Re: [perpass] Howdy!
Theodore Ts'o <tytso@mit.edu> Tue, 10 September 2013 18:56 UTC
Return-Path: <tytso@thunk.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 178E321F9675 for <perpass@ietfa.amsl.com>; Tue, 10 Sep 2013 11:56:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0-i8aGAgD5wi for <perpass@ietfa.amsl.com>; Tue, 10 Sep 2013 11:55:52 -0700 (PDT)
Received: from imap.thunk.org (imap.thunk.org [IPv6:2600:3c02::f03c:91ff:fe96:be03]) by ietfa.amsl.com (Postfix) with ESMTP id 82E6621F92B8 for <perpass@ietf.org>; Tue, 10 Sep 2013 11:55:46 -0700 (PDT)
Received: from root (helo=closure.thunk.org) by imap.thunk.org with local-esmtp (Exim 4.80) (envelope-from <tytso@thunk.org>) id 1VJT6H-0005zm-D1; Tue, 10 Sep 2013 18:55:45 +0000
Received: by closure.thunk.org (Postfix, from userid 15806) id B042E580876; Tue, 10 Sep 2013 14:55:44 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=thunk.org; s=mail; t=1378839344; bh=Q5y6Nil9iMxv7+8g76nXBWk8JA1nZxljz0ydJIAk/WQ=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=BQmzqT99UFWiOSqdS8lqWuE3xu7WUVZrP0QRkAbHE9rgPuZKGtVViMYORiT9TAQc2 6LYTRbv+Kl/s3xaV7wbjQHFeL4nwnE7yHyiRTaX7g5yOACzQumGf/G49ZwgR3X4IEu AsHHxT0HIJEk5tNFPkiKv/57EsHiu0TcRbxWKYWA=
Date: Tue, 10 Sep 2013 14:55:44 -0400
From: Theodore Ts'o <tytso@mit.edu>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Message-ID: <20130910185544.GF29237@thunk.org>
References: <CAOHm=4ujOYTHO63EFWMYJBgxUWq00zezYKAJ8B4Vgf_C=xRRVg@mail.gmail.com> <5224DF25.60503@cs.tcd.ie> <7C92613E-33E8-48A6-A152-E9DBB29DEC04@softarmor.com> <522A328A.5060008@cs.tcd.ie> <522E17F9.4000206@bbn.com> <522F685B.8040106@gmx.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <522F685B.8040106@gmx.net>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: tytso@thunk.org
X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false
Cc: perpass@ietf.org, Dean Willis <dean.willis@softarmor.com>
Subject: Re: [perpass] Howdy!
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Sep 2013 18:56:13 -0000
On Tue, Sep 10, 2013 at 09:43:39PM +0300, Hannes Tschofenig wrote: > > > 1) Everything SHOULD be encrypted, unless there is an absolute > operational requirement not to. This means "encryption by default" > in new protocols, and not even specifying unencrypted operations > modes unless necessary.... > > I guess there are two issues here, namely: > > * End-to-end vs. Hop-by-hop (or stuff in between) > > * Encryption itself is often not the problem but rather the key management Also, perfect forward secrecy (PFS) versus non-PFS. If we are going to make encryption a SHOULD or a MUST, so should be PFS. Even if the key management is a problem, or worse, let's suppose the NSA has the private keys for a number of the major CA's, if everything is using PFS, then an attacker who is interested in doing bulk surveillance will have to MITM all of the traffic. That will take a large amount of power and cooling, so it becomes a lot more expensive to do bulk surveillance, and it will also be much, MUCH harder to do it covertly (you can't just hide a box in a telephone closet somewhere; but rather racks and racks of servers at Tier 1 NAP's will be required). OF course, there will be some things where encryption is simply not needed, and but data integrity is is needed. Example: time (NTP) and routing protocols. So we need to be careful how we specify MUST. :-) - Ted
- [perpass] Howdy! Dean Willis
- Re: [perpass] Howdy! Stephen Farrell
- Re: [perpass] Howdy! Yoav Nir
- Re: [perpass] Howdy! Dean Willis
- Re: [perpass] Howdy! Stephen Farrell
- Re: [perpass] Howdy! Moriarty, Kathleen
- Re: [perpass] Howdy! Rene Struik
- Re: [perpass] Howdy! Stephen Kent
- Re: [perpass] Howdy! Hannes Tschofenig
- Re: [perpass] Howdy! Theodore Ts'o
- Re: [perpass] Howdy! Jacob Appelbaum
- Re: [perpass] Howdy! Dean Willis
- Re: [perpass] Howdy! Dean Willis
- Re: [perpass] Howdy! Dean Willis
- Re: [perpass] Howdy! Dean Willis
- Re: [perpass] Howdy! Randy Bush
- Re: [perpass] Howdy! Phillip Hallam-Baker
- Re: [perpass] Howdy! Stephen Farrell
- Re: [perpass] Howdy! SM
- Re: [perpass] Howdy! Jacob Appelbaum
- Re: [perpass] Howdy! Norbert Bollow
- Re: [perpass] Howdy! SM
- Re: [perpass] Howdy! Phil Karn
- Re: [perpass] Howdy! Stephen Kent
- Re: [perpass] Howdy! Stephen Farrell
- Re: [perpass] Howdy! Dean Willis
- Re: [perpass] Howdy! Dean Willis