Re: [perpass] Getting started...

"Russ White" <russw@riw.us> Sat, 17 August 2013 15:12 UTC

Return-Path: <russw@riw.us>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AC7F11E813F for <perpass@ietfa.amsl.com>; Sat, 17 Aug 2013 08:12:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.562
X-Spam-Level:
X-Spam-Status: No, score=-2.562 tagged_above=-999 required=5 tests=[AWL=0.038, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ROJmnLXGu0TE for <perpass@ietfa.amsl.com>; Sat, 17 Aug 2013 08:12:47 -0700 (PDT)
Received: from da31.namelessnet.net (da31.namelessnet.net [74.124.205.66]) by ietfa.amsl.com (Postfix) with ESMTP id 84DFA21F8E85 for <perpass@ietf.org>; Sat, 17 Aug 2013 08:12:47 -0700 (PDT)
Received: from cpe-174-106-045-093.ec.res.rr.com ([174.106.45.93] helo=RussPC) by da31.namelessnet.net with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.80.1) (envelope-from <russw@riw.us>) id 1VAiBJ-0003cd-AM; Sat, 17 Aug 2013 08:12:46 -0700
From: "Russ White" <russw@riw.us>
To: "'Stephen Farrell'" <stephen.farrell@cs.tcd.ie>, "'Randy Bush'" <randy@psg.com>
References: <520E5684.1090005@cs.tcd.ie> <6.2.5.6.2.20130816171144.0c01f738@resistor.net> <520F4AE1.5040403@cs.tcd.ie> <m27gfkfwmm.wl%randy@psg.com> <520F525C.5020800@cs.tcd.ie>
In-Reply-To: <520F525C.5020800@cs.tcd.ie>
Date: Sat, 17 Aug 2013 11:12:47 -0400
Message-ID: <022e01ce9b5c$3c471130$b4d53390$@riw.us>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQFhI7XZ7p27zrKKNxD6OpAghwzlGgJUokovAbiw3zcBpdXjNQIFy0ptmjanU6A=
Content-Language: en-us
X-Antivirus-Scanner: Seems clean. You should still use an Antivirus Scanner
Cc: perpass@ietf.org
Subject: Re: [perpass] Getting started...
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Aug 2013 15:12:53 -0000

> > i know bgp payload does not excite a lot of folk, but encrypting it
> > makes ip space tracability just that much harder.  and opportunistic
> > encryption would be trivial to negotiate in the bgp open.  and i am
> > looking at bgpsec doing payload encryption.
> 
> I think that's a great example of the kind of nob-obvious changes that
could
> be useful and doable. I'd welcome more... and since we're just starting
out,
> makng a list of those would maybe be a useful thing so it'd be great to
get
> suggestions for putting on that list...

Are we talking hop-by-hop encryption of the payload along the lines of ipsec
between peers? Or encrypting the payload by changing the actual BGP packet
format?

How much is on-the-wire monitoring of routing udpates an issue if there is a
cooperating provider (or even an open route view server) mirroring the
global table? Is it even practical to try and "hide" the global table in any
meaningful sense? Beyond this, wouldn't any form of tunneling or proxy or
NAT ruin the traceability anyway? Why not focus on providing proxies and the
like to obfuscate the traffic path rather than trying to encrypt the routing
table?

> > i would love it if my email client ( well, normal email clients :-)
> > automagically encrypted to the recipients for whom i have a public key.
> > maybe the folk way up there at layer seven can come up with an even
> > better idea.

Thunderbird+Enigmail does this. I recently switched off Thunderbird, though,
because of a complete lack of any reasonable calendar client... another part
of this problem is sheer education. I know lots of folks with public keys,
but they won't encrypt their email traffic, because "I have nothing to hide"
--and complete bit of nonsense, but very prevelant.

Russ