Re: [perpass] Securing VoIP in the Presence of Pervasive Monitoring
Marc Petit-Huguenin <marc@petit-huguenin.org> Mon, 09 September 2013 16:15 UTC
Return-Path: <marc@petit-huguenin.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 730D221F9FBE for <perpass@ietfa.amsl.com>; Mon, 9 Sep 2013 09:15:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ofqc1RVIXF8L for <perpass@ietfa.amsl.com>; Mon, 9 Sep 2013 09:15:46 -0700 (PDT)
Received: from implementers.org (implementers.org [IPv6:2604:3400:dc1:41:216:3eff:fe5b:8240]) by ietfa.amsl.com (Postfix) with ESMTP id 9F20421E805F for <perpass@ietf.org>; Mon, 9 Sep 2013 08:56:17 -0700 (PDT)
Received: from [IPv6:2601:9:4bc0:13:60af:d04b:5e82:55bc] (unknown [IPv6:2601:9:4bc0:13:60af:d04b:5e82:55bc]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "Marc Petit-Huguenin", Issuer "implementers.org" (verified OK)) by implementers.org (Postfix) with ESMTPS id CA5AD20454; Mon, 9 Sep 2013 17:55:51 +0200 (CEST)
Message-ID: <522DEF86.3030609@petit-huguenin.org>
Date: Mon, 09 Sep 2013 08:55:50 -0700
From: Marc Petit-Huguenin <marc@petit-huguenin.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130821 Icedove/17.0.8
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <522D863F.10903@gmx.net> <87ioyaz0xg.fsf@nordberg.se> <522DB47D.5080400@gmx.net> <CAOHm=4ugJox1dop2_SQPzum-9i8svF=2A+7+j5x7oC45AmifiQ@mail.gmail.com> <6C08F669-75F6-441B-A7C5-85C0DBD8DB07@brianrosen.net> <522DE999.9010100@cs.tcd.ie>
In-Reply-To: <522DE999.9010100@cs.tcd.ie>
X-Enigmail-Version: 1.5.1
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: Hannes Tschofenig <hannes.tschofenig@gmx.net>, Linus Nordberg <linus@nordberg.se>, perpass@ietf.org, Dean Willis <dean.willis@softarmor.com>, Brian Rosen <br@brianrosen.net>
Subject: Re: [perpass] Securing VoIP in the Presence of Pervasive Monitoring
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Sep 2013 16:15:47 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 09/09/2013 08:30 AM, Stephen Farrell wrote: > > Hi Brian, Dean, > > RELOAD [1] is a bit of a gigantic spec though but I agree could be > promising in this space. I wonder if anyone might be interested enough to > write a draft saying how to use RELOAD to be more privacy friendly? I wrote a draft adapting some of the ideas of TOR to RELOAD: http://tools.ietf.org/html/draft-petithuguenin-p2psip-reload-anonymous-02 That was presented in Atlanta: http://www.ietf.org/proceedings/85/slides/slides-85-p2psip-1.pdf Interestingly the reason for this draft was not end-user privacy, but to prevent commercial entities to discovers competitors' customers in the context of VIPR. > > I've no idea if that'd be easy or a huge amount of effort for someone who > already knows the protocol, but I'm pretty sure it'd be a major task for > someone starting from scratch. > > S. > > [1] http://tools.ietf.org/wg/p2psip/draft-ietf-p2psip-base/ > > On 09/09/2013 04:09 PM, Brian Rosen wrote: >> I'm still worried about the role of the enrollment server. If it got >> compromised, then mischief would be possible (you may not know who you >> are talking to). I think MITM would be hard. >> >> I think we need to come up with a new way to come up with credentials >> that is less dependent on servers that are subject to co-opting by the >> authorities. >> >> It's a HECK of a lot better than conventional VoIP though. >> >> Brian >> >> On Sep 9, 2013, at 10:46 AM, Dean Willis <dean.willis@softarmor.com> >> wrote: >> >>> I think we can mostly get there with RELOAD, but the implementations >>> are still pretty early. >>> >>> On Sep 9, 2013 6:53 AM, "Hannes Tschofenig" <hannes.tschofenig@gmx.net> >>> wrote: Hi Linus, >>> >>> thanks for the comments. >>> >>> I have indeed skipped that topic. I will have to read into the Mumble >>> project to see what security and privacy guarantees it provides. >>> >>> My current conclusion from using VoIP/IM systems without using Tor is >>> that you cannot really protect against collecting this transaction data >>> (i.e., you have to at least trust the two VSPs, our own and then the >>> VSP of your communication partner). While you can influence routing of >>> the data traffic to a certain extend it does not work too well when >>> your VSP is working against you. >>> >>> With IM you could at least set up your own server (e.g., by using an >>> XMPP server) but with VoIP that's more complicated because nobody else >>> will accepted your connection attempts (as explained in the >>> interconnection part of my write-up). >>> >>> I will come back to you on that issue. >>> >>> Ciao Hannes >>> >>> >>> On 09.09.2013 14:31, Linus Nordberg wrote: Hannes >>> Tschofenig<hannes.tschofenig@gmx.net> wrote Mon, 09 Sep 2013 11:26:39 >>> +0300: >>> >>> | http://www.tschofenig.priv.at/wp/?p=997 | | It contains a number of >>> recommendations, which are addressed to VoIP | providers and vendors >>> but have to be enforced by data protection | authorities. | | The >>> recommendations unfortunately highlight some challenges... >>> >>> Indeed. And still, I miss any mention on protection against collecting >>> data about who's talking to who. >>> >>> Without claiming any expertise at all in this area, the closest thing >>> to something implementing this that I've heard of is Mumble over Tor. >>> Mumble [0] is not standardised AFAICT. The Guardian Project wrote [1] >>> about this earlier this year. Some people seem to use it [2]. >>> >>> [0] https://en.wikipedia.org/wiki/Mumble_%28software%29 [1] >>> https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/Mumble >>> [2] >>> https://guardianproject.info/2013/01/31/anonymous-cb-radio-with-mumble-and-tor/ - -- >>> Marc Petit-Huguenin Email: marc@petit-huguenin.org Blog: http://blog.marc.petit-huguenin.org Profile: http://www.linkedin.com/in/petithug -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBCAAGBQJSLe90AAoJECnERZXWan7Es9IQAMoFgmtizT8jr/3B6QiD2v7B wKAGTMCW13MdiTXPBl7hOR2gLTwNzDDA4GYGe0o+HMLKCvaIvLeV8W0CnNdFBRll LXPxiTAm5A6t+aNTOi5Bl+GhA/ilvJZjXAyOHC8rUbhdIK46VQTNoEBixGIaC+BK /n6+1qngQ7FMxktSwBzpHcxU5ACm0UM0jU7bGS1xACVgxJyBxGg3tk818lYD+4P9 mMlOC/vp/bNdYoOlBq0IaTpcAKuLWme3xsfavaTG7zk5PQHhfgs9ZWkx0YYSUepk z3tDeKM54/8OB4ZXgfWWBvAOd4gaquH3CXmX1rr4saqE5lrtc49meYzPwU9thn2J iSGet3/K+3PylgG5gmKtNzyk4cp4MBV+If1ypsy9k1T3I93eaV7YV2r0+Xs3q+tw oVTQrKr6oISDlEDfj1/O9CHoF7RflN88dXHI+ZBn/hzLKAAb73/qlyZ5QAP4L1dK xxMrTob0X/ZPO9lVZc6kAZVcgfRJqNkBNG5kfqr18Fh1+5Apeek370ta/4SSQI8X 7PmQFSyE7rZbphkEZxdpz2Dyncss5arbakyLgd3i2ekSC44AX5pf/B8z/li69YHA Bu3QwfwYZWdKUseaPoyYaE6VqDndiOTHOxc04/XaJogARbZCg59fkQgArtOBPATw IwJcEkoA7TOI+YFLKTXK =/F/b -----END PGP SIGNATURE-----
- [perpass] Securing VoIP in the Presence of Pervas… Hannes Tschofenig
- Re: [perpass] Securing VoIP in the Presence of Pe… Linus Nordberg
- Re: [perpass] Securing VoIP in the Presence of Pe… Hannes Tschofenig
- Re: [perpass] Securing VoIP in the Presence of Pe… Dean Willis
- Re: [perpass] Securing VoIP in the Presence of Pe… Brian Rosen
- Re: [perpass] Securing VoIP in the Presence of Pe… Stephen Farrell
- Re: [perpass] Securing VoIP in the Presence of Pe… Marc Petit-Huguenin
- Re: [perpass] Securing VoIP in the Presence of Pe… Marc Petit-Huguenin
- Re: [perpass] Securing VoIP in the Presence of Pe… Brian Rosen
- Re: [perpass] Securing VoIP in the Presence of Pe… Scott Brim
- Re: [perpass] Securing VoIP in the Presence of Pe… SM
- Re: [perpass] Securing VoIP in the Presence of Pe… Hannes Tschofenig
- Re: [perpass] Securing VoIP in the Presence of Pe… Brian Rosen
- [perpass] Mumble project .... Re: Securing VoIP i… Hannes Tschofenig
- Re: [perpass] Securing VoIP in the Presence of Pe… Hannes Tschofenig
- Re: [perpass] . Re: Securing VoIP in the Presence… Olle E. Johansson
- Re: [perpass] Securing VoIP in the Presence of Pe… Olle E. Johansson
- Re: [perpass] Securing VoIP in the Presence of Pe… Hadriel Kaplan
- Re: [perpass] Securing VoIP in the Presence of Pe… Dean Willis