IETF Logo Mail Archive

Re: [perpass] Tiny stacks

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 10 December 2013 00:19 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0E091ADFA1 for <perpass@ietfa.amsl.com>; Mon, 9 Dec 2013 16:19:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Pux7PYQHXwr for <perpass@ietfa.amsl.com>; Mon, 9 Dec 2013 16:19:28 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 036841ADFC1 for <perpass@ietf.org>; Mon, 9 Dec 2013 16:19:28 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id B7AD1BE4C; Tue, 10 Dec 2013 00:19:22 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z9XJ1JjGqcCE; Tue, 10 Dec 2013 00:19:19 +0000 (GMT)
Received: from [10.87.48.12] (unknown [86.42.25.130]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 2DF19BE4D; Tue, 10 Dec 2013 00:19:18 +0000 (GMT)
Message-ID: <52A65DFB.7080603@cs.tcd.ie>
Date: Tue, 10 Dec 2013 00:19:07 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.1
MIME-Version: 1.0
To: Richard Barnes <rlb@ipv.sx>, Bjoern Hoehrmann <derhoermi@gmx.net>
References: <290E20B455C66743BE178C5C84F1240847E510379D@EXMB01CMS.surrey.ac.uk> <52A4D7D9.9000603@cs.tcd.ie> <52A4E412.4030804@gmail.com> <72B86100-E73E-46BD-ABD6-8E35D56DBDDA@cisco.com> <52A61E4C.6020403@gmail.com> <52A62E98.2060705@gmx.net> <52A63CF9.7020303@gmail.com> <CAL02cgRYNNC7Emx=98a621PTPHDweLRTc=wjVhpRo-5yhVD=-Q@mail.gmail.com> <CABkgnnWX+=7Ui28RKNhN5_mwg9Sd3SbE1d4gvj7mUUXFO-ze3w@mail.gmail.com> <CAL02cgRs69O4NueRCBjea1tdCw5mXNUQcfNeZFhGN58HjS4dvQ@mail.gmail.com> <oskca9lv8fj2ijfb5cf1dhh03bnn7e0tv4@hive.bjoern.hoehrmann.de> <CAL02cgTM12r1WsdKE0Ngduf+uFB_inpseopaZ_FOgBCD5oMqeg@mail.gmail.com>
In-Reply-To: <CAL02cgTM12r1WsdKE0Ngduf+uFB_inpseopaZ_FOgBCD5oMqeg@mail.gmail.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
Cc: perpass <perpass@ietf.org>, Martin Thomson <martin.thomson@gmail.com>
Subject: Re: [perpass] Tiny stacks
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Dec 2013 00:19:30 -0000

On 12/10/2013 12:07 AM, Richard Barnes wrote:
> On Mon, Dec 9, 2013 at 6:46 PM, Bjoern Hoehrmann <derhoermi@gmx.net> wrote:
> 
>> * Richard Barnes wrote:
>>> I'm thinking of things like these...
>>
>>> <http://bgr.com/2013/11/20/lg-smart-tv-spying/>
>>>
>>> ... which do not seem like RFC-able things (so, the latter).  Both are
>> poor
>>> design decisions; the first not applying authentication/authorization, and
>>> the second, well, just epically failing. What are you going to do, require
>>> someone to set a jumper for DNT?
>>
>>   An LG Smart TV owner in the United Kingdom has shockingly discovered
>>   that his device is sending unencrypted data over Wi-Fi containing TV
>>   watching habits, as well as file names from external storage units
>>   hooked up to the TV to an LG website, even though the TV’s privacy
>>   settings should have prevented such behavior.
>>
>> Next device this data will be sent encrypted, with the keys and the
>> software secured by the TV's "DRM" system so Smart TV owners will no
>> longer be able to find out about such problems.
>>
> 
> That actually seems like kind of a compelling rationale for
> authentication-only modes (as Bruce suggested) -- so we the network owners
> can see what our devices are doing.  It's isomorphic to the enterprise
> case, but a little more intuitive for we end users.

I disagree. As Bjorn says the device manuf will encrypt
next time no doubt irrespective of whatever HTTP does,
perhaps using the JS WebCrypto API;-)

May as well encrypt the HTTP then since you'll need to
spot the badness via traffic analysis yourself! (Only
kidding, the always-encrypt-HTTP argument isn't that
simple and should be rehashed here:-)

But yes, the privacy-unfriendly behaviour of our devices
and service providers is a major deal. I don't think that
justifies arguments to give up our privacy to everyone in
between though.

S

> 
> --Richard
> 
> 
> 
>> --
>> Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
>> Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
>> 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
>>
> 
> 
> 
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
>

v2.23.0 | Report a Bug | By Email