Re: [perpass] perens-perpass-appropriate-response-01
Jacob Appelbaum <jacob@appelbaum.net> Sat, 07 December 2013 10:47 UTC
Return-Path: <jacob@appelbaum.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1131F1AE2CB for <perpass@ietfa.amsl.com>; Sat, 7 Dec 2013 02:47:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.6
X-Spam-Level:
X-Spam-Status: No, score=-0.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FSL_HELO_BARE_IP_2=2, RCVD_IN_DNSWL_LOW=-0.7] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1dH_hnu26_co for <perpass@ietfa.amsl.com>; Sat, 7 Dec 2013 02:47:48 -0800 (PST)
Received: from mail-bk0-f48.google.com (mail-bk0-f48.google.com [209.85.214.48]) by ietfa.amsl.com (Postfix) with ESMTP id 490A41AD694 for <perpass@ietf.org>; Sat, 7 Dec 2013 02:47:48 -0800 (PST)
Received: by mail-bk0-f48.google.com with SMTP id v10so675117bkz.21 for <perpass@ietf.org>; Sat, 07 Dec 2013 02:47:43 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:mime-version:to:cc:subject :references:in-reply-to:openpgp:content-type :content-transfer-encoding; bh=D5aHl9DloO0QeGAGPngfcRBWSJmBxmFE22ZZnKO8SLg=; b=TJsmaqJW2vcepsNZkVLc67QzSPttpeZB2L24C/gHKRTorI5Fgr2QKtsajxR61Zlnlo T/9JYN4xVRMDVgbFHlAsf0vutn00yt0ONAk89oY1yqIrOOPuzdIxvzo7+1cHQdkWE66E 93PNrAsR4EWjt5etlslgDf7SWwiz2HWpZpmi110deWc0jCGSa+xRaFNyiNfmnhhidKfZ 1WS8+qfxdfQp9ka1J7zLDT6dsEKtz/famhkFluYV3mixGd7e+D7K5SONo8ysm4UJhtLm tCejClRvFvZNvq6F2h+orroDzxXue7XfjCkGZqI8v9EZ+JGIkW1aUvecQiupwRv4Lgtf dYww==
X-Gm-Message-State: ALoCoQnccwO1GBqDet7HTeGDQbgodaFGkk0+LO/zO2ZtKkghQ/u9TdQ1MNHocA3RIUNFQCO/+aPq
X-Received: by 10.205.12.10 with SMTP id pg10mr35379bkb.158.1386413263713; Sat, 07 Dec 2013 02:47:43 -0800 (PST)
Received: from 127.0.0.1 (1508890005.dhcp.dbnet.dk. [89.239.213.149]) by mx.google.com with ESMTPSA id sx5sm1572748bkb.0.2013.12.07.02.47.39 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 07 Dec 2013 02:47:42 -0800 (PST)
Message-ID: <52A2F46D.7080501@appelbaum.net>
Date: Sat, 07 Dec 2013 10:11:57 +0000
From: Jacob Appelbaum <jacob@appelbaum.net>
MIME-Version: 1.0
To: Bruce Perens <bruce@perens.com>
References: <529FB61A.7090604@perens.com> <529FBEF9.7030205@appelbaum.net> <529FC347.3080806@perens.com> <52A15835.2070901@cis-india.org> <52A21B80.8070005@mykolab.com> <52A21D1C.8020000@perens.com> <BC888A6F-F048-4BA6-92F4-8812753F8534@icsi.berkeley.edu> <52A2235A.2030801@perens.com> <ADD6858C-7548-479E-BB71-316E9C52F812@icsi.berkeley.edu> <c97f3134-eedf-44e1-880c-147efb172fc6@email.android.com> <CA+BZK2owfZuePi0kNe9ciVhpW95tSpwjq227u2jTj7ofc5kv-w@mail.gmail.com> <usl4a9lqfifltsv9gubnivpkkc5fufom58@hive.bjoern.hoehrmann.de> <AC664138-104F-47ED-B192-37968C549EF0@csail.mit.edu> <52A2D24F.4090505@perens.com>
In-Reply-To: <52A2D24F.4090505@perens.com>
OpenPGP: id=4193A197
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>, John Wroclawski <jtw@csail.mit.edu>
Subject: Re: [perpass] perens-perpass-appropriate-response-01
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Dec 2013 10:47:50 -0000
Bruce Perens: > John, > > Of course I have sympathy for all of those who have their human rights abridged, > and would not begrudge them the use of Tor, preferential https, or whatever > helps. Really? Where is your sympathy exactly? I am one of those who have my human rights abridged, as is everyone on this list, I might add. It is nearly impossible for me to protect myself, even with Tor, because nearly all services and systems are insecure in the face of specific attacker capabilities. Is your sympathy simply that you begrudgingly will allow us to protect ourselves from your (and my) spy agency, the NSA? Some sympathy! > I am not sanguine that encryption is any barrier to NSA due to the ASIC > issue previously discussed, but it might well be a barrier to religious > extremist oppressors, etc. Do you understand how the TURMOIL and TURBINE programs work? The first is a passive sensor system that does DPI (Deep Packet Inspection) and the second is an active sensor system that does DPI (Deep Packet Injection). The TURMOIL system is used for protocol classification and selector based surveillance. The TURBINE system takes actions, usually packet injections for Man-on-the-Side, based on the results of TURMOIL and similar systems. For any agency to build a system like TURMOIL, they must be able to scan the traffic in real time. The time to race a TCP connection is very small and as it stands, they do not win all of the time - latency of injection provides enough variance to stop QUANTUMINSERTION related attacks. Do you have any evidence that these systems use super computer, ASIC or FGPA based decryption techniques as part of the TURMOIL or TURBINE programs? It is clear that they do decryption from captured and stored data. It is also clear that they cannot store *everything* and so traffic analysis is part of how they decide what to store and thus how they are able to record the ciphertext for later attacks. Only basic traffic analysis resistance in common protocols will start to change this balance. This is part of how we will end massive surveillance of the internet. We will not end mass surveillance by keeping the current economic balance and the current social cost that is afforded to these spies and other criminals. > > The problem with security is that however much you have is never enough, because > there's always a new threat. And that is exactly why the United States is > pursuing a continuously increasing war in whiich surveilance and odious security > procedures only increase. And thus IETF will also end up on a continuously > increasing war in which odious security procedures only increase, in response. > This is false. A key problem here is that you refuse to acknowledge that well known, even practically solved problems, are a threat to the users of the internet. TLS for HTTP will reduce the attack surface of every computer from third party network based threats. We can very nearly eliminate these threats entirely and we can ensure that when the threat becomes reality, we may detect it and fail in a closed manner. > The next step after encrypting every web query is locking down the browser to > the "trusted platform" and insisting on identifying certificates for all users. > Our various corporate totalitarians are sure to want it, it already exists on > the iPhone and other DRM platforms, and will only get tighter. > This is a red herring and is also false. > So, this ends with the death of the open web. > The NSA has killed the open web as we know it. The Chinese "Great" firewall has killed the open web that most of China *never* knew anyway. > At some point, we have to draw a line and say this is enough, it doesn't really > protect us, it protects someone else at our expense. > The question I ask myself, Bruce, is if at some point, you're working to the benefit of someone else? You certainly don't seem to care about the common good in the face of real threats because of your privilege as a US citizen and your general arrogance rooted in other privileges. > Where do you propose to do that? Right after _this_ change? And when the next > proposal is to draw the line right after the _next_ change, and so on ad infinitum? > Attacks generally improve over time. We must iterate on protocols that have serious flaws and ensure that we defend against attackers. > So, I don't want to be forced onto this next security upgrade. I want to be able > to intelligently decide whether I need it and when, and to control whether I use > it, and when to dispense with it when it's being used for things that areck not in > my interest. > You're apparently not doing that now, why will you do that later? You're not being forced to do anything, are you? You could use HTTP 1.1 forever, right? Oh right, sometimes choice is removed! How does it feel to be like the rest of the world for just one moment? Sincerely, Jacob
- [perpass] perens-perpass-appropriate-response-01 Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… JOSEFSSON Erik
- Re: [perpass] perens-perpass-appropriate-response… Martin Millnert
- Re: [perpass] perens-perpass-appropriate-response… Stephane Bortzmeyer
- Re: [perpass] perens-perpass-appropriate-response… Hannes Tschofenig
- Re: [perpass] perens-perpass-appropriate-response… Yoav Nir
- Re: [perpass] perens-perpass-appropriate-response… S Moonesamy
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Theodore Ts'o
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Nicholas Weaver
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Nicholas Weaver
- Re: [perpass] perens-perpass-appropriate-response… Brian E Carpenter
- Re: [perpass] perens-perpass-appropriate-response… Jacob Appelbaum
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Martin Thomson
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Jacob Appelbaum
- Re: [perpass] perens-perpass-appropriate-response… Jacob Appelbaum
- Re: [perpass] perens-perpass-appropriate-response… Nicholas Weaver
- Re: [perpass] perens-perpass-appropriate-response… Andreas Kuckartz
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Brian E Carpenter
- Re: [perpass] perens-perpass-appropriate-response… Ted Lemon
- Re: [perpass] perens-perpass-appropriate-response… l.wood
- Re: [perpass] perens-perpass-appropriate-response… Jacob Appelbaum
- Re: [perpass] perens-perpass-appropriate-response… Jacob Appelbaum
- Re: [perpass] perens-perpass-appropriate-response… Phillip Hallam-Baker
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Ted Lemon
- Re: [perpass] perens-perpass-appropriate-response… Ted Lemon
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Jacob Appelbaum
- Re: [perpass] perens-perpass-appropriate-response… Ted Lemon
- Re: [perpass] perens-perpass-appropriate-response… Jacob Appelbaum
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Ted Lemon
- Re: [perpass] perens-perpass-appropriate-response… Jacob Appelbaum
- Re: [perpass] perens-perpass-appropriate-response… Stephane Bortzmeyer
- Re: [perpass] perens-perpass-appropriate-response… Joseph Lorenzo Hall
- Re: [perpass] perens-perpass-appropriate-response… Eliot Lear
- Re: [perpass] perens-perpass-appropriate-response… Pranesh Prakash
- Re: [perpass] Fwd: Re: perens-perpass-appropriate… Phillip Hallam-Baker
- Re: [perpass] perens-perpass-appropriate-response… SM
- Re: [perpass] perens-perpass-appropriate-response… Andreas Kuckartz
- Re: [perpass] perens-perpass-appropriate-response… Jacob Appelbaum
- [perpass] Egal wie man diskutiert (was: perens-pe… SM
- Re: [perpass] perens-perpass-appropriate-response… Paul Ferguson
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Nicholas Weaver
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Nicholas Weaver
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Nicholas Weaver
- Re: [perpass] Fwd: Re: perens-perpass-appropriate… Phillip Hallam-Baker
- Re: [perpass] perens-perpass-appropriate-response… Andreas Kuckartz
- Re: [perpass] perens-perpass-appropriate-response… Ralf Skyper Kaiser
- Re: [perpass] perens-perpass-appropriate-response… Bjoern Hoehrmann
- Re: [perpass] perens-perpass-appropriate-response… John Wroclawski
- [perpass] Using the abusrd isn't a compelling arg… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens
- Re: [perpass] perens-perpass-appropriate-response… Jacob Appelbaum
- Re: [perpass] perens-perpass-appropriate-response… Jacob Appelbaum
- Re: [perpass] perens-perpass-appropriate-response… Jacob Appelbaum
- Re: [perpass] perens-perpass-appropriate-response… Stephen Farrell
- Re: [perpass] perens-perpass-appropriate-response… Nicholas Weaver
- Re: [perpass] Egal wie man diskutiert Hannes Tschofenig
- [perpass] Fwd: Re: perens-perpass-appropriate-res… Bruce Perens
- [perpass] Fwd: Re: perens-perpass-appropriate-res… Bruce Perens
- Re: [perpass] Fwd: Re: perens-perpass-appropriate… Christian Huitema
- Re: [perpass] Fwd: Re: perens-perpass-appropriate… Nicholas Weaver
- Re: [perpass] Egal wie man diskutiert Phillip Hallam-Baker
- Re: [perpass] Egal wie man diskutiert Kent_Landfield
- Re: [perpass] Egal wie man diskutiert Phillip Hallam-Baker
- Re: [perpass] perens-perpass-appropriate-response… Robin Wilton
- Re: [perpass] perens-perpass-appropriate-response… Robin Wilton
- Re: [perpass] Fwd: Re: perens-perpass-appropriate… Stephen Farrell
- Re: [perpass] Fwd: Re: perens-perpass-appropriate… Hannes Tschofenig
- Re: [perpass] perens-perpass-appropriate-response… Albert Lunde
- Re: [perpass] perens-perpass-appropriate-response… Robin Wilton
- Re: [perpass] Fwd: Re: perens-perpass-appropriate… Stephen Kent
- Re: [perpass] Fwd: Re: perens-perpass-appropriate… Stephen Kent
- Re: [perpass] perens-perpass-appropriate-response… Dave Crocker
- Re: [perpass] perens-perpass-appropriate-response… Richard Barnes
- Re: [perpass] perens-perpass-appropriate-response… Dave Crocker
- Re: [perpass] perens-perpass-appropriate-response… Bruce Perens