IETF Logo Mail Archive

Re: [perpass] Howdy!

Dean Willis <dean.willis@softarmor.com> Fri, 06 September 2013 01:24 UTC

Return-Path: <dean.willis@softarmor.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F138921E8092 for <perpass@ietfa.amsl.com>; Thu, 5 Sep 2013 18:24:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.392
X-Spam-Level:
X-Spam-Status: No, score=-102.392 tagged_above=-999 required=5 tests=[AWL=0.207, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JYGNa0K2-jI7 for <perpass@ietfa.amsl.com>; Thu, 5 Sep 2013 18:24:01 -0700 (PDT)
Received: from mail-ob0-x235.google.com (mail-ob0-x235.google.com [IPv6:2607:f8b0:4003:c01::235]) by ietfa.amsl.com (Postfix) with ESMTP id 0C70711E8129 for <perpass@ietf.org>; Thu, 5 Sep 2013 18:24:00 -0700 (PDT)
Received: by mail-ob0-f181.google.com with SMTP id dn14so2796104obc.26 for <perpass@ietf.org>; Thu, 05 Sep 2013 18:24:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softarmor.com; s=google; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=mB3V8e3HlUn7GKnE8JG/rnwWPDJucAqldp1pVedNzyM=; b=ax5eh5heTmVkgjnhbBq1Aq1lyONNKBXsdV4fGMpltgYnRzA5fkLHql2zypWpvkR6Y8 ttERCCCxQ8K1n9ZA+D/f6NAbTN4J83/bTC0G071RJfBAvKSD+TzLLHSl9DrNLIhDpEII iCCshvqsk4S0Sz65st2W7iT7K0InGGY4oOu+I=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=mB3V8e3HlUn7GKnE8JG/rnwWPDJucAqldp1pVedNzyM=; b=WDmzQqytvc7swckKJnKSusH8HkyVenmG9Opg1u0BP42ICSZ4JB5G1yaHmYXrVkuGHg axdPHI+FNdHzC36PXuqIl9nqtVd9WbWcJRccANxw/c+b98JdN5CHIkzJcn62gaYUjVGw /zls+Ets+ru80loizMOWMSzuSS545RyUMBBkfyqByTZq0ySmVcJbeAMF0ZWytTHuhifo lMxPlh18E4cWH4qA5pUTZjB/zZIW4Yua/Dpmll19E41lApnHWuJT95EhBhkfzsg2lLwj zqJUqyiJLWjm+8faOJpPZ/a0CxaLXyCBNf54E9/F9ZSnuWaClixxC8BR+2QRDdMHuA1g rEXw==
X-Gm-Message-State: ALoCoQmNFHFhP7/s7jBXTYMDyOxuZWg0PLXqf1IcP2Xm/pveSXTsEKdbF4Hc97x+OkqcpbJ6pePE
X-Received: by 10.60.131.3 with SMTP id oi3mr37343oeb.104.1378430640340; Thu, 05 Sep 2013 18:24:00 -0700 (PDT)
Received: from [192.168.2.112] (cpe-72-181-157-19.tx.res.rr.com. [72.181.157.19]) by mx.google.com with ESMTPSA id u3sm69156oeq.3.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 05 Sep 2013 18:23:59 -0700 (PDT)
Content-Type: text/plain; charset="iso-8859-1"
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: Dean Willis <dean.willis@softarmor.com>
In-Reply-To: <5224DF25.60503@cs.tcd.ie>
Date: Thu, 05 Sep 2013 20:23:58 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <7C92613E-33E8-48A6-A152-E9DBB29DEC04@softarmor.com>
References: <CAOHm=4ujOYTHO63EFWMYJBgxUWq00zezYKAJ8B4Vgf_C=xRRVg@mail.gmail.com> <5224DF25.60503@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.1508)
Cc: perpass@ietf.org
Subject: Re: [perpass] Howdy!
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2013 01:24:02 -0000

On Sep 2, 2013, at 1:55 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:

> 
> So, given you've been thinking about this for maybe longer than most
> I'm wondering if you have any specific protocol changes or additions
> you'd suggest, or descriptions of new threat models that could be useful
> to WGs developing or maintaining protocols? IMO, things like that would
> be most useful for now.
> 

I think there are a couple of principles that we need to adopt IETF-wide.

Part of the definition of "good Internet citizen" for a protocol or application is that not only does that protocol/application include anti-surveillance principles for itself, but that it helps OTHER protocols avoid surveillance. Surveillance-resistance is MORE IMPORTANT than optimizing transport efficiency.

So, a couple of rules, probably badly organized:

1) Everything SHOULD be encrypted, unless there is an absolute operational requirement not to. This means "encryption by default" in new protocols, and not even specifying unencrypted operations modes unless necessary. Older protocol specs still in use should be revised to require encryption. Deprecate the non "s" versions of protocols.

2) Well-known ports should be avoided. Or overloaded to the point where the port number is no longer a significant indicator to the application. This gives rise to the "everything over 443" mentality, which we need to find a way to handle gracefully. Demuxing the service within the channel is a better idea than I used to think.

3) Packet sizes should be variable, preferably random. This is the opposite of the "discover the MTU and fill every packet" model of efficiency. Or, we could make all packets the same fixed size by padding small ones. I like random better, but there might well be some hardware optimizations around fixed packet sizes.

4) Every protocol spec needs to include a pseudonymous usage model, and most should include an anonymous usage model.

5) New protocols should be built around end-to-end crypto rather than relying on transport-level wrappers for everything. It's too easy to use a compromised CA-cert to dynamically build a TLS proxy cert. Some level of key delivery out-of-band, coupled to in-band footprint verification, is probably needed. zRTP is a good model.

6) Randomizing interpacket timing is useful. This does all sorts of horrible things to both TCP optimization and the jitter buffers in real-time communications. But it's worth it. Remember, surveillance-resistance is MORE IMPORTANT than efficiency.

7) Peer-to-peer, DTN, and peer-relay (TURN, for example) all have lessons we should learn. So does TOR.

8) Every piece of crypto-advice needs serious, multiparty, international, and aggressive review. No more documents authored by NSA shills (which Schneier says we seem to have).

--
Dean

v2.23.0 | Report a Bug | By Email