IETF Logo Mail Archive

Re: [perpass] Howdy!

Dean Willis <dean.willis@softarmor.com> Fri, 13 September 2013 16:29 UTC

Return-Path: <dean.willis@softarmor.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BA5421E80E8 for <perpass@ietfa.amsl.com>; Fri, 13 Sep 2013 09:29:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.01
X-Spam-Level:
X-Spam-Status: No, score=-102.01 tagged_above=-999 required=5 tests=[AWL=-0.011, BAYES_00=-2.599, J_CHICKENPOX_21=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pWRljv+VLZJ3 for <perpass@ietfa.amsl.com>; Fri, 13 Sep 2013 09:29:08 -0700 (PDT)
Received: from mail-ob0-x235.google.com (mail-ob0-x235.google.com [IPv6:2607:f8b0:4003:c01::235]) by ietfa.amsl.com (Postfix) with ESMTP id 229AF21E80AE for <perpass@ietf.org>; Fri, 13 Sep 2013 09:28:58 -0700 (PDT)
Received: by mail-ob0-f181.google.com with SMTP id gq1so1319301obb.12 for <perpass@ietf.org>; Fri, 13 Sep 2013 09:28:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softarmor.com; s=google; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=lGJ5V50InJYKLAHhSl+koymis8kOTbwU1jBu2W4q6aE=; b=bjE+q8Yy0yFGMEvI/9+wN1G1hVhHrcuNg1Gc0gegkDvfq3yoEEECBUAZOvAUfgKqmv cU25h1AAujVeDqAV5jv83y7NkUSTuuTb7EU3k+z2rg/95u1xzhfCzeUWpW+Pq5U6xRca 2GCdruSy76qxdOIwM6lT8g5EZLdbkJUQ4ZoDk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=lGJ5V50InJYKLAHhSl+koymis8kOTbwU1jBu2W4q6aE=; b=FuE3a8Ut2Wtri6UN90TRPuDccmuBcrIsaa9xjTjsFDIYqd5kKjpcHnBeaas0YrhxB9 AT7Og7kIm0V0YZmLis9uMsp7B3KW0YarOKXAngpdKS8usdtwkYm//7yo/py9cYcz8zaF J/2dbOog5e2e9ADTNlzyIq8G5S1gVRD9KzJDH64x8ipCf4Wg9tmDFAvIFRNDk7I+mu2x Jlx9usMonI7opFNHDpB+xoUsf2qDMcIS0dTHWRKtg7JR9EtYaAzsGZbauGyboNdqg8n9 w54XUQH2evgl7rTyCGwtScL4f8PW7Jm167QiFUniGrFzfhbQH3+6pRDF4yRWfkV77w7m wzdA==
X-Gm-Message-State: ALoCoQmuBRKVHl+AP2+Utf5YiCXl+eEeJDjZZW9fN6m2RAWJ/tQkgRUjr/VsFgi4GFBFM/mmPo39
X-Received: by 10.182.242.37 with SMTP id wn5mr13017096obc.56.1379089737684; Fri, 13 Sep 2013 09:28:57 -0700 (PDT)
Received: from [192.168.2.112] (cpe-72-181-157-19.tx.res.rr.com. [72.181.157.19]) by mx.google.com with ESMTPSA id hl3sm14985900obb.0.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 13 Sep 2013 09:28:57 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_FD29B929-CC83-4158-92EC-E5EFF8C3F362"; protocol="application/pgp-signature"; micalg="pgp-sha1"
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: Dean Willis <dean.willis@softarmor.com>
In-Reply-To: <20130910185544.GF29237@thunk.org>
Date: Fri, 13 Sep 2013 11:28:55 -0500
Message-Id: <6014FAD0-A423-4DC1-9F3D-4D407F7F74A8@softarmor.com>
References: <CAOHm=4ujOYTHO63EFWMYJBgxUWq00zezYKAJ8B4Vgf_C=xRRVg@mail.gmail.com> <5224DF25.60503@cs.tcd.ie> <7C92613E-33E8-48A6-A152-E9DBB29DEC04@softarmor.com> <522A328A.5060008@cs.tcd.ie> <522E17F9.4000206@bbn.com> <522F685B.8040106@gmx.net> <20130910185544.GF29237@thunk.org>
To: Theodore Ts'o <tytso@mit.edu>
X-Mailer: Apple Mail (2.1508)
Cc: "perpass@ietf.org" <perpass@ietf.org>
Subject: Re: [perpass] Howdy!
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Sep 2013 16:29:09 -0000

On Sep 10, 2013, at 1:55 PM, Theodore Ts'o <tytso@mit.edu> wrote:
> 
> Also, perfect forward secrecy (PFS) versus non-PFS.  If we are going
> to make encryption a SHOULD or a MUST, so should be PFS.  Even if the
> key management is a problem, or worse, let's suppose the NSA has the
> private keys for a number of the major CA's, if everything is using
> PFS, then an attacker who is interested in doing bulk surveillance
> will have to MITM all of the traffic.  That will take a large amount
> of power and cooling, so it becomes a lot more expensive to do bulk
> surveillance, and it will also be much, MUCH harder to do it covertly
> (you can't just hide a box in a telephone closet somewhere; but rather
> racks and racks of servers at Tier 1 NAP's will be required).

Sounds reasonable.

--
Dean

v2.23.0 | Report a Bug | By Email