IETF Logo Mail Archive

Re: [Tcpcrypt] Initial questions

ianG <iang@iang.org> Thu, 19 June 2014 10:09 UTC

Return-Path: <iang@iang.org>
X-Original-To: tcpcrypt@ietfa.amsl.com
Delivered-To: tcpcrypt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A1D81A00DA for <tcpcrypt@ietfa.amsl.com>; Thu, 19 Jun 2014 03:09:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r4t-7xzAXvWe for <tcpcrypt@ietfa.amsl.com>; Thu, 19 Jun 2014 03:09:48 -0700 (PDT)
Received: from virulha.pair.com (virulha.pair.com [209.68.5.166]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 710EB1A00BF for <tcpcrypt@ietf.org>; Thu, 19 Jun 2014 03:09:48 -0700 (PDT)
Received: from tormenta.local (iang.org [209.197.106.187]) by virulha.pair.com (Postfix) with ESMTPSA id 20AA66D602; Thu, 19 Jun 2014 06:09:44 -0400 (EDT)
Message-ID: <53A2B6E7.9030500@iang.org>
Date: Thu, 19 Jun 2014 11:09:43 +0100
From: ianG <iang@iang.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: tcpcrypt@ietf.org
References: <CACXcFmmQCgTu6-QLJZdH8Q+ZST97ugoTaUWCUV0S6AWsjvCGfg@mail.gmail.com> <CAHOTMVLvF2+1GX6B44XpvpJb0Zwu7p51pyh8-9_hjQQr2nxjPg@mail.gmail.com>
In-Reply-To: <CAHOTMVLvF2+1GX6B44XpvpJb0Zwu7p51pyh8-9_hjQQr2nxjPg@mail.gmail.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpcrypt/wsIV3EAiFECZ9FmKLdykUZD2Gmg
Subject: Re: [Tcpcrypt] Initial questions
X-BeenThere: tcpcrypt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpcrypt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpcrypt/>
List-Post: <mailto:tcpcrypt@ietf.org>
List-Help: <mailto:tcpcrypt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jun 2014 10:09:53 -0000

On 18/06/2014 22:20 pm, Tony Arcieri wrote:
> On Wed, Jun 18, 2014 at 2:15 PM, Sandy Harris <sandyinchina@gmail.com
> <mailto:sandyinchina@gmail.com>> wrote:
> 
>     Why on Earth do these have "When encryption is enabled"?
> 
> 
>  "Every once in a while, someone not an NSA employee, but who had
>   longstanding ties to NSA, would make a suggestion that reduced privacy
>   or security, but which seemed to make sense when viewed by people who
>   didn't know much about crypto. For example, using the same IV
>   (initialization vector) throughout a session, rather than making a new
>   one for each packet. Or, retaining a way to for this encryption
>   protocol to specify that no encryption is to be applied."
> 
>     -- John Gilmore 



The problem with this view is that we can also do the same things to
ourselves, without the need of hints from the NSA.  If you take a big
room of experts, they've all got their hobby horses, their pet wishes.
The sum total of those pet features would result in a non-working
protocol, and half of those pet features would result in a mess --
perhaps working, sometimes secure.

Having said that, in this fertile ground, it is certainly easy for
groups like the NSA to influence and tilt certain directions.  But we
shouldn't be so quick to blame them.  It is the job of spooks to
interfere, and it is we that are at fault first and foremost by
providing a target-rich environment.



iang

v2.23.0 | Report a Bug | By Email