Re: [perpass] Commnets on draft-farrell-perpass-attack-00 was RE: perens-perpass-appropriate-response-01
Josh Howlett <Josh.Howlett@ja.net> Thu, 05 December 2013 10:53 UTC
Return-Path: <Josh.Howlett@ja.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CE941ADF26; Thu, 5 Dec 2013 02:53:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ytJmEQC7BWyk; Thu, 5 Dec 2013 02:53:17 -0800 (PST)
Received: from egw001.ukerna.ac.uk (egw001.ukerna.ac.uk [194.82.140.74]) by ietfa.amsl.com (Postfix) with ESMTP id CBD731ADE72; Thu, 5 Dec 2013 02:53:16 -0800 (PST)
Received: from egw001.ukerna.ac.uk (localhost.localdomain [127.0.0.1]) by localhost (Email Security Appliance) with SMTP id 12FB41AF2F0A_2A05B19B; Thu, 5 Dec 2013 10:53:13 +0000 (GMT)
Received: from EXC001.atlas.ukerna.ac.uk (exc001.atlas.ukerna.ac.uk [193.62.83.37]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client CN "staffmail.ja.net", Issuer "TERENA SSL CA" (verified OK)) by egw001.ukerna.ac.uk (Sophos Email Appliance) with ESMTPS id C04841AF2F0C_2A05B18F; Thu, 5 Dec 2013 10:53:12 +0000 (GMT)
Received: from EXC001.atlas.ukerna.ac.uk ([193.62.83.37]) by EXC001 ([193.62.83.37]) with mapi id 14.03.0123.003; Thu, 5 Dec 2013 10:53:12 +0000
From: Josh Howlett <Josh.Howlett@ja.net>
To: Ted Lemon <ted.lemon@nominum.com>, "<l.wood@surrey.ac.uk>" <l.wood@surrey.ac.uk>
Thread-Topic: Commnets on draft-farrell-perpass-attack-00 was RE: perens-perpass-appropriate-response-01
Thread-Index: AQHO8TzpP5tlkNSKykiLz/9Jsx4RUZpEodCAgADJ2QA=
Date: Thu, 05 Dec 2013 10:53:12 +0000
Message-ID: <CEC5F4B3.1282E%Josh.Howlett@ja.net>
References: <290E20B455C66743BE178C5C84F1240847E5103799@EXMB01CMS.surrey.ac.uk> <2C66A416-5F07-4803-A4C0-BB61734BA42E@nominum.com>
In-Reply-To: <2C66A416-5F07-4803-A4C0-BB61734BA42E@nominum.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.3.9.131030
x-originating-ip: [194.82.140.76]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <EF6F0C32B4E1FE4DB16F2FB6E5743CF3@ukerna.ac.uk>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailman-Approved-At: Thu, 05 Dec 2013 02:54:05 -0800
Cc: perpass <perpass@ietf.org>, IETF Discussion <ietf@ietf.org>, "bruce@perens.com" <bruce@perens.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Subject: Re: [perpass] Commnets on draft-farrell-perpass-attack-00 was RE: perens-perpass-appropriate-response-01
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Dec 2013 10:53:19 -0000
>> >>This is a political problem, not a technical problem. From a technical >>perspective, caching static content matters. Trying to figure out >>problems that aren't security problems matters. Mandating secure >>communications for worldwide http is pretty much the same as mandating >>secure encrypted email worldwide - large failure modes, resulting in an >>inability to communicate. Which is why use of secure email is not >>widespread. > >I take it you haven't been reading the responses to Bruce's essay, or you >would have seen that these points have already been discussed and refuted. Without naming specific territories, pervasive monitoring of the kind that has motivated this discussion has been imposed on a very large part of the world's Internet-connected population for many years, in full knowledge of the technical community (and, indeed, the educated layman); and allegedly assisted by some of the well-known vendors represented here. All that has happened is that the technical community, who are largely based in other world regions, has just discovered that it, too, has been subject to this pervasive monitoring. It is the indignation and affront arising from the sudden closure of the gap between expectation and reality that is driving this, not any novel specific technical threat or vulnerability. It is worth reflecting on what the reaction of the IAB/IESG might have been if these revelations had surfaced shortly before IETF 79, rather than around the bastions of liberalism in Berlin and Vancouver. Probably somewhat different. And let's not forget that many within the industry will have been aware of the generalities of the monitoring before the disclosures, even if they weren't familiar with the operational detail. This is, therefore, most assuredly a political problem. But that is not an argument not to increase security. I fully support action to increase security, where it responds to the prevailing threat environment. But it will be a perpetuation of the naivety that has characterised this debate to think that this alone will halt pervasive monitoring, because the threat is not technical in nature. The technical response must be coordinated with a political response, or else the perpetrators will find political means to route around the technical measures. The political response shouldn't be organised within the IETF, but it does need to liaise with those responsible for doing that. Unfortunately I am not observing any movement by any of the other parties within our wonderful multi-stakeholder system that you would think would be notionally responsible for this. My fear is that they are opting to drink the technology Kool-Aid, to avoid grasping the political nettle. That is what should be concerning us right now. Josh. Janet(UK) is a trading name of Jisc Collections and Janet Limited, a not-for-profit company which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
- [perpass] Commnets on draft-farrell-perpass-attac… l.wood
- Re: [perpass] Commnets on draft-farrell-perpass-a… Ted Lemon
- Re: [perpass] Commnets on draft-farrell-perpass-a… Bruce Perens
- Re: [perpass] Commnets on draft-farrell-perpass-a… Phillip Hallam-Baker
- Re: [perpass] Commnets on draft-farrell-perpass-a… l.wood
- Re: [perpass] Commnets on draft-farrell-perpass-a… Ted Lemon
- Re: [perpass] Commnets on draft-farrell-perpass-a… Theodore Ts'o
- Re: [perpass] Commnets on draft-farrell-perpass-a… Hannes Tschofenig
- Re: [perpass] Commnets on draft-farrell-perpass-a… Bruce Perens
- Re: [perpass] Commnets on draft-farrell-perpass-a… Bruce Perens
- Re: [perpass] Commnets on draft-farrell-perpass-a… Mark Nottingham
- Re: [perpass] Commnets on draft-farrell-perpass-a… Bruce Perens
- Re: [perpass] Commnets on draft-farrell-perpass-a… Jacob Appelbaum
- Re: [perpass] Commnets on draft-farrell-perpass-a… Bruce Perens
- Re: [perpass] Commnets on draft-farrell-perpass-a… Jacob Appelbaum
- Re: [perpass] Commnets on draft-farrell-perpass-a… Phillip Hallam-Baker
- Re: [perpass] Commnets on draft-farrell-perpass-a… Bruce Perens
- Re: [perpass] Commnets on draft-farrell-perpass-a… Stephane Bortzmeyer
- Re: [perpass] Commnets on draft-farrell-perpass-a… Josh Howlett
- Re: [perpass] Commnets on draft-farrell-perpass-a… Stephen Farrell
- Re: [perpass] Commnets on draft-farrell-perpass-a… Josh Howlett
- Re: [perpass] Commnets on draft-farrell-perpass-a… Stephen Farrell
- Re: [perpass] Commnets on draft-farrell-perpass-a… Josh Howlett
- Re: [perpass] Commnets on draft-farrell-perpass-a… Stephen Farrell
- [perpass] Tiny stacks Brian E Carpenter
- Re: [perpass] Tiny stacks Richard Barnes
- Re: [perpass] Tiny stacks Robin Wilton
- Re: [perpass] Tiny stacks Paul Ferguson
- Re: [perpass] Tiny stacks Hannes Tschofenig
- [perpass] Way forward? [Was: Tiny stacks] Martin Millnert
- Re: [perpass] Tiny stacks Brian E Carpenter
- Re: [perpass] Tiny stacks Phillip Hallam-Baker
- Re: [perpass] Tiny stacks Richard Barnes
- Re: [perpass] Tiny stacks Martin Thomson
- Re: [perpass] Tiny stacks Stephen Farrell
- Re: [perpass] Tiny stacks Richard Barnes
- Re: [perpass] Tiny stacks Bjoern Hoehrmann
- Re: [perpass] Tiny stacks Richard Barnes
- Re: [perpass] Tiny stacks Stephen Farrell
- Re: [perpass] Tiny stacks Stephen Farrell
- Re: [perpass] Tiny stacks Brian E Carpenter
- Re: [perpass] Tiny stacks Phillip Hallam-Baker
- Re: [perpass] Tiny stacks Stephen Farrell
- Re: [perpass] Tiny stacks Phillip Hallam-Baker
- Re: [perpass] Tiny stacks Robin Wilton
- Re: [perpass] Tiny stacks Joseph Lorenzo Hall
- Re: [perpass] Tiny stacks Scott Brim
- Re: [perpass] Tiny stacks Scott Brim
- Re: [perpass] Tiny stacks Phillip Hallam-Baker
- Re: [perpass] Tiny stacks Dean Willis