Re: Request for Authenticated but not Encrypted Traffic

[Phillip Hallam-Baker <phill@hallambaker.com>]

I don't think it is helpful to use pejorative language in technical
discussions. A backdoor is by definition secret to the party being observed.

We went through this whole mess with key escrow which people treated as the
spawn of Satan and as a result, we have no viable standard for securing
data at rest because if you are going to encrypt valuable data, being
absolutely sure you can decrypt it if required is actually a much bigger
concern than disclosure.

I did develop a mechanism that allows for verifiable selective access which
Comodo may or may not be applying for a patent on. Dan Harkins also has
work in that area. The reason that I didn't raise them earlier is that my
latest work on RUD which is designed to go beyond TLS security provides an
effective means of bypassing any controls of that type so the patent claims
are probably moot.


RUD is designed to defeat traffic analysis and censorship so the entire
packet payload is encrypted, including the stream and flow data. A
connection can also be established with a reserved prefix to support
steganography and address extension.

So a connection can say 'start the RUD payload at byte 32' and those bytes
can then be used to add a phony QUIC header to bypass IRG/FSB/etc packet
inspection. Alternatively, it could be a fixed prefix negotiated with a
carrier grade NAT system to effectively extend the IPv4 address space
without going to IPv6.

RUD does not have to be a standard to provide a means of rendering
verifiable observability moot, it just needs to have one implementation.


On Fri, Sep 30, 2022 at 4:38 AM Randy Armstrong (OPC) <
randy.armstrong@opcfoundation.org> wrote:

>
>    - I think the key point here is that sometimes observability is a
>    feature and not a bug.  This is particularly important in
>    industrial/critical infrastructure.  That observability can be achieved in
>    many ways.  One question is whether the observability itself should itself
>    be authorized.
>
> Putting backdoors into protocols is not equivalent to letting applications
> decide to skip encryption.
>
> A backdoor is like giving law enforcement codes to break into a cellphone
> and hoping that they will never abuse the power or the codes will never
> fall into the hands of criminals. Letting applications decide is equivalent
> to an owner of a cellphone choosing not to lock their screen because they
> decide there is nothing that needs protecting.
>
> IOW, the fact that some users might be willing to live with the risk of a
> compromised system by allowing for backdoors is not a reason to refuse to
> allow other users to make a decision send data in clear text when and only
> when they decide it is safe.
>