[perpass] Way forward? [Was: Tiny stacks]
Martin Millnert <martin@millnert.se> Mon, 09 December 2013 21:55 UTC
Return-Path: <martin@millnert.se>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F5351AE108 for <perpass@ietfa.amsl.com>; Mon, 9 Dec 2013 13:55:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.693
X-Spam-Level:
X-Spam-Status: No, score=0.693 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FH_RELAY_NODNS=1.451, HELO_EQ_SE=0.35, RDNS_NONE=0.793, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1xYiftdhi1EO for <perpass@ietfa.amsl.com>; Mon, 9 Dec 2013 13:55:50 -0800 (PST)
Received: from mail.millnert.se (unknown [95.80.32.84]) by ietfa.amsl.com (Postfix) with ESMTP id 295FC1AE0D0 for <perpass@ietf.org>; Mon, 9 Dec 2013 13:55:49 -0800 (PST)
Received: from [192.168.120.241] (dynamic.1.9.c0255cb5b480.f46d4e0fc2a.afb.bredband2.com [31.208.64.196]) by mail.millnert.se (Postfix) with ESMTPSA id A0294A3; Mon, 9 Dec 2013 22:58:27 +0100 (CET)
Message-ID: <1386626136.7652.24.camel@pishuli.lund.millnert.se>
From: Martin Millnert <martin@millnert.se>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Date: Mon, 09 Dec 2013 22:55:36 +0100
In-Reply-To: <52A61E4C.6020403@gmail.com>
References: <290E20B455C66743BE178C5C84F1240847E5103799@EXMB01CMS.surrey.ac.uk> , <2C66A416-5F07-4803-A4C0-BB61734BA42E@nominum.com> <290E20B455C66743BE178C5C84F1240847E510379A@EXMB01CMS.surrey.ac.uk> , <529F7690.2050302@gmx.net> <290E20B455C66743BE178C5C84F1240847E510379C@EXMB01CMS.surrey.ac.uk> , <52A1BBBC.9090509@cs.tcd.ie> <290E20B455C66743BE178C5C84F1240847E510379D@EXMB01CMS.surrey.ac.uk> <52A4D7D9.9000603@cs.tcd.ie>, <52A4E412.4030804@gmail.com> <72B86100-E73E-46BD-ABD6-8E35D56DBDDA@cisco.com> <52A61E4C.6020403@gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-OUg5HbYbl+gkRFNUCpcD"
X-Mailer: Evolution 3.4.4-3
Mime-Version: 1.0
Cc: perpass@ietf.org, "Stewart Bryant (stbryant)" <stbryant@cisco.com>
Subject: [perpass] Way forward? [Was: Tiny stacks]
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Dec 2013 21:55:52 -0000
On Tue, 2013-12-10 at 08:47 +1300, Brian E Carpenter wrote: > It seems to me that perpass should think a little bit about > privacy and anti-surveillance issues for devices with tiny > stacks, and see if that calls for any specific IETF work items. I completely agree it's good to understand consequences on security requirements. That will probably follow naturally on the other hand, once said requirements become known. But what's more important, is what failure to fulfill the requirements mean. For example: Requirements & considerations for mitigating pervasive passive surveillance are <X>. Device D or protocol P fulfills 50% of <X>. Thus, D / P are not [insert pervasive surveillance-resistant consumer logo here] compliant. That would be some form of ideal information to possess, allowing protocols & implementations, etc. to more easily be benchmarked on their performance of surveillance-resistance. Divide and conquer. By enumerating and specifying the threats (on all stack layers, even if implementation of mitigation is not up to IETF) and what's generally required to avoid them separately from guidance on how to avoid them, or guidance for protocol wg's, I believe we can better avoid the... detours and distractions. Vendors have been building TLS MITM for enterprises for a long time. That is not necessarily going to be stopped by always-on-TLS in HTTP 2.0. That, and how to balance bandwidth saving caching functions with perpass-resistant protocols, is probably better discussed in their respective wg's. What should be perfectly clear is however, that for example in HTTP 2.0, allowing transparent proxies, will score very, very low on perpass-resistance. That benchmarking feature is IMO useful output from perpass following draft-farrell-perpass-attack-02, which to me reads completely fine. My 2c, Martin
- [perpass] Commnets on draft-farrell-perpass-attac… l.wood
- Re: [perpass] Commnets on draft-farrell-perpass-a… Ted Lemon
- Re: [perpass] Commnets on draft-farrell-perpass-a… Bruce Perens
- Re: [perpass] Commnets on draft-farrell-perpass-a… Phillip Hallam-Baker
- Re: [perpass] Commnets on draft-farrell-perpass-a… l.wood
- Re: [perpass] Commnets on draft-farrell-perpass-a… Ted Lemon
- Re: [perpass] Commnets on draft-farrell-perpass-a… Theodore Ts'o
- Re: [perpass] Commnets on draft-farrell-perpass-a… Hannes Tschofenig
- Re: [perpass] Commnets on draft-farrell-perpass-a… Bruce Perens
- Re: [perpass] Commnets on draft-farrell-perpass-a… Bruce Perens
- Re: [perpass] Commnets on draft-farrell-perpass-a… Mark Nottingham
- Re: [perpass] Commnets on draft-farrell-perpass-a… Bruce Perens
- Re: [perpass] Commnets on draft-farrell-perpass-a… Jacob Appelbaum
- Re: [perpass] Commnets on draft-farrell-perpass-a… Bruce Perens
- Re: [perpass] Commnets on draft-farrell-perpass-a… Jacob Appelbaum
- Re: [perpass] Commnets on draft-farrell-perpass-a… Phillip Hallam-Baker
- Re: [perpass] Commnets on draft-farrell-perpass-a… Bruce Perens
- Re: [perpass] Commnets on draft-farrell-perpass-a… Stephane Bortzmeyer
- Re: [perpass] Commnets on draft-farrell-perpass-a… Josh Howlett
- Re: [perpass] Commnets on draft-farrell-perpass-a… Stephen Farrell
- Re: [perpass] Commnets on draft-farrell-perpass-a… Josh Howlett
- Re: [perpass] Commnets on draft-farrell-perpass-a… Stephen Farrell
- Re: [perpass] Commnets on draft-farrell-perpass-a… Josh Howlett
- Re: [perpass] Commnets on draft-farrell-perpass-a… Stephen Farrell
- [perpass] Tiny stacks Brian E Carpenter
- Re: [perpass] Tiny stacks Richard Barnes
- Re: [perpass] Tiny stacks Robin Wilton
- Re: [perpass] Tiny stacks Paul Ferguson
- Re: [perpass] Tiny stacks Hannes Tschofenig
- [perpass] Way forward? [Was: Tiny stacks] Martin Millnert
- Re: [perpass] Tiny stacks Brian E Carpenter
- Re: [perpass] Tiny stacks Phillip Hallam-Baker
- Re: [perpass] Tiny stacks Richard Barnes
- Re: [perpass] Tiny stacks Martin Thomson
- Re: [perpass] Tiny stacks Stephen Farrell
- Re: [perpass] Tiny stacks Richard Barnes
- Re: [perpass] Tiny stacks Bjoern Hoehrmann
- Re: [perpass] Tiny stacks Richard Barnes
- Re: [perpass] Tiny stacks Stephen Farrell
- Re: [perpass] Tiny stacks Stephen Farrell
- Re: [perpass] Tiny stacks Brian E Carpenter
- Re: [perpass] Tiny stacks Phillip Hallam-Baker
- Re: [perpass] Tiny stacks Stephen Farrell
- Re: [perpass] Tiny stacks Phillip Hallam-Baker
- Re: [perpass] Tiny stacks Robin Wilton
- Re: [perpass] Tiny stacks Joseph Lorenzo Hall
- Re: [perpass] Tiny stacks Scott Brim
- Re: [perpass] Tiny stacks Scott Brim
- Re: [perpass] Tiny stacks Phillip Hallam-Baker
- Re: [perpass] Tiny stacks Dean Willis