Re: [perpass] US intelligence chief says we might use the IoT to spy on you
"Christian Huitema" <huitema@huitema.net> Thu, 11 February 2016 18:39 UTC
Return-Path: <huitema@huitema.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E4721B38F7 for <perpass@ietfa.amsl.com>; Thu, 11 Feb 2016 10:39:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Level:
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FTFxhMW7i7gs for <perpass@ietfa.amsl.com>; Thu, 11 Feb 2016 10:39:31 -0800 (PST)
Received: from xsmtp03.mail2web.com (xsmtp03.mail2web.com [168.144.250.223]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27A161B38F6 for <perpass@ietf.org>; Thu, 11 Feb 2016 10:39:31 -0800 (PST)
Received: from [10.5.2.18] (helo=xmail08.myhosting.com) by xsmtp03.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1aTw9H-0007Z3-Qi for perpass@ietf.org; Thu, 11 Feb 2016 13:39:29 -0500
Received: (qmail 3198 invoked from network); 11 Feb 2016 18:39:26 -0000
Received: from unknown (HELO huitema2) (Authenticated-user:_huitema@huitema.net@[131.107.160.119]) (envelope-sender <huitema@huitema.net>) by xmail08.myhosting.com (qmail-ldap-1.03) with ESMTPA for <housley@vigilsec.com>; 11 Feb 2016 18:39:26 -0000
From: Christian Huitema <huitema@huitema.net>
To: 'Stephen Farrell' <stephen.farrell@cs.tcd.ie>, 'Russ Housley' <housley@vigilsec.com>, 'perpass' <perpass@ietf.org>
References: <D2E1E4F0.3C6A1%harper@isoc.org> <946B2223-C0BD-4AFE-AE76-99478609104F@vigilsec.com> <56BCA55E.2020205@cs.tcd.ie>
In-Reply-To: <56BCA55E.2020205@cs.tcd.ie>
Date: Thu, 11 Feb 2016 10:39:24 -0800
Message-ID: <0cbc01d164fb$88b09da0$9a11d8e0$@huitema.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQIlpOk1AH4NLSStxACpcGDiskbGfgIbdDSqAYQWeaGeYaUrAA==
Content-Language: en-us
Archived-At: <http://mailarchive.ietf.org/arch/msg/perpass/UU7udaHjkDHeIPZckV7NtAz79Og>
Subject: Re: [perpass] US intelligence chief says we might use the IoT to spy on you
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Feb 2016 18:39:37 -0000
On Thursday, February 11, 2016 7:15 AM, Stephen Farrell wrote: > On 11/02/16 15:02, Russ Housley wrote: > > http://www.theguardian.com/technology/2016/feb/09/internet-of-things-s > > mart-home-devices-government-surveillance-james- clapper?CMP=share_btn_fb > > > > > Yeah, that's a shocker eh;-( Many of the appliances are designed to "report to the cloud," and have a business model based on the "big data" that they acquire. If we design appliances like that, it will be hard to keep "big brother" away. > FYI, I did try to argue for defining a padding scheme in the COSE wg [1] but > nobody else seems to care, so at present, I think they won't define a > mechanism. > > Padding of course isn't anywhere near sufficient but if we don't add such > mechanisms to our protocols, then ISTM that we're making that kind of > tracking easier. > > More broadly, if someone has expertise in this space, and would like to do a > presentation at a saag session at an IETF meeting, I think that'd be good. > Contact Kathleen and I if so. Sure, encrypting the communications between the appliances and the cloud cannot hurt. But we should also look at standardization, so that appliances can communicate directly, or so that people could easily switch the "appliance monitoring" services. In the absence of such standards, we get lots of info concentrated in few places, which becomes of course a target for all kind of spying. -- Christian Huitema
- Re: [perpass] US intelligence chief says we might… Dave Crocker
- [perpass] US intelligence chief says we might use… Russ Housley
- Re: [perpass] US intelligence chief says we might… Joseph Lorenzo Hall
- Re: [perpass] US intelligence chief says we might… Stephen Farrell
- Re: [perpass] US intelligence chief says we might… dan
- [perpass] Minimal benefit from perimeter protecti… Dave Crocker
- Re: [perpass] US intelligence chief says we might… Robin Wilton
- Re: [perpass] US intelligence chief says we might… Christian Huitema
- Re: [perpass] US intelligence chief says we might… Ted Lemon
- Re: [perpass] US intelligence chief says we might… dan
- Re: [perpass] US intelligence chief says we might… Paul Ferguson
- Re: [perpass] US intelligence chief says we might… Robin Wilton
- Re: [perpass] US intelligence chief says we might… Brian Trammell
- Re: [perpass] US intelligence chief says we might… Michael Richardson
- Re: [perpass] US intelligence chief says we might… Dave Crocker
- Re: [perpass] US intelligence chief says we might… Dan York
- Re: [perpass] US intelligence chief says we might… Dave Crocker
- Re: [perpass] US intelligence chief says we might… Olle E. Johansson
- Re: [perpass] US intelligence chief says we might… Robin Wilton
- Re: [perpass] US intelligence chief says we might… Dave Crocker
- Re: [perpass] US intelligence chief says we might… Olle E. Johansson
- Re: [perpass] US intelligence chief says we might… dan