Re: [obscurity-interest] [ietf-privacy] wrt tcpcrypt and obscrypt

bmanning@vacation.karoshi.com Sun, 17 April 2011 00:52 UTC

Return-Path: <bmanning@karoshi.com>
X-Original-To: obscurity-interest@ietfc.amsl.com
Delivered-To: obscurity-interest@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id EA3CBE0768; Sat, 16 Apr 2011 17:52:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.299
X-Spam-Level:
X-Spam-Status: No, score=-6.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_72=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([208.66.40.236]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bi4ahy7-pFQ0; Sat, 16 Apr 2011 17:52:07 -0700 (PDT)
Received: from vacation.karoshi.com (vacation.karoshi.com [198.32.6.68]) by ietfc.amsl.com (Postfix) with ESMTP id BB2F3E0762; Sat, 16 Apr 2011 17:52:06 -0700 (PDT)
Received: from karoshi.com (localhost.localdomain [127.0.0.1]) by vacation.karoshi.com (8.12.8/8.12.8) with ESMTP id p3CHGkvn007562; Tue, 12 Apr 2011 17:17:01 GMT
Received: (from bmanning@localhost) by karoshi.com (8.12.8/8.12.8/Submit) id p3CHGLqv007557; Tue, 12 Apr 2011 17:16:21 GMT
Date: Tue, 12 Apr 2011 17:16:16 +0000
From: bmanning@vacation.karoshi.com
To: Dean Willis <dean.willis@softarmor.com>
Message-ID: <20110412171616.GB3486@vacation.karoshi.com.>
References: <4D936D36.5020709@KingsMountain.com> <BA8D6F6E-C927-480B-95FB-211B26F377DC@softarmor.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <BA8D6F6E-C927-480B-95FB-211B26F377DC@softarmor.com>
User-Agent: Mutt/1.4.1i
Cc: ietf-privacy@ietf.org, obscurity-interest@ietf.org
Subject: Re: [obscurity-interest] [ietf-privacy] wrt tcpcrypt and obscrypt
X-BeenThere: obscurity-interest@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion of communications obscurity and real-time communications." <obscurity-interest.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/obscurity-interest>, <mailto:obscurity-interest-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/obscurity-interest>
List-Post: <mailto:obscurity-interest@ietf.org>
List-Help: <mailto:obscurity-interest-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/obscurity-interest>, <mailto:obscurity-interest-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Apr 2011 00:52:09 -0000

On Thu, Apr 07, 2011 at 11:01:47PM -0500, Dean Willis wrote:
> 
> On Mar 30, 2011, at 12:49 PM, =JeffH wrote:
> 
> > > 1) We should try to drive the widespread use of encryption.This makes
> > > encrypted real-time channels (and other things that benefit from security)
> > > stand out less than they otherwise might. The general principle is that good
> > > network citizens, along with sharing the net gracefully, should help their
> > > neighbors hide from attacks.
> > >
> > > Along these lines, we'd like to encourage the IETF to NOT develop more
> > > protocols with encrypted and unencrypted variants. Unless protocols NEED to
> > > be unencyypted, they need to be protected. We should also encourage
> > > deprecation of the current unencrypted variants.
> > >
> > >
> > > everybody should look at the "tcpcrypt" draft. This has the potential to
> > > opportunistically encrypt applications using TCP and nicely augments TCP
> > > applications.It might be possible to do somethi'ng similar to do something
> > > similsr for UDP.
> > 
> > In terms of the latter, I believe you mean..
> > 
> > draft-bittau-tcp-crypt-00
> > 
> > see also: http://tcpcrypt.org/
> > 
> > I've played with the impl on linux and it apparently worked. ( I left comment #46 here: http://tcpcrypt.org/fame.php )
> > 
> 
> 
> Yes, that's the one. I talked it over with co-author Mark Handley while in Prague. He had so far not done much to socialize the draft, but was starting to talk about it some during the meeting. I also discussed with with EKR, who didn't seem to see much of an advantage over TLS.
> 
> > 
> > there's also this similar work to take a look at..
> > 
> > Opportunistic Encryption Everywhere - Adam Langley
> > http://w2spconf.com/2009/papers/s1p2.pdf
> > 
> > https://secure.wikimedia.org/wikipedia/en/wiki/Obfuscated_TCP
> > 
> > 
> 
> Good reference. Thanks!
> 
> > AdamL brought his stuff up on the tcp list (not sure offhand of exact list moniker) and it got shot down (so he felt, but he didn't try for more than just 3 days to get acceptance... :)
> > 
> 
> It's hard to get stuff past the TLS lobby, I think.
> 
> --
> Dean
> 

	I know many folks on this list are scared from the crypto-wars of last century.

the dnssec tango..

	http://www.toad.com/gnu/export/export.html

wassenaar agreement..

	http://www.freeswan.org/freeswan_trees/freeswan-1.5/doc/exportlaws.html

current US rules.. (non-US rules are found elsewhere)

	http://www.bis.doc.gov/encryption/default.htm

I don't think it is a trivial matter to have the IETF working on confidentiality & privacy by mandating strong
encryption in Internet (global) standards.  I suspect the intersection of national laws and  technical standards
is going to be a difficult road to walk, esp if there is a desire for a global standard.

/bill