Re: [Pearg] Research Group Last Call for "A Survey of Worldwide Censorship Techniques"

"S. Moonesamy" <> Thu, 23 July 2020 22:57 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C48E63A0814 for <>; Thu, 23 Jul 2020 15:57:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 7B8LGSZO-wFZ for <>; Thu, 23 Jul 2020 15:57:57 -0700 (PDT)
Received: from ( [IPv6:2001:42d0:0:404::83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 7A2AC3A0813 for <>; Thu, 23 Jul 2020 15:57:56 -0700 (PDT)
Received: from [] (port=54136 by with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.84_2) (envelope-from <>) id 1jyk9t-0006jD-7J; Fri, 24 Jul 2020 02:57:49 +0400
Message-Id: <>
X-Mailer: QUALCOMM Windows Eudora Version
Date: Thu, 23 Jul 2020 15:55:01 -0700
To: Joseph Lorenzo Hall <>,
From: "S. Moonesamy" <>
References: <> <> <> <> <> <> <> <> <>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Archived-At: <>
Subject: Re: [Pearg] Research Group Last Call for "A Survey of Worldwide Censorship Techniques"
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 23 Jul 2020 22:58:00 -0000

Dear Joe,
At 03:05 PM 23-07-2020, Joseph Lorenzo Hall wrote:
>Hi, sorry for not following up sooner (going through things making 
>slides for next Monday!).
>I'm unclear as to what you'd like the draft to say differently here. 
>Happy to work on making it more clear but I think what you've 
>outlined is what I understand the ability for an RIR to be compelled 
>to sign routes that misdirect traffic. best, Joe

I provided an opinion of the technical aspects based on my 
understanding of how RPKI and TLS works.  RFC 8446 describes the 
properties of the secure channel defined in that document and states 
that "These properties should be true even in the face of an attacker 
who has complete control of the network ..."  My reading of the text 
in Section 3 is that those properties (Authentication, 
Confidentiality, Integrity) would no longer be true if a route was 
incorrectly "signed".

I would suggest verifying whether my interpretation (please see 
above) is correct or not.

S. Moonesamy