IETF Logo Mail Archive

Re: [perpass] tcpcrypt applicability (Was: Re: Violating end-to-end principle: I-D Action: draft-farrelll-mpls-opportunistic-encrypt-00.txt)

Phillip Hallam-Baker <hallam@gmail.com> Wed, 22 January 2014 16:40 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B21A1A014B for <perpass@ietfa.amsl.com>; Wed, 22 Jan 2014 08:40:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.701
X-Spam-Level:
X-Spam-Status: No, score=0.701 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XNeoNHfbFQ2I for <perpass@ietfa.amsl.com>; Wed, 22 Jan 2014 08:40:48 -0800 (PST)
Received: from mail-lb0-x235.google.com (mail-lb0-x235.google.com [IPv6:2a00:1450:4010:c04::235]) by ietfa.amsl.com (Postfix) with ESMTP id D98091A010D for <perpass@ietf.org>; Wed, 22 Jan 2014 08:40:47 -0800 (PST)
Received: by mail-lb0-f181.google.com with SMTP id z5so529663lbh.12 for <perpass@ietf.org>; Wed, 22 Jan 2014 08:40:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=13RJqY379qOVyr1sGuMhqJakEHqHbkv4cnRC3R8ubTA=; b=AZqnLHR/WEgkL6UPJR3NwPH9vglXfbQQCRenvEV3L685EXtLZ0JH3jtysM3eUnQHdX tA1/nJfeef7FGDqI8BV6PY2ai9KoKVpytoi4nNTH/ZU7GWAckvEnP9wOKvMkX1vtdYnZ QTFpBErQjsmkCrTB0oV8LIBonwzgrfwB4GgIpZ5XY58BQO/Nhzo2MMIZzOHthxq6FdGS ogNvZKwfiGPoRL1IbRyEwA7a4HMQSnfWUU5OdpAbn+An+wuEL5DTddwSSD3VYsCh1m8K 0BeQwNZRqHlpDYGKVdoVqRusj4XOd7Us5Dvn/+pv13vRevdUzE5CdLcX19fTCPXj9FvN DI4Q==
MIME-Version: 1.0
X-Received: by 10.152.116.4 with SMTP id js4mr1637578lab.53.1390408846499; Wed, 22 Jan 2014 08:40:46 -0800 (PST)
Received: by 10.112.37.172 with HTTP; Wed, 22 Jan 2014 08:40:46 -0800 (PST)
In-Reply-To: <52DFDA03.3060608@bbn.com>
References: <04c001cf1123$7e5c00c0$7b140240$@olddog.co.uk> <CAMm+Lwj0r3PNoBC0Y1ydibD3piioZ57Z1Ks-Ea6o58xahjXKwQ@mail.gmail.com> <20140116192320.GD32098@thunk.org> <52D84F68.7030100@cs.tcd.ie> <52DD3CAA.6010004@bbn.com> <52DD3E64.2000707@cs.tcd.ie> <52DD404B.1080705@bbiw.net> <CAMm+Lwh0Lm0NbTjAO0h4weUUQhi_oS230r6wxsE09Pc8enKoRw@mail.gmail.com> <52DE9174.7000504@bbn.com> <CAMm+Lwiy-TTt-tShH3KkJ_u+L8JXtOLpwx1zmtTy7Rq9G977PQ@mail.gmail.com> <52DEA0BF.3020507@bbn.com> <CAMm+LwiwssLsqkQH35LRsCP4Eo-7qB8y0t6W2T8XuMBx6mtUeA@mail.gmail.com> <52DFDA03.3060608@bbn.com>
Date: Wed, 22 Jan 2014 11:40:46 -0500
Message-ID: <CAMm+Lwg5cnF4PJHnNbui35FRX=X=R_Dw8+1DWMDCQLS61iQACw@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Stephen Kent <kent@bbn.com>
Content-Type: multipart/alternative; boundary="001a11c234a663640c04f091c982"
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] tcpcrypt applicability (Was: Re: Violating end-to-end principle: I-D Action: draft-farrelll-mpls-opportunistic-encrypt-00.txt)
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jan 2014 16:40:50 -0000

I find it rather interesting that someone who takes great offense when it
is pointed out that he works under contract to the NSA goes after people
for having a 'hidden' agenda.

If you want to start questioning people's ulterior or bought motives you
are sawing off a mighty fine branch there and its the one you are standing
on.

Is the reason that you are arguing against Omnibroker so hard because
someone in Fort Meade is getting nervous? Maybe they should, they had three
people come to see my first public talk on PRISM-PROOF email. Or is it
impolite for me to ask such questions because you are the only person
allowed to call people's motives into question?


I have made absolutely no secret of the fact that Omnibroker provides a
business model for CA like companies. In fact that is the basis on which I
have presented it to Symantec and McAfee and other anti-virus companies
precisely to solicit support. As far as I am aware, they are not
communists. Neither is my employer.

Changing the Internet is hard. You can't change it unless your scheme is
actually free or backed by a business model that covers the costs. I can't
remember at this stage whether I talk about the business model in part 1 or
2, I haven't got round to editing part 2 yet:

http://www.youtube.com/watch?v=PTKrt471vTU

I talk about business models because I understand that I can't change the
infrastructure alone. I need the help of Microsoft and Google and Apple and
Mozilla. And they are not likely to be interested in a business model that
only fits one provider.

What we need to get away from is the clueless business models of the past.
CAs add real value in the WebPKI but not very much to the MailPKI currently
which is why there isn't one, or rather isn't very much of one. A model
that makes CAs toll booth collectors before the road is built does not work.

But CAs can certainly add value to a MailPKI infrastructure once it reaches
critical mass. Today maybe 0.01% of Internet users know enough about crypto
to configure their systems securely themselves. That may rise to 5% or so
with training etc. That leaves a huge market for CAs. If a billion people
want to use crypto to protect themselves against the panicking generals
that run the NSA, we will find ways to make money.

The Open Source model works fine for many software products. Red Hat does
pretty well.

But we are taking a risk here. Comodo group has 155,000 paid, non expired
S/MIME certs right now. So changing the model could backfire on us. But
thats a risk we have decided to take.


On Wed, Jan 22, 2014 at 9:47 AM, Stephen Kent <kent@bbn.com> wrote:

> PHB,
>
> I'd respond to your comments if they were directly tied to specific
> statements
> I made. But, for the most part, they are so vague ...
>
> WRT Omnibroker, my comment was not based on key agreement being part of
> Omnibroker;
> it was an observation that your recent proposals all tend to focus on
> technologies that
> fit nicely into a model where you current employer could generate a
> revenue stream,
> as an extension of its current Web PKI CA model. I have not tracked the
> evolution
> of Omnibroker, as it is an individual submission. Since such submissions
> are
> not vetted, it's not generally worth my time to track them.
>
> Steve
>



-- 
Website: http://hallambaker.com/

v2.23.0 | Report a Bug | By Email