[Cryptography] The role of the IETF in security of the Internet: for or against the NSA? for or against the security of users of the net?
iang at iang.org
Mon Mar 17 21:29:06 EDT 2014
On 17/03/2014 23:15 pm, Nico Williams wrote:
> On Sun, Mar 16, 2014 at 9:49 AM, ianG <iang at iang.org> wrote:
>> Let's assume the following tactics of the NSA in their meta-goal of
>> owning the net :
>> 1. make sure that only very few people used cryptography.
> The crypto wars ended eons ago.
And, we lost. The Clinton decision was a stroke of strategic genius by
the NSA. However, reasonable people may disagree on this point.
>> 2. make it spectacularly complex to use.
> Security has always been spectacularly hard.
>> 3. channel all users of crypto through TTPs.
> Over in the real world we want to scale, which is why we use TTPs. It
> sucks, but then, Internet commerce is sooo nice. We all want to buy
> or sell stuff (goods, services), trading with perfect strangers, yet
> we have some expectations of legal support. Well, it's difficult to
> scale beyond your immediate circle of friends and family without TTPs.
> That's also true offline. And sure, the TTPs can MITM you. Well,
> yeah, it's the price you pay. You can do all sorts of things to make
> it harder on the TTPs to screw you over, but you as long as you have
> the introduction problem and you want to scale, you'll have TTPs to
> kick around.
That's all received wisdom. I'm not sure there is any evidence for it
being necessary and the only solution. Yes, it's done, and it is
mandated by IETF/CABForum/Vendors. That doesn't make it right.
>> This is where the IETF has played the NSA game. Thanks to the IETF's WG
>> platform of bringing together industry players, the emphasis is on
>> protecting only *those who use the product*. Which meant that anyone
>> not using the product was irrelevant. According to IETF unwritten
>> policy, as enforced by industry players, everyone had to pay the price
>> of admission in order to be considered worthy of protection.
> How much experience do you have in the IETF? What you say does not
> reflect the reality I inhabit.
The old appeal to authority, sure. Some, not a lot, but enough in that
process and other like processes to understand the structure.
Obviously if my view has some merit, there isn't a lot of point
investing in it, so the notion that "I should just try harder" does
rather fall flat -- to me.
> Later you say:
> On Mon, Mar 17, 2014 at 7:01 AM, ianG <iang at iang.org> wrote:
>> On 16/03/2014 21:58 pm, Bill Frantz wrote:
>>> On 3/16/14 at 7:49 AM, iang at iang.org (ianG) wrote:
>>>> This is where the IETF has played the NSA game. Thanks to the IETF's WG
>>>> platform of bringing together industry players, the emphasis is on
>>>> protecting only *those who use the product*. Which meant that anyone
>>>> not using the product was irrelevant. According to IETF unwritten
>>>> policy, as enforced by industry players, everyone had to pay the price
>>>> of admission in order to be considered worthy of protection.
>>> I'm not convinced this analysis is correct. One analysis I like takes
>>> from Machiavelli the thought that introducing new systems is hard,
>>> because the old systems have a lot of inertia, including the people who
>>> depend on them to make a living.
>> Absolutely -- I set myself an almost impossible hurdle. But that's
>> aside from whether the analysis is correct or not.
>>> The only successful security model we have seen in wide deployment is
>>> the CA model. (SSH is not generally used outside small communities.)
>> Skype. Let's ask ourselves what would have happened if Skype had gone
>> the WG ID path?
> Say what? You think Skype is better/more secure for not having been
No, no, this is what was said: Point by Philipp: The only successful
security model we have seen in wide deployment is the CA model.
Counterpoint by me: Skype. It is successful. It is a security model
(and pretty good at that). It is in wide deployment.
And, to address your points, it was not standardized, nor had anything
to do with committee-manufacture or similar cartel mechanics.
(To respond to "better" and "more secure" would require definitions, so
I'll skip past for brevity.)
> So you trust Skype more than various IETF security
> protocols? I find it hard to take that seriously.
I never said it ;) But yes, I personally do trust Skype more than any
IETF security protocol. Mostly because it delivers whereas IETF has
terrible delivery record. S/MIME is unusable, IPSec was broken by
install, SSL only reaches about 1% of the market, and its flagship
product, HTTPS and secure browsing is ravished by phishing. Password stuff?
(The only stunning success is SSH. Trustworthy, usable, free, secure.
The only thing it's missing is wider applicability to other use cases.
OK, I don't know much about Kerberos and GSS, etc.)
Against that what have we got for Skype? A bit of spam, a proof that
Microsoft are now reading the chats (like google & SSL), some vague
sense that the NSA now like it (attack kits? special hooks?). Let's
put that in context: nobody seems to have lost any money on Skype yet
('cept ebay :) but HTTPS is a pig. If you get phished or MITB'd or
MITM'd, you're SOL unless your bank is nice, and then it's out of pocket.
So yeah, and in reverse: I find it hard to take IETF product seriously.
Why am I so alone?
> I've no idea what
> Skype does on any given day, and less what it will do the next.
Right, a flaw! But even then, the record looks not so bad.
> And BTW, the IETF doesn't always do design by committee, the IETF
> standardizes protocols that participants want to; if you bring a fully
> formed protocol to the IETF that the community is interested in then
> they'll standardize it after reviewing it -- chances of zero changes
> are low, but the design will not have been by committee. Really, the
> IETF has its faults, and who knows, maybe there are NSA/GCHQ moles
> pushing the consensus around, but please don't let's generalize so
Let's be specific. The generalisation is this: IETF brings corporates
together who have a vested interest in the commercialisation of a
product. As a process it leans inevitably towards those interests --
commercial interests as espoused by Bill.
Is that so far from the truth? I mean, some people actually champion
this as good!
> Also, the cost of bringing a protocol to the IETF is rather low: it's
> the cost of the labor needed to write the documents, rally interest
> (it's a volunteer organization), and go through the process. You
> don't even need to pay the IETF one penny if you don't every choose to
> attend an _actual_, physical meeting. This cost is as low as it gets,
> though it isn't low, i know. You can always just manage to get
> interest and a community going outside the IETF, effectively making
> your own SDO -- plenty have done it. And there are alternative SDOs.
Yes, I agree with that. Indeed, IETF stands as an improvement over the
prior effort which could be seen as the ISO national standards efforts
to do OSI.
(Yes I was part of that too, briefly enough, but long enough to spot an
actual protocol error, submit the description, and see it ignored for a
decade or two until some academic spotted it. Why? Because the
committee approach was there designed to endorse not change.)
> Heck, SSL was a protocol brought to the IETF by an outsider, not
> designed by committee at all. Kerberos was too. Ditto NFS, SSH, ...
> Sure, after two or three decades they look like monsters, but that's
> not because of committee, it's because of the impossibly high cost of
> flag days. The design-by-committee parts come after initial
> standardization, when many people use the protocol and therefore have
> a stake in its evolution. I don't see how you avoid this. It's
> called "organic growth", or "entropy" if you like.
We're in agreement. So let's get to the nub. Two points:
1. In 2 decades of IETF work, they couldn't fix the cert / URL
display in SSL.
2. It took Snowden to get the vendors to start thinking about fixing
> Can we _please_, pretty please, with sugar and cherries on top[*]
> raise the signal-to-noise ratio on this list? How can we work to
> improve security when our lists become a DDoS on ourselves?
> I miss the days when Perry moderated aggressively to tamp down
> retreading and when he'd edit posts to note that a given thread was
> [*] I hate sugar, but still.
We have met the enemy, and he is us?
More information about the cryptography