Re: [perpass] Violating end-to-end principle: I-D Action: draft-farrelll-mpls-opportunistic-encrypt-00.txt
Phillip Hallam-Baker <hallam@gmail.com> Thu, 16 January 2014 14:57 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4553D1AE35D for <perpass@ietfa.amsl.com>; Thu, 16 Jan 2014 06:57:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hi6esnrOFuVb for <perpass@ietfa.amsl.com>; Thu, 16 Jan 2014 06:57:21 -0800 (PST)
Received: from mail-lb0-x22c.google.com (mail-lb0-x22c.google.com [IPv6:2a00:1450:4010:c04::22c]) by ietfa.amsl.com (Postfix) with ESMTP id E22521AE349 for <perpass@ietf.org>; Thu, 16 Jan 2014 06:57:20 -0800 (PST)
Received: by mail-lb0-f172.google.com with SMTP id c11so2004616lbj.31 for <perpass@ietf.org>; Thu, 16 Jan 2014 06:57:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=NzFAtQ+EPbUVEdkusV2DaO/8kk/vS0PAfBC4zyVosyU=; b=jjqg31Cf87SJQKXfMmnE0Z/KGKgw5uPzez3oR4Rhla9dzDH7kin6YvUjOTQDG6A/P2 F9+zOpzC0ZdyUAAH81aQayDIATKxKpAaikd1vxVNom/gnMq7cKyHS8lORau9MvfTsLyi kKGDfO0DL0GC9Hjw1SwiHpp+6m2RYQebTcdMsIT27VmVWP+LnLpyvUSg3HsOO0i5+YFQ j9w2cO7FU/dcIP4u5tLyg/+7q7wyrMkMvQQMgSUJEJm06JTpyG6m5YxjfjcNj3P/KSDk BV6SPABAsAWt7KDtddWLgf5SxiTar+F5DDKFFbTe1IEZbif9VIW4tut7chkhoaUPG35P uMYA==
MIME-Version: 1.0
X-Received: by 10.152.1.197 with SMTP id 5mr5447547lao.0.1389884228013; Thu, 16 Jan 2014 06:57:08 -0800 (PST)
Received: by 10.112.37.172 with HTTP; Thu, 16 Jan 2014 06:57:07 -0800 (PST)
In-Reply-To: <04c001cf1123$7e5c00c0$7b140240$@olddog.co.uk>
References: <04c001cf1123$7e5c00c0$7b140240$@olddog.co.uk>
Date: Thu, 16 Jan 2014 09:57:07 -0500
Message-ID: <CAMm+Lwj0r3PNoBC0Y1ydibD3piioZ57Z1Ks-Ea6o58xahjXKwQ@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Adrian Farrel <adrian@olddog.co.uk>
Content-Type: multipart/alternative; boundary="089e0112bfceb094d704f017a3d6"
Cc: perpass <perpass@ietf.org>, Theodore Ts'o <tytso@mit.edu>, Stephen Kent <kent@bbn.com>
Subject: Re: [perpass] Violating end-to-end principle: I-D Action: draft-farrelll-mpls-opportunistic-encrypt-00.txt
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jan 2014 14:57:23 -0000
On Tue, Jan 14, 2014 at 7:23 AM, Adrian Farrel <adrian@olddog.co.uk> wrote: > > > >It helps against some attacks, but it doesn't help for others, right? > > > >After all, if you are a US national, you might not trust that the > > > >Chinese Telecom won't pass your traffic to the MSS. (Or if you are a > > > >German national, that AT&T won't decrypto your traffic and then pass > > > >it off to the NSA...) > > > yep. IPsec, under the control of a subscriber, offers more protection, > > > in princple. > > > > Or put another way, MPLS-mediated encryption violates the end-to-end > > principle. It also allows ISP's to violate net neutrality principles > > as well (i.e., by allowing them to do deep packet inspection and then > > prioritizing some traffic over others). > > Two things here (probably wandering into a minefield, but that's my ball > that > rolled in): > > 1. "Allows" the ISP to do DPI? Nothing allows DPI apart from regulators, > morals, > or encryption of the pieces that might be deeply inspected. > You might as well say that not shooting elephants allows ISPs to do DPI! > So, I think what you are saying is that not doing IPsec on your (IP) > traffic > allows the ISP to do DPI. > But doing MPLS encryption also stops transit nodes from doing DPI, but it > does > not stop edge (i.e., MPLS end) nodes from doing DPI. > In some deployments (carrier's carrier, MPLS-based enterprise over ISP) the > traffic may already be MPLS, and so MPLS encryption might be what is > available. > > 2. I think the end-to-end principle may already have been somewhat diluted > by > the introduction of edges, and the deployment of tunnels. I am guessing > that you > mean that the responsibility for securing traffic lies with the > originator/consumer of the traffic. And that is largely fine, but again > runs > into VPN type discussions. > People should read the end-to-end paper before they recite it as holy lore. End to end is an argument about the consequences of where a design places complexity. It only considers the end and the center of the network. The edge is not really acknowledged as an option because it didn't exist when the paper was written. Mail has not been end-to-end for at least 20 years. It turned into an end-to-edge-to-end protocol in the mid 90s and it has been an edge-to-edge affair since SUBMIT and IMAP became the norm. The end to end argument is useful but end-to-end ideology is positively harmful. End to end ideology in security is particularly harmful because there are some security controls that are simply not compatible with end-to-end approaches. You cannot protect against traffic or meta-data analysis end-to-end. Rather than contrast S/MIME and PGP being 'end-to-end' protocols against STARTTLS being transport, it is rather more useful to recognize that S/MIME and PGP are data level security rather than transport layer. S/MIME provides end-to-end security but not metadata security. But people seem to have largely missed the fact that S/MIME is actually capable of providing data level security as a superset of end-to-end. Why don't Word and Excel etc. just save all their documents in encrypted CMS envelopes by default? Shouldn't this be a priority now we are moving to the cloud? -- Website: http://hallambaker.com/
- [perpass] Violating end-to-end principle: I-D Act… Adrian Farrel
- Re: [perpass] Violating end-to-end principle: I-D… Phillip Hallam-Baker
- Re: [perpass] Violating end-to-end principle: I-D… Joseph Lorenzo Hall
- Re: [perpass] Violating end-to-end principle: I-D… Theodore Ts'o
- Re: [perpass] Violating end-to-end principle: I-D… Dave Crocker
- Re: [perpass] Violating end-to-end principle: I-D… Stephen Farrell
- Re: [perpass] Violating end-to-end principle: I-D… Phillip Hallam-Baker
- Re: [perpass] Violating end-to-end principle: I-D… Christian Huitema
- Re: [perpass] Violating end-to-end principle: I-D… Phillip Hallam-Baker
- Re: [perpass] Violating end-to-end principle: I-D… Stephen Kent
- [perpass] tcpcrypt applicability (Was: Re: Violat… Stephen Farrell
- Re: [perpass] tcpcrypt applicability (Was: Re: Vi… Dave Crocker
- Re: [perpass] tcpcrypt applicability (Was: Re: Vi… Phillip Hallam-Baker
- Re: [perpass] tcpcrypt applicability (Was: Re: Vi… Stephen Kent
- Re: [perpass] tcpcrypt applicability (Was: Re: Vi… Phillip Hallam-Baker
- Re: [perpass] tcpcrypt applicability (Was: Re: Vi… Stephen Kent
- Re: [perpass] tcpcrypt applicability (Was: Re: Vi… Phillip Hallam-Baker
- Re: [perpass] tcpcrypt applicability (Was: Re: Vi… Stephen Kent
- Re: [perpass] tcpcrypt applicability (Was: Re: Vi… Phillip Hallam-Baker
- [perpass] Increasingly strange thread (was: .... … Leif Johansson
- Re: [perpass] Increasingly strange thread (was: .… Scott Brim
- Re: [perpass] tcpcrypt applicability (Was: Re: Vi… Stephen Kent