[Cryptography] Boing Boing pushing an RSA Conference boycott
ianG
iang at iang.org
Wed Jan 15 14:57:07 EST 2014
Hi steve,
On 15/01/14 15:26 PM, Stephen Farrell wrote:
>
>
> On 01/15/2014 11:15 AM, ianG wrote:
>> Hi Steve,
>>
>> I beg to differ!
>
> Fair enough.
>
>> Yes. Why is anon-dh there in TLS but not covering the planet?
>
> Yep, a good question. And one I can't answer. I don't
> recall if the SSL surveys count servers that can do
> anon-dh ciphersuites but that'd be a start.
>
>>> Anyway, if you want to change the IETF then you can do that
>>> simply by being involved.
>>
>> "Getting involved" is the reason why TLS opportunistic encryption is not
>> covering the planet.
>
> There we disagree again. I figure most people didn't
> want anon-dh because they wanted at least web server
> authentication
We disagree :) Most people didn't have a clue what they wanted, or what
they meant by security. They just wanted security, in a 6-pack, and at
the discount price please.
The reason people wanted web server authentication was that they were
told that's what they wanted.
A long long long time ago we worked out that this was a fallacy. Now we
can show it with even better numbers, with risk analysis.
For your ordinary non-finance site, what's the likelihood of
eavesdropping and what's the likelihood of MITM (for which we want
authentication)?
Eavesdropping: 100% (thanks, NSA!)
MITM: 0% (to many extra zeros.)
Not wanting anon-dh on all HTTP means either you do not understand the
economics of security or it means you're a marketing droid.
Wait, that's not fair, I never did the economics! OK here goes:
Likelihood Cost
Eavesdropping: 100% (tx, NSA)) Free (unmeasurable)
MITM: 0% (.00000..) $100 per server
(proper risk analysis would multiply those numbers out, but we can see
where this is going... Zero is good that way.)
> and we also wasted a lot of time on
> trying to push TLS client auth, which was probably
> more of a disconnect between security folks and
> (web) application developers. Anyway, I don't think
> there is one single reason for pretty much anything
> as complex as what does or does not get widely
> deployed.
Oh, there is no one simple factor. But there are driving forces that
push the factors around.
>> We've been here so many times. OK, so here's what's going to happen.
>
> [...maybe-realistic pessimism elided;-) ...]
Do you remember what happened in the late 1990s with the IETF
announcements that strong crypto was the only answer? Servers and
browsers are still shipping 40 bit crypto... Compatibility is a far
bigger force or factor than IETF monthly memes.
> Perhaps you're right, and maybe I'm naive, but I think
> we should try nonetheless. I guess we'll see how it
> comes out in a few years. If I'm right I hope things
> will be variously better. If I'm wrong it'll be more
> or less the status quo or worse, but I think that last
> is the inevitable outcome if we take your approach
> and don't engage.
>
> All that said, the IETF is just one bit of the whole
> thing, so working outside that context is just as
> valid.
Yes, so the real action is in Bitcoin, in p2p, and out there in the
startups. The security models that matter to ordinary people aren't
found in the IETF WGs, they are found in Skype (dammit), in Facebook
(security? wot security?) in snapchat, in gmail, and the gogglecenters.
We should still try to fix the ones we have: get HTTP over to
opportunistic encryption of some form, up the ladder, get more sites up
to authenticated as and when they judge it right to pay the price.
We should try, but this is all terrifically old stuff. Most of the
people on this forum are already nodding off, we are too old for
repeated arguments and lost battles...
Maybe it really is up to a new generation, like the bitcoin borg? Hmmm,
no, their idea of security is ...
iang
More information about the cryptography
mailing list