Re: [Patient] DOJ first on encryption services
Eric Rescorla <ekr@rtfm.com> Sun, 18 March 2018 12:46 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: patient@ietfa.amsl.com
Delivered-To: patient@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26AF31277BB for <patient@ietfa.amsl.com>; Sun, 18 Mar 2018 05:46:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.639
X-Spam-Level:
X-Spam-Status: No, score=-1.639 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q69feuYZBuJU for <patient@ietfa.amsl.com>; Sun, 18 Mar 2018 05:46:30 -0700 (PDT)
Received: from mail-qt0-x236.google.com (mail-qt0-x236.google.com [IPv6:2607:f8b0:400d:c0d::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFF7F126D3F for <patient@ietf.org>; Sun, 18 Mar 2018 05:46:29 -0700 (PDT)
Received: by mail-qt0-x236.google.com with SMTP id s2so252852qti.2 for <patient@ietf.org>; Sun, 18 Mar 2018 05:46:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=XLamRv0RGcSTjXuUxKlIgG1uRF89Rbpr6vxRk1Exr4o=; b=QD/y9HgR6YEus/+yl/jzdO7w79PTCnoJliPSePWkYoROk4KXiSsDN+ZpnOla8nzAl3 8LBDw2KVq+hC4Lu/td1XckiezOKPVvMFx95JZlsJhyKz+Yl/gQRkyW0Cbme8HYFj0yei SyUBADHkMGX3SfWTIC0b8r1xFqjxYpaS6/nUMx5NUTAC43aT+CR965SlKlQ2DWOFUhPc OZZJfZ3visJkUlK10QPXq9Infg+7wmSxTpdgEQAXYozcoTvMB2xenMvnXMictHltkChY rqHe3wCuk3j/x7VJ25woqYYyfroKBDU2S7RLbn6h//w7575ig3b6YD/aZx4Wc3q7LyRz vKKQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=XLamRv0RGcSTjXuUxKlIgG1uRF89Rbpr6vxRk1Exr4o=; b=KI6trx0CjZphNjE4fIJh47EewILH8o7/MuaQ6Q7CAMmBRu57+X4HSJR1hz/QPw9cvs WZYKLeVNubxAohiEm98ZcB8La2PXPTg6+EEQDwXB26MPq13YRNt41+x28iuGJ8F/Uak2 YiEHW/q/Djg5mji1pomMxKrX4V/4GKK8enLpR2WOG1xIue+qLrnwjHCmhC5Eahsrwqsy sy6ZTWwyV48tfRMSt4er4AlrQ50Ci4xPBQZfJkl87Ovp1+21AhzjsRmt30V7NVliPaXM Kh44pDAXrJpNEaUn/A0umGJ35SSFc52h5VbQhKZIqA92LLxFqzYUczLjrCSCXyUzDU81 BK5w==
X-Gm-Message-State: AElRT7FFW6ZQOw9ojW/cc4rawN5hSd7QAIDhKAhRTg1IylLA/kGEskay eZbxFkugahgmoSVGZAhKX0cs6X0lf6JXsbFrG/HNqw==
X-Google-Smtp-Source: AG47ELsZssN5ICMespGQHJGEtsSLjKH7ahBtKrcmFvkBH+mJL19RHRqyhEqg7NAtO8lNY8osoRd00M9XxR8VoK/uvbQ=
X-Received: by 10.200.42.177 with SMTP id b46mr12927063qta.321.1521377188942; Sun, 18 Mar 2018 05:46:28 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.200.37.234 with HTTP; Sun, 18 Mar 2018 05:45:48 -0700 (PDT)
In-Reply-To: <9d71af7a-cdf2-7590-6e12-e3207e2c4736@yaanatech.co.uk>
References: <02be9028-a8fd-f527-826b-5361de1470ce@yaanatech.co.uk> <F8164D9E-92C2-4440-BD06-6D81852918B8@telefonica.com> <9d71af7a-cdf2-7590-6e12-e3207e2c4736@yaanatech.co.uk>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 18 Mar 2018 12:45:48 +0000
Message-ID: <CABcZeBOyyr44-ED9MMhHtzPuTq-Xt_iYeJKs6vbOUN=Stjc==g@mail.gmail.com>
To: tony@yaanatech.co.uk
Cc: "Diego R. Lopez" <diego.r.lopez@telefonica.com>, Brian Witten <brian_witten@symantec.com>, "patient@ietf.org" <patient@ietf.org>
Content-Type: multipart/alternative; boundary="001a113b0328eaa82d0567af3ac3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/patient/vn53N34IEr_E0mcObxRU0Mdxqks>
Subject: Re: [Patient] DOJ first on encryption services
X-BeenThere: patient@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Protecting against Attacks Tunneling In Encrypted Network Tunnels <patient.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/patient>, <mailto:patient-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/patient/>
List-Post: <mailto:patient@ietf.org>
List-Help: <mailto:patient-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/patient>, <mailto:patient-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Mar 2018 12:46:32 -0000
On Sun, Mar 18, 2018 at 12:30 PM, Tony Rutkowski <tony@yaanatech.co.uk> wrote: > Hi Diego, > > It is also worth referencing a relatively recent Lawfare article on the > scaling litigation in the U.S. against those supporting e2e encryption > services or capabilities. > https://www.lawfareblog.com/did-congress-immunize-twitter-ag > ainst-lawsuits-supporting-isis > > This litigation trend is also likely to increase the insurance costs of > providers. Indeed, a provider that supports TLS1.3, QUIC, SNI, etc, may > not even be able to get insurance. It may be fun and games to play crypto > rebel in venues like the IETF where the risk exposure is minimal, but when > it comes to real world consequences and costs, the equations for providers > are rather different. I think this rather overestimates the degree to which both TLS 1.3 and QUIC change the equation about what a provider is able to determine from traffic inspection. As a practical matter, the primary change from TLS 1.2 is that the provider does not get to see the server's certificate, but it does see the SNI. Given that the SNI contains the identity of the server that the client is connected to and that the other identities in the certificate are often whatever the provider decided to co-locate on the same machine, I'm not sure how much information you are really losing. -Ekr > > > --tony > > > _______________________________________________ > PATIENT mailing list > PATIENT@ietf.org > https://www.ietf.org/mailman/listinfo/patient >
- Re: [Patient] DOJ first on encryption services Kathleen Moriarty
- Re: [Patient] DOJ first on encryption services Eric Rescorla
- Re: [Patient] DOJ first on encryption services Bret Jordan
- [Patient] DOJ first on encryption services Tony Rutkowski
- Re: [Patient] DOJ first on encryption services Diego R. Lopez
- Re: [Patient] DOJ first on encryption services Tony Rutkowski
- Re: [Patient] DOJ first on encryption services Tony Rutkowski
- Re: [Patient] DOJ first on encryption services Eric Rescorla
- Re: [Patient] DOJ first on encryption services Diego R. Lopez
- Re: [Patient] DOJ first on encryption services Tony Rutkowski
- Re: [Patient] DOJ first on encryption services Eric Rescorla
- Re: [Patient] DOJ first on encryption services Bret Jordan
- Re: [Patient] DOJ first on encryption services Eric Rescorla