Re: [perpass] Howdy!
Phillip Hallam-Baker <hallam@gmail.com> Fri, 13 September 2013 18:18 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34C4021F9C4A for <perpass@ietfa.amsl.com>; Fri, 13 Sep 2013 11:18:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.019
X-Spam-Level:
X-Spam-Status: No, score=-2.019 tagged_above=-999 required=5 tests=[AWL=-0.482, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, SARE_SPEC_ROLEX_NOV5A=1.062]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IC8sLebK9mgR for <perpass@ietfa.amsl.com>; Fri, 13 Sep 2013 11:18:24 -0700 (PDT)
Received: from mail-la0-x236.google.com (mail-la0-x236.google.com [IPv6:2a00:1450:4010:c03::236]) by ietfa.amsl.com (Postfix) with ESMTP id C8CFD21F9C42 for <perpass@ietf.org>; Fri, 13 Sep 2013 11:18:21 -0700 (PDT)
Received: by mail-la0-f54.google.com with SMTP id ea20so1352994lab.27 for <perpass@ietf.org>; Fri, 13 Sep 2013 11:18:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=b8Sjx4XKVzuIINEiHr43hycHYAoeWt4Qv51JQn9aLpU=; b=cRp+ip5Gdtzbc/6ux6d/i90sqWbQnlwC/AZHtOd6LNX6R0LUN7L/b8czmW/b7lCABO y/Ctq0i+izimQzmV4nInJZrFbLI+RnwUDWvk1ogKe6qsOf76xFljFZajZpQx/uHNPJH0 ViJE28p3zOWBxhSETBLDgohc/+5W1OFh/qmjR5CAxbaD+g2pG9kD8PDLw27d2ryXDYv8 9TNL96+lkQMl2Jcz76V2Nq4CZz9fwmmeLfATG3M56Z0xGno80pphXFxu/0ZGtkaC+uCc qQFkdS59VqLjhWcNZSZOFx6k03bzhQABW11lBdHb4txaQBkGFtHllPTcyhmkLsovCkMQ YPFw==
MIME-Version: 1.0
X-Received: by 10.112.210.136 with SMTP id mu8mr12928051lbc.25.1379096300743; Fri, 13 Sep 2013 11:18:20 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Fri, 13 Sep 2013 11:18:20 -0700 (PDT)
In-Reply-To: <m28uz0fw83.wl%randy@psg.com>
References: <CAOHm=4ujOYTHO63EFWMYJBgxUWq00zezYKAJ8B4Vgf_C=xRRVg@mail.gmail.com> <5224DF25.60503@cs.tcd.ie> <7C92613E-33E8-48A6-A152-E9DBB29DEC04@softarmor.com> <522A328A.5060008@cs.tcd.ie> <522E17F9.4000206@bbn.com> <522F685B.8040106@gmx.net> <20130910185544.GF29237@thunk.org> <5232D366.1000803@appelbaum.net> <m28uz0fw83.wl%randy@psg.com>
Date: Fri, 13 Sep 2013 14:18:20 -0400
Message-ID: <CAMm+LwhJ17-Hk_22yTu==_ur+bgd-xsFaXhjjbSFB-9aU8EeWA@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Randy Bush <randy@psg.com>
Content-Type: multipart/alternative; boundary="001a11c3c7041df1cb04e647e158"
Cc: perpass <perpass@ietf.org>, Theodore Ts'o <tytso@mit.edu>, Jacob Appelbaum <jacob@appelbaum.net>
Subject: Re: [perpass] Howdy!
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Sep 2013 18:18:26 -0000
On Fri, Sep 13, 2013 at 1:49 PM, Randy Bush <randy@psg.com> wrote: > >> OF course, there will be some things where encryption is simply not > >> needed, and but data integrity is is needed. Example: time (NTP) and > >> routing protocols. So we need to be careful how we specify MUST. > >> :-) > > I think this is a reasonable read but I'd like to encourage dissent > > here. Time is a very important part of almost all cryptographic > > protocols > > i might go further. having some protocols in the clear allows the > attacker to better focus their efforts on what is encrypted. also, > though some data themselves might not require privacy, the nature of > the conversation may facilitate traffic analysis. > My security concern with NTP is not so much on the encryption side as the authentication side. Due to the nature of the protocol it is easy to get encryption if you do authentication, so why not. But the protocol seems to have been by the type of people who care about synchronizing their clocks to Tier 1 stratum sources to within a nanosecond rather than people who care about getting a very high degree of assurance that they have a trustworthy time value that is good to maybe a minute. I do want my system clock to be within a second of a good reference of course. But for security purposes I would tolerate a much lower degree of accuracy. -- Website: http://hallambaker.com/
- [perpass] Howdy! Dean Willis
- Re: [perpass] Howdy! Stephen Farrell
- Re: [perpass] Howdy! Yoav Nir
- Re: [perpass] Howdy! Dean Willis
- Re: [perpass] Howdy! Stephen Farrell
- Re: [perpass] Howdy! Moriarty, Kathleen
- Re: [perpass] Howdy! Rene Struik
- Re: [perpass] Howdy! Stephen Kent
- Re: [perpass] Howdy! Hannes Tschofenig
- Re: [perpass] Howdy! Theodore Ts'o
- Re: [perpass] Howdy! Jacob Appelbaum
- Re: [perpass] Howdy! Dean Willis
- Re: [perpass] Howdy! Dean Willis
- Re: [perpass] Howdy! Dean Willis
- Re: [perpass] Howdy! Dean Willis
- Re: [perpass] Howdy! Randy Bush
- Re: [perpass] Howdy! Phillip Hallam-Baker
- Re: [perpass] Howdy! Stephen Farrell
- Re: [perpass] Howdy! SM
- Re: [perpass] Howdy! Jacob Appelbaum
- Re: [perpass] Howdy! Norbert Bollow
- Re: [perpass] Howdy! SM
- Re: [perpass] Howdy! Phil Karn
- Re: [perpass] Howdy! Stephen Kent
- Re: [perpass] Howdy! Stephen Farrell
- Re: [perpass] Howdy! Dean Willis
- Re: [perpass] Howdy! Dean Willis