdCIiACiEynZf7nlJg2Eu0pXIhbUGONdAwEIB4h+BBgWCAAmFiEEw3G4Nwi4QEpA AXUUELAmqKBYtJQFAl7WrxsCGwwFCQlmAYAACgkQELAmqKBYtJRm2wD7BzeK5gEXSmBcBf0j BYdSaJcXNzx4yPLbP4GnUMAyl2cBAJzcsR4RkwO4dCRqM9CHpVJCwHtbUDJaa55//E0kp+gH
Message-ID: <0d1f90de-a4ec-358d-4f8f-a39dc086fa53@huitema.net>
Date: Wed, 22 Jul 2020 08:10:13 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <51178433-702e-4185-8c13-b9fe420a6824@www.fastmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Language: en-US
X-Originating-IP: 66.113.196.198
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.196.198/32
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.196.198/32@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.15)
X-Recommended-Action: accept
X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0bN4ZX/cCaR95pQ7tQtUF1ypSDasLI4SayDByyq9LIhVUZbR67CQ7/vm /hHDJU4RXkTNWdUk1Ol2OGx3IfrIJKywOmJyM1qr8uRnWBrbSAGDXz6Yli32IJdAuJ3ivsC2SsRX qYbtEQV1z/L435ZRxFSKKLskGkEDKwziCNu/Wsfd+rYZvu7UEJiU3s27VgKHO7lwS3dBJTnTxDoD vBGGxph9w6EwXICYy0ePXtGEMhqr40RKF+RjK8XobiMUkDMcvGU6UgOqKJ9sMwhVoOBGSAIboXtx P9OF0EfNs5TqNq2Yhy7LI0kfFnXdPP6btp4oBeJDeKRq5oPj2hFJhLx+qI3HlR3ootg7OlA3N5WN re/oppAGOX5cHTu1yz4pRT/9FGrxEaaKeSxe0Wrx6M4G5/WoLsdfEoJI0BNUQ4KpaNyNCwGqOUcw rXf55E8Tb8bmXq4yH8StrboPphDtmrtUkwkDMc9xayd+oZJo2heFY+g6kVWClPVvbW5lVyQanRxw 5rdY2rW50fd1ekaDpmIWc1Vmt3mnxMTQMQWbvBqEXskTQn6USYs98Imn+lZXe3dwYfgVB1xo6dCf BaU/iegBU8a4JeFQEdnPQhC+43fvoyFcj+o1XtZJSyEqJ39MclYoq+TZgDSAb1Z4salwRktAQ85X dU571qBU/d2sq9m7FB7HA2h448wqCMWfOFVL9x8f92kvZ+pWP1s35neRYWMQUWZErSs0X3oyoTc8 j/o7qulxhYy1GfB9sFAMHjdJmIKByGre/hsBBxzR0ZxLcHZ9dOj+Cd1L7QefbKu1inoEoqdRJx9e VwSFf0QW+jNRsmV9+wEH5tktsnhMr4gG+2qXrJ139iv6oyatL9oYeQB2uMlu9R/2gMGq0KWAzmMf +ibVDpdplkxcBm4XM6d7s4Bx3w1WbaUe4g0kgaInvdEp64qlVpe//bVkg87Xe61e30HXuSERbInM iTBIUBbQ/Dy6Ip4D1rnEhdYtY/lMQX5s39oH5ijcGdSK77ViXbmzTYWgl82XucjoLWQ7++7jcUS/ T5w=
X-Report-Abuse-To: spam@quarantine11.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/model-t/CaOPb_674mDcVB0OwPoKh7HgmfA>
Subject: Re: [Model-t] draft-thomson-tmi
X-BeenThere: model-t@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions of changes in Internet deployment patterns and their impact on the Internet threat model <model-t.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/model-t>, <mailto:model-t-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/model-t/>
List-Post: <mailto:model-t@iab.org>
List-Help: <mailto:model-t-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/model-t>, <mailto:model-t-request@iab.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jul 2020 15:10:48 -0000
On 7/22/2020 5:35 AM, Martin Thomson wrote: > On Wed, Jul 22, 2020, at 11:13, Christian Huitema wrote: >> Now, voice >> codec just send at a constant bit rate, independent of the variations >> in speech. > I don't believe that this is true. I don't think that countermeasures against these attacks are very widely implemented. There is definite leakage, particularly for things like IVRs, so that might be worrying. Of course, my information is a little dated. > >> Unless of course there is a clear requirement that devices can be >> audited -- and we need regulations for that. > That seems to be the only real solution here. Yes. I see the other messages from Colin and Carsten pointing out that the audio leakage issue is not always fixed in encrypted voice, despite being well known. I stand corrected and my trust in VoIP services is notched down one point lower still, but the general point stands. The general point is that a lot of the device inspection work going on today amounts to exploiting bugs in the devices. Bugs in the PKI implementation allow research to conduct MITM attacks and inspect the traffic, absence of masking traffic or constant length padding allow for detection of voice activity. There are obviously many bugs in at least some devices, which can be used in practice for some inspection. But I don't believe we can rely on that forever. If privacy researchers can exploit the bugs, so can a variety of hackers. We would rather get the bugs fixed. But then, we do need a requirement to allow inspection. My other point is that the most egregious leakage happens in the cloud. Yes, like Mirja suggests, I would personally not install cloud backed devices in my house. But that's a trade-off between function and safety, and today I don't believe we can impose that trade-off to the public at large. That mean that if there is to be regulation of devices, it has to address the cloud as well. -- Christian Huitema
- [Model-t] draft-thomson-tmi Martin Thomson
- Re: [Model-t] draft-thomson-tmi Vittorio Bertola
- Re: [Model-t] draft-thomson-tmi Eric Rescorla
- Re: [Model-t] draft-thomson-tmi Russ Housley
- Re: [Model-t] draft-thomson-tmi Martin Thomson
- Re: [Model-t] draft-thomson-tmi Christian Huitema
- Re: [Model-t] draft-thomson-tmi Eric Rescorla
- Re: [Model-t] draft-thomson-tmi Christian Huitema
- Re: [Model-t] draft-thomson-tmi Mallory Knodel
- Re: [Model-t] draft-thomson-tmi Vittorio Bertola
- Re: [Model-t] draft-thomson-tmi Spencer Dawkins at IETF
- Re: [Model-t] draft-thomson-tmi Mirja Kuehlewind
- Re: [Model-t] draft-thomson-tmi Carsten Bormann
- Re: [Model-t] draft-thomson-tmi Watson Ladd
- Re: [Model-t] draft-thomson-tmi Christian Huitema
- Re: [Model-t] draft-thomson-tmi Martin Thomson
- Re: [Model-t] draft-thomson-tmi Carsten Bormann
- Re: [Model-t] draft-thomson-tmi Colin Perkins
- Re: [Model-t] draft-thomson-tmi Christian Huitema
- Re: [Model-t] draft-thomson-tmi Jari Arkko
- Re: [Model-t] draft-thomson-tmi Martin Thomson
- Re: [Model-t] draft-thomson-tmi Eric Rescorla