Re: [perpass] Commnets on draft-farrell-perpass-attack-00 was RE: perens-perpass-appropriate-response-01
Hannes Tschofenig <hannes.tschofenig@gmx.net> Wed, 04 December 2013 23:31 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF30A1A1F7C for <perpass@ietfa.amsl.com>; Wed, 4 Dec 2013 15:31:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.309
X-Spam-Level:
X-Spam-Status: No, score=-0.309 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_PAST_03_06=1.592, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hkumNQt7Lr1G for <perpass@ietfa.amsl.com>; Wed, 4 Dec 2013 15:31:36 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) by ietfa.amsl.com (Postfix) with ESMTP id 6D5291ADED9 for <perpass@ietf.org>; Wed, 4 Dec 2013 15:31:36 -0800 (PST)
Received: from [192.168.10.130] ([2.102.217.110]) by mail.gmx.com (mrgmx003) with ESMTPSA (Nemesis) id 0LqzIJ-1V9lxv08MV-00edgG for <perpass@ietf.org>; Thu, 05 Dec 2013 00:31:32 +0100
Message-ID: <529F7690.2050302@gmx.net>
Date: Wed, 04 Dec 2013 18:38:08 +0000
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.1
MIME-Version: 1.0
To: l.wood@surrey.ac.uk, ted.lemon@nominum.com
References: <290E20B455C66743BE178C5C84F1240847E5103799@EXMB01CMS.surrey.ac.uk>, <2C66A416-5F07-4803-A4C0-BB61734BA42E@nominum.com> <290E20B455C66743BE178C5C84F1240847E510379A@EXMB01CMS.surrey.ac.uk>
In-Reply-To: <290E20B455C66743BE178C5C84F1240847E510379A@EXMB01CMS.surrey.ac.uk>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:e/pD7uSmBzEeW8ZAefOeYonzbbSsuE019q1yUNTjlIhpWt4WC5q OvMONAlIUBcL+hQjQJLzvZG0PCzUWAywJG0CWRGsch6UZeG36NPVLYLJS5V/XAEI/ZRxs87 J09tnDzbIXybWDzBLOLLFujGcwZRrqqqVlm8Waqc0ANowriKO/nOu5pKc/Ytuy988qS8Dav VaQR3L3ztlsR1GWcaqltw==
Cc: perpass@ietf.org, ietf@ietf.org, bruce@perens.com, ietf-http-wg@w3.org
Subject: Re: [perpass] Commnets on draft-farrell-perpass-attack-00 was RE: perens-perpass-appropriate-response-01
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Dec 2013 23:31:38 -0000
Hi Lloyd, On 12/04/2013 10:55 PM, l.wood@surrey.ac.uk wrote: > I see you ignore the DRM point. I don't understand your DRM point to be honest. It also does not seem to be relevant to this conversation. DRM standards have not been been developed in the IETF either. draft-farrell-perpass-attack-00 does not specific solutions (which it states in the document). If your argument is that security adds complexity to protocols then that's certainly true. The other option would be not to have security in protocols at all to make them "more lightweight". Do you seriously think that this is useful option (even before the NSA revelations)? If your argument is that security problems on the Internet should be solved via legal / regulatory ways then please go ahead an make these proposals. Obviously, the IETF would be the wrong forum to do that. I am sure the European Commission, for example, is interested to listen to your proposals and will immediately issue new proposals for regulation. It would be great if those you think that there are regulatory solutions would in fact then work on those rather than just having technically minded people who push problems around. If your argument is aging cryptographic algorithms require software to be updated then let me tell you that software gets updated even for functionality reasons. Do you think that all the software updates you get for you smart phone apps are only security fixes? There are, however, many software updates that relate to security vulnerabilities. My approach would, however, be to incorporate software update mechanisms into products (which is what pretty everyone in the industry seems to be doing) instead. While this is largely a non-IETF issue it would still be interesting to hear whether you have other suggestions. Your suggestions to do more interoperability testing sounds reasonable to me. I have been involved in interoperability tests myself (and even organized a few). Those tend to have a different focus, namely to provide feedback about whether the implementations interpreted the specs correctly. Penetration testing is what you would typically do to discover security vulnerabilities. We typically don't do those (at least not that I have heard). As such, I would rather seen them as a orthogonal effort (which many in the IETF are involved in already anyway). Are you suggesting that we should also do penetration testing? Please also note that "security" is not a monolithic block, as you can see from RFC 3552. In various discussions with you I got the impression that you dislike security in general. That can hardly be true since I am sure you like some of the security features in there as well. For example, you might find authentication a pretty cool concept to avoid others accessing your email account. Ciao Hannes
- [perpass] Commnets on draft-farrell-perpass-attac… l.wood
- Re: [perpass] Commnets on draft-farrell-perpass-a… Ted Lemon
- Re: [perpass] Commnets on draft-farrell-perpass-a… Bruce Perens
- Re: [perpass] Commnets on draft-farrell-perpass-a… Phillip Hallam-Baker
- Re: [perpass] Commnets on draft-farrell-perpass-a… l.wood
- Re: [perpass] Commnets on draft-farrell-perpass-a… Ted Lemon
- Re: [perpass] Commnets on draft-farrell-perpass-a… Theodore Ts'o
- Re: [perpass] Commnets on draft-farrell-perpass-a… Hannes Tschofenig
- Re: [perpass] Commnets on draft-farrell-perpass-a… Bruce Perens
- Re: [perpass] Commnets on draft-farrell-perpass-a… Bruce Perens
- Re: [perpass] Commnets on draft-farrell-perpass-a… Mark Nottingham
- Re: [perpass] Commnets on draft-farrell-perpass-a… Bruce Perens
- Re: [perpass] Commnets on draft-farrell-perpass-a… Jacob Appelbaum
- Re: [perpass] Commnets on draft-farrell-perpass-a… Bruce Perens
- Re: [perpass] Commnets on draft-farrell-perpass-a… Jacob Appelbaum
- Re: [perpass] Commnets on draft-farrell-perpass-a… Phillip Hallam-Baker
- Re: [perpass] Commnets on draft-farrell-perpass-a… Bruce Perens
- Re: [perpass] Commnets on draft-farrell-perpass-a… Stephane Bortzmeyer
- Re: [perpass] Commnets on draft-farrell-perpass-a… Josh Howlett
- Re: [perpass] Commnets on draft-farrell-perpass-a… Stephen Farrell
- Re: [perpass] Commnets on draft-farrell-perpass-a… Josh Howlett
- Re: [perpass] Commnets on draft-farrell-perpass-a… Stephen Farrell
- Re: [perpass] Commnets on draft-farrell-perpass-a… Josh Howlett
- Re: [perpass] Commnets on draft-farrell-perpass-a… Stephen Farrell
- [perpass] Tiny stacks Brian E Carpenter
- Re: [perpass] Tiny stacks Richard Barnes
- Re: [perpass] Tiny stacks Robin Wilton
- Re: [perpass] Tiny stacks Paul Ferguson
- Re: [perpass] Tiny stacks Hannes Tschofenig
- [perpass] Way forward? [Was: Tiny stacks] Martin Millnert
- Re: [perpass] Tiny stacks Brian E Carpenter
- Re: [perpass] Tiny stacks Phillip Hallam-Baker
- Re: [perpass] Tiny stacks Richard Barnes
- Re: [perpass] Tiny stacks Martin Thomson
- Re: [perpass] Tiny stacks Stephen Farrell
- Re: [perpass] Tiny stacks Richard Barnes
- Re: [perpass] Tiny stacks Bjoern Hoehrmann
- Re: [perpass] Tiny stacks Richard Barnes
- Re: [perpass] Tiny stacks Stephen Farrell
- Re: [perpass] Tiny stacks Stephen Farrell
- Re: [perpass] Tiny stacks Brian E Carpenter
- Re: [perpass] Tiny stacks Phillip Hallam-Baker
- Re: [perpass] Tiny stacks Stephen Farrell
- Re: [perpass] Tiny stacks Phillip Hallam-Baker
- Re: [perpass] Tiny stacks Robin Wilton
- Re: [perpass] Tiny stacks Joseph Lorenzo Hall
- Re: [perpass] Tiny stacks Scott Brim
- Re: [perpass] Tiny stacks Scott Brim
- Re: [perpass] Tiny stacks Phillip Hallam-Baker
- Re: [perpass] Tiny stacks Dean Willis