Re: [saag] CNN Says: Encryption a growing threat to security
Nico Williams <nico@cryptonector.com> Tue, 04 August 2015 15:06 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA1BA1A0162 for <saag@ietfa.amsl.com>; Tue, 4 Aug 2015 08:06:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.334
X-Spam-Level:
X-Spam-Status: No, score=0.334 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y-1Aqn5rSRVH for <saag@ietfa.amsl.com>; Tue, 4 Aug 2015 08:06:21 -0700 (PDT)
Received: from homiemail-a111.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 401631A00FF for <saag@ietf.org>; Tue, 4 Aug 2015 08:06:17 -0700 (PDT)
Received: from homiemail-a111.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a111.g.dreamhost.com (Postfix) with ESMTP id C37742005E61F; Tue, 4 Aug 2015 08:06:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=Nw/w6V2tQHaJNq 0WRzhMtYzFSEk=; b=JMxyHR7Zw+KBEHRngyPxq3VaX1Kv2vy6EhNBvePj3S4cTy UC5yZnHA/bodAIpG5Me3bpSkaWvFj9Ae6RAlytqgKyBMVN+nX4kBaAhsn4avk5oz c+zM2kyBYhTluvEf6uaeIsddlrPVLGxJijjdR0fYmqc2IaebqXU3kXZS4UXLc=
Received: from localhost (108-207-244-174.lightspeed.austtx.sbcglobal.net [108.207.244.174]) (Authenticated sender: nico@cryptonector.com) by homiemail-a111.g.dreamhost.com (Postfix) with ESMTPA id 4FD352005E605; Tue, 4 Aug 2015 08:06:16 -0700 (PDT)
Date: Tue, 04 Aug 2015 10:06:15 -0500
From: Nico Williams <nico@cryptonector.com>
To: Yoav Nir <ynir.ietf@gmail.com>
Message-ID: <20150804150614.GR2957@localhost>
References: <29B747CA-4723-47B4-9588-A81A89DCEB07@gmail.com> <BLU406-EAS35078047FB794D725DA4A9093760@phx.gbl> <A075299C-9E98-4754-8840-2A02FA259E32@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <A075299C-9E98-4754-8840-2A02FA259E32@gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/sZHMx7PIjbdjPirWuVSz4xD3tAk>
Cc: Security Area Advisory Group <saag@ietf.org>
Subject: Re: [saag] CNN Says: Encryption a growing threat to security
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Aug 2015 15:06:23 -0000
On Tue, Aug 04, 2015 at 11:54:17AM +0300, Yoav Nir wrote: > The movie is not new but the text is. It specifically talks about > communications, giving email and messaging apps as examples. While the > encryption of messages in transit is not widely deployed on the > Internet, setting up even S/MIME or PGP among a small group is fairly > easy and overcoming it is hard. Small groups of people using S/MIME or PGP (encryption) is just a source of even more interesting metadata. 80% of e-mail traffic using S/MIME or PGP (encryption) would notionally reduce the ability of intel agencies to collect message plaintexts, but the metadata would still be plenty, and anyways, any e-mail infrastruction and MUA enhancements that could get us to such pervasive encryption would likely provide many MITM opportunities and other means of gathering data (think of CALEA, at least for sites like gmail and hosted domains -- no crypto backdoors, just forced access for LEAs). To me it seems like the impact of civilian crypto on intel agencies is mostly this: curtailing the amount of plaintext and metadata that can be massively gathered on web browsing. The web is perhaps the use case with the most pervasive civilian end-to-end crypto. Metadata is really where the game is at, and TLS + CDNs -> some opacity as to that, especially if we did something strong enough as to DNS privacy (though I suspect we won't). E-mail is store-and-forward, high-latency as a social medium, but the web is real-time. Applying CALEA-style legislation to web sites seems difficult. The encrypted web's higher opacity and technical difficulty of legal surveilance compared to e-mail's strikes me as the probable motivation for intel and LEA opposition to civilian crypto. Besides, CALEA doesn't help intel agencies much. This is all just speculation, mind you. Nico --
- [saag] CNN Says: Encryption a growing threat to s… Yoav Nir
- Re: [saag] CNN Says: Encryption a growing threat … Bernard Aboba
- Re: [saag] CNN Says: Encryption a growing threat … Yoav Nir
- Re: [saag] CNN Says: Encryption a growing threat … Bernard Aboba
- Re: [saag] CNN Says: Encryption a growing threat … Nico Williams