[perpass] Commnets on draft-farrell-perpass-attack-00 was RE: perens-perpass-appropriate-response-01

[<l.wood@surrey.ac.uk>]

(fixing ietf-http-wg address from ietf.org to w3.org)

Perens' response at
http://perens.com/works/ietf/perpass/appropriate-response/01.pdf (not an internet draft, sigh - alienate your readers before they start!)
commenting on
http://tools.ietf.org/html/draft-farrell-perpass-attack
gives some of the reasons in support of universal encryption not being a laudable goal.

This is a political problem, not a technical problem. From a technical perspective, caching static content matters. Trying to figure out problems that aren't security problems matters. Mandating secure communications for worldwide http is pretty much the same as mandating secure encrypted email worldwide - large failure modes, resulting in an inability to communicate. Which is why use of secure email is not widespread.

As IETF security AD, Farrell's response must always be 'we need more security'  and his draft - everything is an attack - is a reflection of that outlook.

One recent time everything was viewed as an attack was in Digital Rights Management by content providers. The result of DRM was to impose massive technical costs and shift the modes of attack on content. If you want to consider the failure modes of a secured web with secure communications everywhere, consider the failure modes of DRM. Meanwhile, the content providers pursued legal remedies as more effective. Is the IETF now advocating a DRM approach, when legal remedies would be more appropriate?

Any security system or algorithm, can be broken; when it is, it is considered as no longer fit for purposes, unfashionable, and to be discarded. Security is always raising the bar - e.g.  MD5 is no longer secure enough for security purposes (though still excellent in limited context as a reliability check for large files), SHA256 may not be strong enough... this is an upgrade cycle that eventually every implementation steps off, becoming incompatible with the latest and greatest. And this upgrade cycle will break the web into little pools of not-compatible-with-latest security as a result. One way to avoid that cycle is to always permit interoperability without security. (warn as much as you like, but permit it.)

The benefits of interop testing, less power drain, less complexity, and of actually being able to communicate if that is desired. are worthwhile. Demand security everywhere if you like, and treat everything as an attack, just as DRM did, but, as with DRM, it's a fool's errand.

Lloyd Wood
http://sat-net.com/L.Wood/


________________________________________
From: Ted Lemon [ted.lemon@nominum.com]
Sent: 04 December 2013 21:27
To: Wood L  Dr (Electronic Eng)
Cc: bruce@perens.com; IETF Discussion; perpass; ietf-http-wg@ietf.org
Subject: Re: perens-perpass-appropriate-response-01

On Dec 4, 2013, at 4:17 PM, <l.wood@surrey.ac.uk> <l.wood@surrey.ac.uk> wrote:
> Universal encryption is not a a laudable goal.

Unsupported assertions are not helpful.