Re: [perpass] Fwd: New Version Notification for draft-barnes-pervasive-problem-00.txt
Watson Ladd <watsonbladd@gmail.com> Tue, 07 January 2014 03:08 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 453051AE3E1 for <perpass@ietfa.amsl.com>; Mon, 6 Jan 2014 19:08:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OX8sl2Py8Q5o for <perpass@ietfa.amsl.com>; Mon, 6 Jan 2014 19:08:32 -0800 (PST)
Received: from mail-wg0-x231.google.com (mail-wg0-x231.google.com [IPv6:2a00:1450:400c:c00::231]) by ietfa.amsl.com (Postfix) with ESMTP id 3D3171AE3E0 for <perpass@ietf.org>; Mon, 6 Jan 2014 19:08:32 -0800 (PST)
Received: by mail-wg0-f49.google.com with SMTP id x12so16266507wgg.4 for <perpass@ietf.org>; Mon, 06 Jan 2014 19:08:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=aiBQaJOjb7n6k2w3f1RiYQ36sUqvPvgsp/EGTY96CyM=; b=c1ZdeC3v60InWTFDkhsT5yKH8OdejY+SU5grY1k9qns1tPfTjod0N/bQquOWFoPGo+ XZp9TLB6Iko3j19F6xzdq1PE+arXb6uf5F2dE+ukZKVF3P9DS6bIMk34Zzt9gNXAw1pf /Nd81RTp9XJIhVmZEDEm+GWg3dn9fNg12C8V5QpMZWjIuEeSbcjsO/CtGk5Dn5nbxOPW avnkyb93kGcUz38FWAL4qpNyCihIsK/Ykt+JAayphOX1jj8V3bsdV6GMbkFPLwNPq0GY KJazhkoufUAzLpcj+qZwLNkeqxugCTJ70sYbd2dEjN1rLhqlz+Rn8RgvLm/B5eaPNgna PYaw==
MIME-Version: 1.0
X-Received: by 10.195.13.234 with SMTP id fb10mr5913807wjd.50.1389064103029; Mon, 06 Jan 2014 19:08:23 -0800 (PST)
Received: by 10.194.242.131 with HTTP; Mon, 6 Jan 2014 19:08:22 -0800 (PST)
In-Reply-To: <CAL02cgRsBQNYd2n05548ZbK-ciPkSNJ=U2V0iv+080p9-1gQbA@mail.gmail.com>
References: <20140107021702.7140.81609.idtracker@ietfa.amsl.com> <CAL02cgRsBQNYd2n05548ZbK-ciPkSNJ=U2V0iv+080p9-1gQbA@mail.gmail.com>
Date: Mon, 06 Jan 2014 19:08:22 -0800
Message-ID: <CACsn0cnpDJcz7df5DWFZd4U8sFKDXX3d1+4cno9kWaLK+vWusg@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Richard Barnes <rlb@ipv.sx>
Content-Type: text/plain; charset="UTF-8"
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] Fwd: New Version Notification for draft-barnes-pervasive-problem-00.txt
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jan 2014 03:08:35 -0000
On Mon, Jan 6, 2014 at 6:24 PM, Richard Barnes <rlb@ipv.sx> wrote: > Dear PERPASS, > > Stephen asked me to take a stab at a problem statement for PERPASS. With > some help from Bruce, Cullen, and Ted, the results have just been published > as draft-barnes-pervasive-problem-00. > > In general, this draft tries to outline at a technical level what we mean by > pervasive attack, and what the high level mitigations are. > > Comments welcome! Minor quibble: Intermediate nodes can also be active attackers, e.g. an ISP could insert fake email for its customers. At a higher level this draft feels overly removed from the real problem: users assumptions about what is public on the Internet have frequently been violated, even when technical measures to address these issues exist. This gets mentioned in passing, but should be front and centre. The NSA is not the only organisation doing this: Saudi Arabia, the UK, China, Ethiopia, France all have major monitoring systems in place that can only work because of how weak the core protocols of the internet are against manipulation. (And let's not forget the Pakistani ISP that accidentally knocked Youtube offline) Also, BGP tricks mean that anyone can be local. The point should be very simple: no more cleartext, authenticate everything, limit authority, and produce an audit trail for when things go wrong. Now let's see if we can do more about it than the CRYPTO '13 rump session accomplished.[1] Sincerely, Watson Ladd [1] For those who are unfamiliar: http://www.youtube.com/watch?v=cVUIk6nXVcw is the best statement of the issue and the solution. > > Thanks, > --Richard > > > > ---------- Forwarded message ---------- > From: <internet-drafts@ietf.org> > Date: Mon, Jan 6, 2014 at 9:17 PM > Subject: New Version Notification for draft-barnes-pervasive-problem-00.txt > To: Cullen Jennings <fluffy@cisco.com>, Ted Hardie <ted.ietf@gmail.com>, > Bruce Schneier <schneier@schneier.com>, Richard Barnes <rlb@ipv.sx> > > > > A new version of I-D, draft-barnes-pervasive-problem-00.txt > has been successfully submitted by Richard Barnes and posted to the > IETF repository. > > Name: draft-barnes-pervasive-problem > Revision: 00 > Title: Pervasive Attack: A Threat Model and Problem Statement > Document date: 2014-01-06 > Group: Individual Submission > Pages: 23 > URL: > http://www.ietf.org/internet-drafts/draft-barnes-pervasive-problem-00.txt > Status: > https://datatracker.ietf.org/doc/draft-barnes-pervasive-problem/ > Htmlized: http://tools.ietf.org/html/draft-barnes-pervasive-problem-00 > > > Abstract: > Documents published in 2013 have revealed several classes of > "pervasive" attack on Internet communications. In this document, we > review the main attacks that have been published, and develop a > threat model that describes these pervasive attacks. Based on this > threat model, we discuss the techniques that can be employed in > Internet protocol design to increase the protocols robustness to > pervasive attacks. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > > > _______________________________________________ > perpass mailing list > perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass > -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin
- [perpass] Fwd: New Version Notification for draft… Richard Barnes
- Re: [perpass] Fwd: New Version Notification for d… Paul Lambert
- Re: [perpass] Fwd: New Version Notification for d… Richard Barnes
- Re: [perpass] Fwd: New Version Notification for d… Watson Ladd
- Re: [perpass] Fwd: New Version Notification for d… Richard Barnes
- Re: [perpass] Fwd: New Version Notification for d… Linus Nordberg
- Re: [perpass] Fwd: New Version Notification for d… Stephen Farrell
- Re: [perpass] Fwd: New Version Notification for d… Eliot Lear
- Re: [perpass] Fwd: New Version Notification for d… Paul Lambert
- Re: [perpass] Fwd: New Version Notification for d… Paul Lambert
- Re: [perpass] Fwd: New Version Notification for d… Stefan Winter
- Re: [perpass] Fwd: New Version Notification for d… Eliot Lear
- Re: [perpass] New Version Notification for draft-… Sean Turner
- Re: [perpass] Fwd: New Version Notification for d… Stephen Farrell
- Re: [perpass] Fwd: New Version Notification for d… joel jaeggli
- Re: [perpass] Fwd: New Version Notification for d… Martin Thomson
- Re: [perpass] Fwd: New Version Notification for d… Stefan Winter