Re: [perpass] perens-perpass-appropriate-response-01
Jacob Appelbaum <jacob@appelbaum.net> Thu, 05 December 2013 00:05 UTC
Return-Path: <jacob@appelbaum.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AED561AE1D7 for <perpass@ietfa.amsl.com>; Wed, 4 Dec 2013 16:05:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.6
X-Spam-Level:
X-Spam-Status: No, score=-0.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FSL_HELO_BARE_IP_2=2, RCVD_IN_DNSWL_LOW=-0.7] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I9c65CP-Sim5 for <perpass@ietfa.amsl.com>; Wed, 4 Dec 2013 16:05:02 -0800 (PST)
Received: from mail-wi0-f170.google.com (mail-wi0-f170.google.com [209.85.212.170]) by ietfa.amsl.com (Postfix) with ESMTP id 3222A1AE1CF for <perpass@ietf.org>; Wed, 4 Dec 2013 16:05:02 -0800 (PST)
Received: by mail-wi0-f170.google.com with SMTP id hq4so118225wib.1 for <perpass@ietf.org>; Wed, 04 Dec 2013 16:04:58 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:mime-version:to:subject :references:in-reply-to:openpgp:content-type :content-transfer-encoding; bh=DK7pi6sJOH3jOhkYoXDykY0OshigEPw20CjI+PW4DyI=; b=h25kKdgWbGrwQ96IsfVRR+XTIAeRyKxMB7k/rhvrVvXwYc7Q2ihet1LDBqzL9ZlG+T dAgqDjnX/bzx8uED9Rf0VXr6n0stVKazeGMkTmcCqkcStyNtjZCNUEBuXvLRU/emUm8G GqOOn6tOr9mnotpvNy+nVWDZzPYmswb/PYWjrDj4HvM37Gs0vvAQa9+Nf30w5baGjB+w SgL5vLwbZAZN5/9/1ymAqNVfn9rW4vI6PVabXYEtoFV9ILvTWo4lTdu2tnMMStiWpopi xGvuN/+1EGalNQJ+HgJQYSVlR7DQ0NfdKrbjWN6FMRl2xGM/6ESh20MdfDnUD42mQD5D Z8jA==
X-Gm-Message-State: ALoCoQk+Wbmoqfl9mEtckSYVL9gV8zkzcve5DFmpS/wM02wPQ3T09bYRFd0pY88YTYULqZr3wOYb
X-Received: by 10.180.10.138 with SMTP id i10mr9570504wib.44.1386201898595; Wed, 04 Dec 2013 16:04:58 -0800 (PST)
Received: from 127.0.0.1 (mozart.coqblin.net. [88.190.14.21]) by mx.google.com with ESMTPSA id f11sm863114wic.4.2013.12.04.16.04.47 for <perpass@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 04 Dec 2013 16:04:57 -0800 (PST)
Message-ID: <529FC231.4030308@appelbaum.net>
Date: Thu, 05 Dec 2013 00:00:49 +0000
From: Jacob Appelbaum <jacob@appelbaum.net>
MIME-Version: 1.0
To: perpass@ietf.org
References: <E2DA1477-C86E-441E-A33D-D47A0D67AFF3@iab.org> <EF9BD1E4-6EF3-4035-AC4E-1A2D3CADE615@mnot.net> <529E8494.7000806@perens.com> <20131204111309.GB11727@nic.fr> <529F61D8.6030105@perens.com> <20131204171207.GC19914@thunk.org> <529F63C0.3040804@perens.com> <529F88AC.3090904@appelbaum.net> <529F90A0.8000706@perens.com> <CFE20C30-34F4-4252-840E-E9CB5182BD26@fugue.com> <529FBDA6.9030100@perens.com>
In-Reply-To: <529FBDA6.9030100@perens.com>
OpenPGP: id=4193A197
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] perens-perpass-appropriate-response-01
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Dec 2013 00:05:03 -0000
Bruce Perens: > >> They make it too easy for _anybody_ to eavesdrop, and to use the information >> they acquire whilst eavesdropping in really nefarious ways (e.g. the watering >> hole attack someone referred to recently). > So, build browsers that request https preferentially. Publish that as a > recommendation. But please don't lock everyone into your solution. Wait, what? Please don't lock everyone into well understood vulnerabilities? Let us improve the protocols by opportunistically encrypting and when you think you have nothing to hide, you can opt-out, right? You have nothing to hide, right? Speaking of which, what is the content of your /etc/shadow Bruce? :) The attack surface of a browser is immense - the best way to protect against exploitation is to ensure that there is transport layer security. TLS (or something like it) helps us while we audit the image parsers, the javascript engines and it helps mitigate injection that would exploit vulnerable plugins; this is a very minimal amount of work to protect a lot of attack surface. At least then we're nearly back to watering hole attacks which requires, often, user interaction that is very detectable. I'd encourage you to read this: http://www.wired.com/opinion/2013/11/this-is-how-the-internet-backbone-has-been-turned-into-a-weapon/ Professor Weaver's article is very close to accurate. By the end of the month, I believe there will be much more clarity on the topic. This is a serious problem and it is internet wide. Sincerely, Jacob
- [perpass] perens-perpass-appropriate-response-01 Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… JOSEFSSON Erik
- Re: [perpass] perens-perpass-appropriate-response… Martin Millnert
- Re: [perpass] perens-perpass-appropriate-response… Stephane Bortzmeyer
- Re: [perpass] perens-perpass-appropriate-response… Hannes Tschofenig
- Re: [perpass] perens-perpass-appropriate-response… Yoav Nir
- Re: [perpass] perens-perpass-appropriate-response… S Moonesamy
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Theodore Ts'o
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Nicholas Weaver
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Nicholas Weaver
- Re: [perpass] perens-perpass-appropriate-response… Brian E Carpenter
- Re: [perpass] perens-perpass-appropriate-response… Jacob Appelbaum
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Martin Thomson
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Jacob Appelbaum
- Re: [perpass] perens-perpass-appropriate-response… Jacob Appelbaum
- Re: [perpass] perens-perpass-appropriate-response… Nicholas Weaver
- Re: [perpass] perens-perpass-appropriate-response… Andreas Kuckartz
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Brian E Carpenter
- Re: [perpass] perens-perpass-appropriate-response… Ted Lemon
- Re: [perpass] perens-perpass-appropriate-response… l.wood
- Re: [perpass] perens-perpass-appropriate-response… Jacob Appelbaum
- Re: [perpass] perens-perpass-appropriate-response… Jacob Appelbaum
- Re: [perpass] perens-perpass-appropriate-response… Phillip Hallam-Baker
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Ted Lemon
- Re: [perpass] perens-perpass-appropriate-response… Ted Lemon
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Jacob Appelbaum
- Re: [perpass] perens-perpass-appropriate-response… Ted Lemon
- Re: [perpass] perens-perpass-appropriate-response… Jacob Appelbaum
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Ted Lemon
- Re: [perpass] perens-perpass-appropriate-response… Jacob Appelbaum
- Re: [perpass] perens-perpass-appropriate-response… Stephane Bortzmeyer
- Re: [perpass] perens-perpass-appropriate-response… Joseph Lorenzo Hall
- Re: [perpass] perens-perpass-appropriate-response… Eliot Lear
- Re: [perpass] perens-perpass-appropriate-response… Pranesh Prakash
- Re: [perpass] Fwd: Re: perens-perpass-appropriate… Phillip Hallam-Baker
- Re: [perpass] perens-perpass-appropriate-response… SM
- Re: [perpass] perens-perpass-appropriate-response… Andreas Kuckartz
- Re: [perpass] perens-perpass-appropriate-response… Jacob Appelbaum
- [perpass] Egal wie man diskutiert (was: perens-pe… SM
- Re: [perpass] perens-perpass-appropriate-response… Paul Ferguson
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Nicholas Weaver
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Nicholas Weaver
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Nicholas Weaver
- Re: [perpass] Fwd: Re: perens-perpass-appropriate… Phillip Hallam-Baker
- Re: [perpass] perens-perpass-appropriate-response… Andreas Kuckartz
- Re: [perpass] perens-perpass-appropriate-response… Ralf Skyper Kaiser
- Re: [perpass] perens-perpass-appropriate-response… Bjoern Hoehrmann
- Re: [perpass] perens-perpass-appropriate-response… John Wroclawski
- [perpass] Using the abusrd isn't a compelling arg… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Jacob Appelbaum
- Re: [perpass] perens-perpass-appropriate-response… Jacob Appelbaum
- Re: [perpass] perens-perpass-appropriate-response… Jacob Appelbaum
- Re: [perpass] perens-perpass-appropriate-response… Stephen Farrell
- Re: [perpass] perens-perpass-appropriate-response… Nicholas Weaver
- Re: [perpass] Egal wie man diskutiert Hannes Tschofenig
- [perpass] Fwd: Re: perens-perpass-appropriate-res… Bruce Perens
- [perpass] Fwd: Re: perens-perpass-appropriate-res… Bruce Perens
- Re: [perpass] Fwd: Re: perens-perpass-appropriate… Christian Huitema
- Re: [perpass] Fwd: Re: perens-perpass-appropriate… Nicholas Weaver
- Re: [perpass] Egal wie man diskutiert Phillip Hallam-Baker
- Re: [perpass] Egal wie man diskutiert Kent_Landfield
- Re: [perpass] Egal wie man diskutiert Phillip Hallam-Baker
- Re: [perpass] perens-perpass-appropriate-response… Robin Wilton
- Re: [perpass] perens-perpass-appropriate-response… Robin Wilton
- Re: [perpass] Fwd: Re: perens-perpass-appropriate… Stephen Farrell
- Re: [perpass] Fwd: Re: perens-perpass-appropriate… Hannes Tschofenig
- Re: [perpass] perens-perpass-appropriate-response… Albert Lunde
- Re: [perpass] perens-perpass-appropriate-response… Robin Wilton
- Re: [perpass] Fwd: Re: perens-perpass-appropriate… Stephen Kent
- Re: [perpass] Fwd: Re: perens-perpass-appropriate… Stephen Kent
- Re: [perpass] perens-perpass-appropriate-response… Dave Crocker
- Re: [perpass] perens-perpass-appropriate-response… Richard Barnes
- Re: [perpass] perens-perpass-appropriate-response… Dave Crocker
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens