Re: [perpass] Getting started...

Paul Wouters <paul@cypherpunks.ca> Sat, 17 August 2013 17:20 UTC

Return-Path: <paul@cypherpunks.ca>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5FAD21F85B4 for <perpass@ietfa.amsl.com>; Sat, 17 Aug 2013 10:20:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sMeAL749RXaN for <perpass@ietfa.amsl.com>; Sat, 17 Aug 2013 10:20:18 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) by ietfa.amsl.com (Postfix) with ESMTP id BB50911E81FE for <perpass@ietf.org>; Sat, 17 Aug 2013 10:20:18 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3cHSp63wqFz8P for <perpass@ietf.org>; Sat, 17 Aug 2013 13:20:14 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id F_t0V5_VSNBI for <perpass@ietf.org>; Sat, 17 Aug 2013 13:20:13 -0400 (EDT)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) by mx.nohats.ca (Postfix) with ESMTP for <perpass@ietf.org>; Sat, 17 Aug 2013 13:20:13 -0400 (EDT)
Received: by bofh.nohats.ca (Postfix, from userid 500) id 6FD1A80EE1; Sat, 17 Aug 2013 13:20:14 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 63152804AB for <perpass@ietf.org>; Sat, 17 Aug 2013 13:20:14 -0400 (EDT)
Date: Sat, 17 Aug 2013 13:20:13 -0400 (EDT)
From: Paul Wouters <paul@cypherpunks.ca>
X-X-Sender: paul@bofh.nohats.ca
To: perpass@ietf.org
In-Reply-To: <6.2.5.6.2.20130816171144.0c01f738@resistor.net>
Message-ID: <alpine.LFD.2.10.1308171313400.10823@bofh.nohats.ca>
References: <520E5684.1090005@cs.tcd.ie> <6.2.5.6.2.20130816171144.0c01f738@resistor.net>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
Subject: Re: [perpass] Getting started...
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Aug 2013 17:20:24 -0000

On Fri, 16 Aug 2013, SM wrote:

> "Privacy by default" has, up to now, been a failure in the IETF.

It has been a conscious choice though. For example, compare IKEv1 versus
IKEv2. The privacy of the ID against passive attackers was sacrificed
to save a single RTT. I know "we" (the freeswan people) did not agree,
but everyone else considered speed more important.

I think we have learned since, that with things like session resumption,
we can perhaps get both privacy and speed, although the session
resumption in itself could also be an information leak.

> Discussions about monitoring is a sensitive subject.

Indeed. Many years ago when in The Netherlands, lawful interception
became a reality for ISPs, and a tapping specification (TIIT) came into
existence, ISPs were forced to install commercial "black boxes" that
complied to the spec. I tried to get funding to make an open source
implementation. I quickly found that no one wanted to be known for
sponsoring an interception device. Everyone agrees an opensource box
is better than a blackbox, but everyone was afraid of misinterpretation.

Paul