Re: [perpass] Violating end-to-end principle: I-D Action: draft-farrelll-mpls-opportunistic-encrypt-00.txt
Phillip Hallam-Baker <hallam@gmail.com> Fri, 17 January 2014 12:51 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE3061AE0A6 for <perpass@ietfa.amsl.com>; Fri, 17 Jan 2014 04:51:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.999
X-Spam-Level:
X-Spam-Status: No, score=-3.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, GB_I_LETTER=-2, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k0KzL5P1dS9B for <perpass@ietfa.amsl.com>; Fri, 17 Jan 2014 04:51:09 -0800 (PST)
Received: from mail-lb0-x229.google.com (mail-lb0-x229.google.com [IPv6:2a00:1450:4010:c04::229]) by ietfa.amsl.com (Postfix) with ESMTP id 7783E1ADF76 for <perpass@ietf.org>; Fri, 17 Jan 2014 04:51:09 -0800 (PST)
Received: by mail-lb0-f169.google.com with SMTP id q8so2999361lbi.0 for <perpass@ietf.org>; Fri, 17 Jan 2014 04:50:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=YLVRuWQU/ag+T4gfXyMY/ec6H+KaWPBUxPFGj4nKOBY=; b=wotxu7ErtQuXmgQpc5kgi+lr4P0dq7sokMzXll0mnYaJLAQDbfe1wQ5/RTd4WZkd+K 9ZJ8RWwVxagvATTK0Rg/gakFywf/FN75zthkSEviSBAsh/1xReH8mnb+GUC22lNxaVXM m4XDIWtawc5WWm/jgBQ+YqXmnEFpyZVgnSN9CM8IPljpqGq43Ls4OgB6rN3QO0cAzBZF M1egsVGAB8bLuKa2h1IG8tlB1ZOBpOACOe/0hPLrP/um7tQZdYRqqK2ArRJPnSS2baeo jAxO7JmyROkyCj+LbzYamOc4UzMuXSXuhbMy0oO4HGRUaCepN7XHIOzjP3dr+IgL0l+W jW4w==
MIME-Version: 1.0
X-Received: by 10.112.148.70 with SMTP id tq6mr949523lbb.40.1389963056305; Fri, 17 Jan 2014 04:50:56 -0800 (PST)
Received: by 10.112.37.172 with HTTP; Fri, 17 Jan 2014 04:50:56 -0800 (PST)
In-Reply-To: <021301cf134c$8bcc54a0$a364fde0$@huitema.net>
References: <04c001cf1123$7e5c00c0$7b140240$@olddog.co.uk> <CAMm+Lwj0r3PNoBC0Y1ydibD3piioZ57Z1Ks-Ea6o58xahjXKwQ@mail.gmail.com> <20140116192320.GD32098@thunk.org> <CAMm+Lwh9306PBjUR7iSUqQYEZNNQswxLZ92ri3D3fOpmWe8SzQ@mail.gmail.com> <021301cf134c$8bcc54a0$a364fde0$@huitema.net>
Date: Fri, 17 Jan 2014 07:50:56 -0500
Message-ID: <CAMm+LwgyFfXJ9p6vySF3m+W0y0CJL_iOLjHBgsJnZEKQWJj_ig@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Christian Huitema <huitema@huitema.net>
Content-Type: multipart/alternative; boundary="047d7b3a887238de4d04f029feab"
Cc: Adrian Farrel <adrian@olddog.co.uk>, perpass <perpass@ietf.org>, Theodore Ts'o <tytso@mit.edu>, Stephen Kent <kent@bbn.com>
Subject: Re: [perpass] Violating end-to-end principle: I-D Action: draft-farrelll-mpls-opportunistic-encrypt-00.txt
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jan 2014 12:51:12 -0000
On Fri, Jan 17, 2014 at 1:22 AM, Christian Huitema <huitema@huitema.net>wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > PGP and S/MIME are both unable to protect meta-data against an attacker > with intercept capability. > > > > STARTTLS is unable to protect content against attack by a corrupt system > administrator. > > > > To have comprehensive security we need both the End 2 End security to > protect the data at rest > > and the transport layer security to protect the metadata in motion. > > Well, yes, of course. But we also have to start somewhere. STARTTLS is > reasonably easy to deploy, and many mail services are either already > deploying it or are in the process of deploying it. The channel protection > with STARTTLS will not protect against compromised servers, and will not > prevent providers to comply with national security letters and other > subpoenas. But it will prevent the bulk collection of message headers by > tapping links, and that's a very good first step. > Which was my argument. Except that there is nothing STARTTLS or PGP or S/MIME can do against a national security letter demanding metadata from a server. So it is fine to use NSLs as an argument for doing more than STARTTLS, it is not an argument for doing PGP or S/MIME instead. The law authorizing NSLs does limit them to metadata in theory but we don't have any evidence to suggest that they are not widely abused and used for content and there are plenty of reasons to distrust agencies of a government that was engaged in torture under the previous administration. The SMTP SEND, RCPT (and to a lesser degree RFC822 header) data has to be public for the system to work. I think I have a scheme that sorts out the usability catastrophe and trust model limitations of the End to End model. What I was saying is that doing that does not eliminate the need for STARTTLS. We can discuss mechanisms for dealing with NSLs but I don't think that is productive until we have the E2E issue solved in practice rather than a large scale science project. A million users is not enough on a network with a billion users. My PPE scheme does provide a hole where someone can wire in a scheme that protects metadata and has protection against traffic analysis. But that isn't something I would make a priority at this stage. -- Website: http://hallambaker.com/
- [perpass] Violating end-to-end principle: I-D Act… Adrian Farrel
- Re: [perpass] Violating end-to-end principle: I-D… Phillip Hallam-Baker
- Re: [perpass] Violating end-to-end principle: I-D… Joseph Lorenzo Hall
- Re: [perpass] Violating end-to-end principle: I-D… Theodore Ts'o
- Re: [perpass] Violating end-to-end principle: I-D… Dave Crocker
- Re: [perpass] Violating end-to-end principle: I-D… Stephen Farrell
- Re: [perpass] Violating end-to-end principle: I-D… Phillip Hallam-Baker
- Re: [perpass] Violating end-to-end principle: I-D… Christian Huitema
- Re: [perpass] Violating end-to-end principle: I-D… Phillip Hallam-Baker
- Re: [perpass] Violating end-to-end principle: I-D… Stephen Kent
- [perpass] tcpcrypt applicability (Was: Re: Violat… Stephen Farrell
- Re: [perpass] tcpcrypt applicability (Was: Re: Vi… Dave Crocker
- Re: [perpass] tcpcrypt applicability (Was: Re: Vi… Phillip Hallam-Baker
- Re: [perpass] tcpcrypt applicability (Was: Re: Vi… Stephen Kent
- Re: [perpass] tcpcrypt applicability (Was: Re: Vi… Phillip Hallam-Baker
- Re: [perpass] tcpcrypt applicability (Was: Re: Vi… Stephen Kent
- Re: [perpass] tcpcrypt applicability (Was: Re: Vi… Phillip Hallam-Baker
- Re: [perpass] tcpcrypt applicability (Was: Re: Vi… Stephen Kent
- Re: [perpass] tcpcrypt applicability (Was: Re: Vi… Phillip Hallam-Baker
- [perpass] Increasingly strange thread (was: .... … Leif Johansson
- Re: [perpass] Increasingly strange thread (was: .… Scott Brim
- Re: [perpass] tcpcrypt applicability (Was: Re: Vi… Stephen Kent