Re: [perpass] perens-perpass-appropriate-response-01

Nicholas Weaver <nweaver@icsi.berkeley.edu> Fri, 06 December 2013 19:31 UTC

Return-Path: <nweaver@icsi.berkeley.edu>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9B561AE053 for <perpass@ietfa.amsl.com>; Fri, 6 Dec 2013 11:31:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.302
X-Spam-Level:
X-Spam-Status: No, score=-1.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_14=0.6, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JU3Y6NJ0YZYg for <perpass@ietfa.amsl.com>; Fri, 6 Dec 2013 11:31:28 -0800 (PST)
Received: from rock.ICSI.Berkeley.EDU (rock.ICSI.Berkeley.EDU [192.150.186.19]) by ietfa.amsl.com (Postfix) with ESMTP id A8BC81AD84D for <perpass@ietf.org>; Fri, 6 Dec 2013 11:31:28 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1]) by rock.ICSI.Berkeley.EDU (Postfix) with ESMTP id E791B2C400B; Fri, 6 Dec 2013 11:31:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at ICSI.Berkeley.EDU
Received: from rock.ICSI.Berkeley.EDU ([127.0.0.1]) by localhost (maihub.ICSI.Berkeley.EDU [127.0.0.1]) (amavisd-new, port 10024) with LMTP id HkwzqsTbDIMN; Fri, 6 Dec 2013 11:31:24 -0800 (PST)
Received: from [192.168.0.4] (nweaver-monitored-ap.icir.org [192.150.187.133]) (Authenticated sender: nweaver) by rock.ICSI.Berkeley.EDU (Postfix) with ESMTP id 4CE6A2C4004; Fri, 6 Dec 2013 11:31:24 -0800 (PST)
Content-Type: multipart/signed; boundary="Apple-Mail=_1DEFFF13-372B-4D1D-B00F-F034F52100A9"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Nicholas Weaver <nweaver@icsi.berkeley.edu>
In-Reply-To: <52A2235A.2030801@perens.com>
Date: Fri, 6 Dec 2013 11:31:23 -0800
Message-Id: <ADD6858C-7548-479E-BB71-316E9C52F812@icsi.berkeley.edu>
References: <E2DA1477-C86E-441E-A33D-D47A0D67AFF3@iab.org> <EF9BD1E4-6EF3-4035-AC4E-1A2D3CADE615@mnot.net> <529E8494.7000806@perens.com> <20131204111309.GB11727@nic.fr> <529F61D8.6030105@perens.com> <20131204171207.GC19914@thunk.org> <529F63C0.3040804@perens.com> <529F88AC.3090904@appelbaum.net> <529F90A0.8000706@perens.com> <529F9205.30906@appelbaum.net> <529F98C0.9090808@perens.com> <529F9F14.8050805@appelbaum.net> <529FB61A.7090604@perens.com> <529FBEF9.7030205@appelbaum.net> <529FC347.3080806@perens.com> <52A15835.2070901@cis-india.org> <52A21B80.8070005@mykolab.com> <52A21D1C.8020000@perens.com> <BC888A6F-F048-4BA6-92F4-8812753F8534@icsi.berkeley.edu> <52A2235A.2030801@perens.com>
To: Bruce Perens <bruce@perens.com>
X-Mailer: Apple Mail (2.1510)
Cc: perpass@ietf.org, Nicholas Weaver <nweaver@icsi.berkeley.edu>
Subject: Re: [perpass] perens-perpass-appropriate-response-01
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Dec 2013 19:31:29 -0000

On Dec 6, 2013, at 11:19 AM, Bruce Perens <bruce@perens.com> wrote:

> On 12/06/2013 10:58 AM, Nicholas Weaver wrote:
>> Include a checkbox in the browser saying "Fuck it all, show my data to the world" which broadcasts the session key in the clear.
> I know you intended this to be sarcastic, but opting out of the concealment society does not mean that the user doesn't have the sense to conceal things when it is actually necessary, vs. when it is in their honest opinion an off-the-scale response to the problem.
> 
> Punishing them by revealing their credit card numbers is not an appropriate response to their wanting to load static images, javascripts, and CSS in the clear.

Then make the checkbox "Fuck it all, show my data to the world IF THE SERVER CONSENTS", and have the leakage require both the server and client.  I'm not kidding here. 


Cleartext without data integrity is a outright risk on the current and future Internet.  I don't care about surveillance.  (Well, I do, but...).   What I care about is attack surface for exploitation, an attack surface that is enormous, easy to use, and hey, the US government said "Game on!", and where everyone else can say "It wasn't me.  And hey, even if it was, you started it, sauce pour l'oie..."  


Especially for "javascripts and CSS" which you seem so happy to pass in the clear:  You let an attacker see a SINGLE ONE of your cleartext JavaScript or CSS fetches and you are FUBAR.  Game over, you're p0wned, have a nice day.


--
Nicholas Weaver                  it is a tale, told by an idiot,
nweaver@icsi.berkeley.edu                full of sound and fury,
510-666-2903                                 .signifying nothing
PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc