IETF Logo Mail Archive

Re: [perpass] Violating end-to-end principle: I-D Action: draft-farrelll-mpls-opportunistic-encrypt-00.txt

Theodore Ts'o <tytso@mit.edu> Thu, 16 January 2014 19:23 UTC

Return-Path: <tytso@thunk.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A54131AC49D for <perpass@ietfa.amsl.com>; Thu, 16 Jan 2014 11:23:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.329
X-Spam-Level:
X-Spam-Status: No, score=-4.329 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, GB_I_LETTER=-2, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E1950UtnlO9d for <perpass@ietfa.amsl.com>; Thu, 16 Jan 2014 11:23:38 -0800 (PST)
Received: from imap.thunk.org (imap.thunk.org [IPv6:2600:3c02::f03c:91ff:fe96:be03]) by ietfa.amsl.com (Postfix) with ESMTP id DE6C41AC499 for <perpass@ietf.org>; Thu, 16 Jan 2014 11:23:37 -0800 (PST)
Received: from root (helo=closure.thunk.org) by imap.thunk.org with local-esmtp (Exim 4.80) (envelope-from <tytso@thunk.org>) id 1W3sXB-0005oY-IL; Thu, 16 Jan 2014 19:23:21 +0000
Received: by closure.thunk.org (Postfix, from userid 15806) id CB847580688; Thu, 16 Jan 2014 14:23:20 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=thunk.org; s=mail; t=1389900200; bh=r6KqxRDUgSIXgDKKE98p7pEAZ99BWdEWs96pZKTWnds=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=fXULcEKjAYk7zNsyUEM78zRkWtBIfKoMJ05tU0O8BUNHiIKYUr5h7meV3/DyEFFzx odtVn/od5Y+jf61LRJHS0rklwyPnYXj8y1aRzGY9Qq/uPXOZ66gcujDfP/K41f3M9m 2Bm/CazdwRYnbtQLkW2FGDfZ4At188Vv9/fb4IUg=
Date: Thu, 16 Jan 2014 14:23:20 -0500
From: Theodore Ts'o <tytso@mit.edu>
To: Phillip Hallam-Baker <hallam@gmail.com>
Message-ID: <20140116192320.GD32098@thunk.org>
References: <04c001cf1123$7e5c00c0$7b140240$@olddog.co.uk> <CAMm+Lwj0r3PNoBC0Y1ydibD3piioZ57Z1Ks-Ea6o58xahjXKwQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAMm+Lwj0r3PNoBC0Y1ydibD3piioZ57Z1Ks-Ea6o58xahjXKwQ@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: tytso@thunk.org
X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false
Cc: Adrian Farrel <adrian@olddog.co.uk>, perpass <perpass@ietf.org>, Stephen Kent <kent@bbn.com>
Subject: Re: [perpass] Violating end-to-end principle: I-D Action: draft-farrelll-mpls-opportunistic-encrypt-00.txt
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jan 2014 19:23:39 -0000

On Thu, Jan 16, 2014 at 09:57:07AM -0500, Phillip Hallam-Baker wrote:
> End to end ideology in security is particularly harmful because there are
> some security controls that are simply not compatible with end-to-end
> approaches. You cannot protect against traffic or meta-data analysis
> end-to-end.

That may be true, but the alternative of edge-to-edge security is even
worse.  Edge-to-edge security also doesn't protect against traffic or
meta-data analysis, and upon receipt of a National Security Letter to
your IMAP provider, doesn't protect the contents of your e-mail,
either.

So I don't see how claiming that striving for end-to-end security is
"harmful".

Best,

		    	     	     	     - Ted

v2.23.0 | Report a Bug | By Email