Re: [perpass] perens-perpass-appropriate-response-01

Jacob Appelbaum <jacob@appelbaum.net> Sat, 07 December 2013 10:47 UTC

Return-Path: <jacob@appelbaum.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 280F61AE2C7 for <perpass@ietfa.amsl.com>; Sat, 7 Dec 2013 02:47:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.6
X-Spam-Level:
X-Spam-Status: No, score=-0.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FSL_HELO_BARE_IP_2=2, RCVD_IN_DNSWL_LOW=-0.7] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6PyLrZC5ynCg for <perpass@ietfa.amsl.com>; Sat, 7 Dec 2013 02:47:34 -0800 (PST)
Received: from mail-bk0-f48.google.com (mail-bk0-f48.google.com [209.85.214.48]) by ietfa.amsl.com (Postfix) with ESMTP id B02C91AE2C6 for <perpass@ietf.org>; Sat, 7 Dec 2013 02:47:33 -0800 (PST)
Received: by mail-bk0-f48.google.com with SMTP id v10so675079bkz.21 for <perpass@ietf.org>; Sat, 07 Dec 2013 02:47:29 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:mime-version:to:subject :references:in-reply-to:openpgp:content-type :content-transfer-encoding; bh=K4+AtLpF9FvWPM32tJl8Pscy6zGDJKuuVLvJPX1+X74=; b=SFqpHmGBwCU7AfxYkSKnCVSWURtoihgNGAISzspn1NaShB2xEcJ0PgYOZf3MYBB0G0 AqA33bI02YCCFInDUeg9WvMtbM4dCU+1q1FR3hu9NsVKrZNV/ge4U7XhT0rnbM6Wopbx +Aiaf7O86GqypTaOrbrP+6DKhPV78z21LXoggTb54gbX5j2A/OdE+MhKA52sjEAInKgp od9dQe/jfRFIG+Yg8REqSfN74IB8jXUsGFAxfPSVu7V5HrOfvfLiFfjWAFu9R60pugE4 PMprDZH6MjndRlcNP3TE/PIVGOjWiGrf3BJzwnw8uYj41+4cqXa0Qj0S/fpDWJ0Buv3U IbzQ==
X-Gm-Message-State: ALoCoQlHE7uaC5ZEfx9KGG6QZYB2Pq+3tHLkVC743fgCqqUSQLLhwFz3iLfhf1HTR7HShR0UxwMq
X-Received: by 10.204.202.72 with SMTP id fd8mr2626139bkb.65.1386413248972; Sat, 07 Dec 2013 02:47:28 -0800 (PST)
Received: from 127.0.0.1 (1508890005.dhcp.dbnet.dk. [89.239.213.149]) by mx.google.com with ESMTPSA id t2sm1566262bkh.3.2013.12.07.02.47.26 for <perpass@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 07 Dec 2013 02:47:28 -0800 (PST)
Message-ID: <52A2EC34.9030305@appelbaum.net>
Date: Sat, 07 Dec 2013 09:36:52 +0000
From: Jacob Appelbaum <jacob@appelbaum.net>
MIME-Version: 1.0
To: perpass@ietf.org
References: <E2DA1477-C86E-441E-A33D-D47A0D67AFF3@iab.org> <EF9BD1E4-6EF3-4035-AC4E-1A2D3CADE615@mnot.net> <529E8494.7000806@perens.com> <20131204111309.GB11727@nic.fr> <529F61D8.6030105@perens.com> <20131204171207.GC19914@thunk.org> <529F63C0.3040804@perens.com> <529F88AC.3090904@appelbaum.net> <529F90A0.8000706@perens.com> <529F9205.30906@appelbaum.net> <529F98C0.9090808@perens.com> <529F9F14.8050805@appelbaum.net> <529FB61A.7090604@perens.com> <529FBEF9.7030205@appelbaum.net> <529FC347.3080806@perens.com> <52A15835.2070901@cis-india.org> <52A21B80.8070005@mykolab.com> <52A21D1C.8020000@perens.com> <BC888A6F-F048-4BA6-92F4-8812753F8534@icsi.berkeley.edu> <52A2235A.2030801@perens.com> <ADD6858C-7548-479E-BB71-316E9C52F812@icsi.berkeley.edu> <c97f3134-eedf-44e1-880c-147efb172fc6@email.android.com> <240A2D86-C352-4954-BE4E-6313BA25994E@icsi.berkeley.edu> <52A2CE6A.30408@perens.com>
In-Reply-To: <52A2CE6A.30408@perens.com>
OpenPGP: id=4193A197
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] perens-perpass-appropriate-response-01
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Dec 2013 10:47:35 -0000

Bruce Perens:
> On 12/06/2013 01:20 PM, Nicholas Weaver wrote:
>> If the attacker can see your fetches he can execute a man-on-the-side attack through packet injection.
> This is the first one I've seen that is actually compelling. But it's an 
> authentication problem rather than a confidentiality one.

Without confidentiality, a user may be targeted for specific tracking
and more importantly, they may be targeted for client side exploitation.

Do you find that compelling?

All the best,
Jacob