IETF Logo Mail Archive

Re: [perpass] Violating end-to-end principle: I-D Action: draft-farrelll-mpls-opportunistic-encrypt-00.txt

Phillip Hallam-Baker <hallam@gmail.com> Thu, 16 January 2014 22:19 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E86DD1AD8DA for <perpass@ietfa.amsl.com>; Thu, 16 Jan 2014 14:19:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.399
X-Spam-Level:
X-Spam-Status: No, score=-3.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, GB_I_LETTER=-2, HTML_MESSAGE=0.001, J_CHICKENPOX_21=0.6, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xBZiGGKpH9H3 for <perpass@ietfa.amsl.com>; Thu, 16 Jan 2014 14:19:46 -0800 (PST)
Received: from mail-la0-x22f.google.com (mail-la0-x22f.google.com [IPv6:2a00:1450:4010:c03::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 37E5F1AD739 for <perpass@ietf.org>; Thu, 16 Jan 2014 14:19:46 -0800 (PST)
Received: by mail-la0-f47.google.com with SMTP id el20so516530lab.20 for <perpass@ietf.org>; Thu, 16 Jan 2014 14:19:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=DZ3TNaQhgRCcqAWITO0v20l8k2CoqmC4QgJYcPwcp6o=; b=Txh7hDNjQhkLrA2AW7RI6HgdXX4UKlLPMUMt6hXR90oS0tSmmZUcfFxtzZLuJ2pyqO +e6UPtu3X3bHJZWP0JdFTPr1m203i6H415lgvZV/k3l2rjxeuvHeeZ9qh5leSRAvmwR0 Z++So0+SQKFR7oKwfYHa6JHaWOArYgSeBZuIhN2sEG7awQuMR+VmscvW3zOncwNn42y1 jbQsp0EBXA0ZZ4gLOCe6aUvK9RVLEFrI9anDm78FSiyGfb+BR8tzeeyK8DgeujGVrV6F gaqc4Sj6TkKGm8l94W/IYNKt4uvOnpSYR/BBSNpHdOVvrifhyChwF7qTwp+OCuntKuBM mU3A==
MIME-Version: 1.0
X-Received: by 10.152.22.201 with SMTP id g9mr6469318laf.27.1389910773241; Thu, 16 Jan 2014 14:19:33 -0800 (PST)
Received: by 10.112.37.172 with HTTP; Thu, 16 Jan 2014 14:19:32 -0800 (PST)
In-Reply-To: <20140116192320.GD32098@thunk.org>
References: <04c001cf1123$7e5c00c0$7b140240$@olddog.co.uk> <CAMm+Lwj0r3PNoBC0Y1ydibD3piioZ57Z1Ks-Ea6o58xahjXKwQ@mail.gmail.com> <20140116192320.GD32098@thunk.org>
Date: Thu, 16 Jan 2014 17:19:32 -0500
Message-ID: <CAMm+Lwh9306PBjUR7iSUqQYEZNNQswxLZ92ri3D3fOpmWe8SzQ@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Theodore Ts'o <tytso@mit.edu>
Content-Type: multipart/alternative; boundary="089e0158c308e89d5e04f01dd174"
Cc: Adrian Farrel <adrian@olddog.co.uk>, perpass <perpass@ietf.org>, Stephen Kent <kent@bbn.com>
Subject: Re: [perpass] Violating end-to-end principle: I-D Action: draft-farrelll-mpls-opportunistic-encrypt-00.txt
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jan 2014 22:19:49 -0000

On Thu, Jan 16, 2014 at 2:23 PM, Theodore Ts'o <tytso@mit.edu> wrote:

> On Thu, Jan 16, 2014 at 09:57:07AM -0500, Phillip Hallam-Baker wrote:
> > End to end ideology in security is particularly harmful because there are
> > some security controls that are simply not compatible with end-to-end
> > approaches. You cannot protect against traffic or meta-data analysis
> > end-to-end.
>
> That may be true, but the alternative of edge-to-edge security is even
> worse.  Edge-to-edge security also doesn't protect against traffic or
> meta-data analysis, and upon receipt of a National Security Letter to
> your IMAP provider, doesn't protect the contents of your e-mail,
> either.
>
> So I don't see how claiming that striving for end-to-end security is
> "harmful".
>


Arguing for end to end security at the exclusion of transport models is
harmful.

Looking at NSLs as the attack paradigm is unwise as we don't currently have
any IETF countermeasure. Not PGP, not S/MIME, not STARTTLS. You are free to
propose one but it certainly won't be an end to end security solution
because the internet infrastructure that is routing packets and messages
needs to know the direction to send them in.

PGP and S/MIME are both unable to protect meta-data against an attacker
with intercept capability.

STARTTLS is unable to protect content against attack by a corrupt system
administrator.


To have comprehensive security we need both the End 2 End security to
protect the data at rest and the transport layer security to protect the
metadata in motion.

-- 
Website: http://hallambaker.com/

v2.23.0 | Report a Bug | By Email