Re: [Uta] opportunistic keying / encryption considered of dubious value
Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 17 March 2014 14:56 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8F3E1A02EE for <uta@ietfa.amsl.com>; Mon, 17 Mar 2014 07:56:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.447
X-Spam-Level:
X-Spam-Status: No, score=-2.447 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.547] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 80lrKDdITZcK for <uta@ietfa.amsl.com>; Mon, 17 Mar 2014 07:56:19 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 4BA481A02DF for <uta@ietf.org>; Mon, 17 Mar 2014 07:56:19 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id BA165BE8A; Mon, 17 Mar 2014 14:56:10 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id us3TuhFft4L0; Mon, 17 Mar 2014 14:56:09 +0000 (GMT)
Received: from [10.87.48.11] (unknown [86.42.22.156]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id F0F85BE59; Mon, 17 Mar 2014 14:56:08 +0000 (GMT)
Message-ID: <53270D09.6030805@cs.tcd.ie>
Date: Mon, 17 Mar 2014 14:56:09 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Keith Moore <moore@network-heretics.com>, Yan Zhu <yan@eff.org>
References: <53249D4E.2080104@network-heretics.com> <5324ECFC.2050004@akr.io> <53256D07.7020005@network-heretics.com> <5325AEB2.9070804@mnt.se> <5325B3E7.3060508@network-heretics.com> <5326271D.40107@eff.org> <532660F5.908@cs.tcd.ie> <5326A9BD.90108@network-heretics.com>
In-Reply-To: <5326A9BD.90108@network-heretics.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/uta/SjoijIfYXhlOt7_CFuNf_w9zHVQ
Cc: uta@ietf.org, Leif Johansson <leifj@mnt.se>
Subject: Re: [Uta] opportunistic keying / encryption considered of dubious value
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Mar 2014 14:56:22 -0000
Keith, Please point out *anywhere* that I have said that passive attacks are the only thing to worry about, or where I have said that pervasive monitoring is the only attack to worry about. You will not find that since I have repeatedly said the opposite. PM is one more thing to worry about, but is one where we've (security eggheads like me) previously not done a very good job. That plus the news fully explains the current focus. And that's blatantly obvious. And (hopefully) lastly, I have no clue as to why you started this thread if you believe that "Absolutely we do know that ciphertext, even between unauthenticated parties, is better than plaintext." OK/OE-has-value follows immediately from that. S. On 03/17/2014 07:52 AM, Keith Moore wrote: > On 03/16/2014 10:41 PM, Stephen Farrell wrote: >> Cost/benefit is gibberish. The main PM attacker here is government who >> care less about costs and are willing to construe benefits to justify >> the spent-cost. ISTM far more credible to assume that the attacker >> here cares nothing about costs and would actually prefer higher costs >> in order to assist with empire building. > > I think we do ourselves (and the Internet community) a disservice to > assume that there's just one (kind of) attacker against whom we need to > defend. >> Nonsense says me with exactly as much evidence as you, i.e. none. >> >> However, I do additionally have some evidence - we know that >> ciphertext != plaintext and we have many reports from credible sources >> that plaintext helps pervasive monitoring a lot. And in fact that >> is logically as plain as the noses on all our faces. >> >> That kind of "if we do something, some other bad thing may happen" >> argument is utterly bogus IMO. > > It's not utterly bogus to realize that attackers who apparently have few > constraints on their funding are going to keep attacking even if they > have to spend more money to do it. Nor is it even that difficult to > understand what their next steps are likely to be. > > Absolutely we do know that ciphertext, even between unauthenticated > parties, is better than plaintext. There's no question about that, and > I don't see anyone arguing that we shouldn't try to raise the bar. > What we don't know is whether that kind of ciphertext will deter the > well-funded major-state-supported SIGINT organization, to any > significant degree, over the long term. And while that's not the only > kind of threat that we're concerned about, it is one of them. >> If we do nothing, then the current bad things will just keep on >> happening, but increasingly on behalf of more and more bad actors >> as others jump on NSA and GCHQ's bandwagon. > > I don't see anyone advocating doing nothing, so I'm not sure why you're > saying this. >> >> There are many news releases that imply that plaintext is either >> the meat for their monitoring or else is required for launching >> a man on the side attack. >> >> There is no evidence so far that I know of that indicates that >> MITM attacks against even moderately well implemented crypto can >> be done at anything similar in scale. Do correct me in detail >> if I am wrong. > If the only threat you're concerned about involves intercepting fibers > that carry huge amounts of traffic, I'd agree - MITM attacks against all > of the traffic in that fiber there are very hard to implement. But I > don't see any reason to assume that those are the only threats against > which we need to be concerned. > >> >> There is an abundance of evidence that endpoint authentication >> is a sufficient barrier to make turning on crypto too hard for >> enough folks for that to be important. > > Do I misunderstand you, or are you really arguing that we don't need to > do any more than defend against passive attacks? > > Keith > > _______________________________________________ > Uta mailing list > Uta@ietf.org > https://www.ietf.org/mailman/listinfo/uta >
- [Uta] opportunistic keying / encryption considere… Keith Moore
- Re: [Uta] opportunistic keying / encryption consi… Watson Ladd
- Re: [Uta] opportunistic keying / encryption consi… Keith Moore
- Re: [Uta] opportunistic keying / encryption consi… Paul Hoffman
- Re: [Uta] opportunistic keying / encryption consi… Keith Moore
- Re: [Uta] opportunistic keying / encryption consi… Michael Richardson
- Re: [Uta] opportunistic keying / encryption consi… Keith Moore
- Re: [Uta] opportunistic keying / encryption consi… Michael Richardson
- Re: [Uta] opportunistic keying / encryption consi… Keith Moore
- Re: [Uta] opportunistic keying / encryption consi… Yan Zhu
- Re: [Uta] opportunistic keying / encryption consi… Stephen Farrell
- Re: [Uta] opportunistic keying / encryption consi… Alyssa Rowan
- Re: [Uta] opportunistic keying / encryption consi… Olle E. Johansson
- Re: [Uta] opportunistic keying / encryption consi… Keith Moore
- Re: [Uta] opportunistic keying / encryption consi… Leif Johansson
- Re: [Uta] opportunistic keying / encryption consi… Alan Johnston
- Re: [Uta] opportunistic keying / encryption consi… Keith Moore
- Re: [Uta] opportunistic keying / encryption consi… Keith Moore
- Re: [Uta] opportunistic keying / encryption consi… Yan Zhu
- Re: [Uta] opportunistic keying / encryption consi… Daniel Kahn Gillmor
- Re: [Uta] opportunistic keying / encryption consi… Keith Moore
- Re: [Uta] opportunistic keying / encryption consi… Stephen Farrell
- Re: [Uta] opportunistic keying / encryption consi… Keith Moore
- Re: [Uta] opportunistic keying / encryption consi… Michael Richardson
- [Uta] getting back to UTA and injecting clue (was… Eliot Lear
- Re: [Uta] opportunistic keying / encryption consi… Salz, Rich
- Re: [Uta] opportunistic keying / encryption consi… Alyssa Rowan
- Re: [Uta] opportunistic keying / encryption consi… Olle E. Johansson
- Re: [Uta] opportunistic keying / encryption consi… Daniel Kahn Gillmor
- Re: [Uta] opportunistic keying / encryption consi… Alyssa Rowan
- Re: [Uta] opportunistic keying / encryption consi… Alyssa Rowan
- Re: [Uta] opportunistic keying / encryption consi… Stephen Farrell
- Re: [Uta] getting back to UTA and injecting clue Stephen Farrell
- Re: [Uta] opportunistic keying / encryption consi… Stephen Farrell
- Re: [Uta] getting back to UTA and injecting clue … Olle E. Johansson
- Re: [Uta] opportunistic keying / encryption consi… Keith Moore
- Re: [Uta] opportunistic keying / encryption consi… Orit Levin (LCA)
- Re: [Uta] opportunistic keying / encryption consi… Rick Andrews
- Re: [Uta] opportunistic keying / encryption consi… Stephen Farrell
- Re: [Uta] opportunistic keying / encryption consi… Trevor Perrin
- Re: [Uta] opportunistic keying / encryption consi… Stephen Farrell
- Re: [Uta] opportunistic keying / encryption consi… Trevor Perrin
- Re: [Uta] opportunistic keying / encryption consi… Watson Ladd
- Re: [Uta] opportunistic keying / encryption consi… Christian Huitema
- Re: [Uta] opportunistic keying / encryption consi… t.p.
- Re: [Uta] opportunistic keying / encryption consi… Adam Langley
- Re: [Uta] opportunistic keying / encryption consi… t.p.
- Re: [Uta] getting back to UTA and injecting clue Peter Saint-Andre
- Re: [Uta] getting back to UTA and injecting clue Peter Saint-Andre
- Re: [Uta] getting back to UTA and injecting clue Alexey Melnikov
- Re: [Uta] getting back to UTA and injecting clue Leif Johansson