[Cryptography] FW: IAB Statement on Internet Confidentiality
ianG
iang at iang.org
Mon Nov 17 04:00:36 EST 2014
On 17/11/2014 04:54 am, alex at alten.org wrote:
> Hmm...the Reddit posting has had no responses.
https://www.reddit.com/r/technology/comments/2mhirs/iab_statement_on_internet_confidentiality/
Curious. Reddit is read by geeks, I guess, whereas most of the twitter
response I saw was less directed. OK, that's speculative.
https://twitter.com/iang_fc/status/533407378256199680
https://twitter.com/iang_fc/status/533412858638659584
> On a more serious note, the IAB statement below opens up a whole can of
> worms.
>
> 1. The vast bulk of the Internet protocols now and in the future already
> exist. How are we going to retrofit them or somehow deal with them? New
> secure protocols will be a tiny percentage of the installed base of
> insecure protocols.
Well, the approach is more to retrofit the key ones. TCP is in play,
there is a group called TCPInc which is looking at a few ways to make it
opportunistic. There is already a protocol fielded for that called
TCPcrypt, which has some serious lab testing.
http://tcpcrypt.org/
> 2. You can't just encrypt/authenticate without dealing with key
> management, which adds more complexity and state to a protocol and
> supporting software.
The approach is opportunistic. Eg., for TCP, do a key exchange startup
using the optional extensions capability. If that works, use it for
packets, if it doesn't, back off to unencrypted.
Then, as a bonus, the key exchange result is made available to wider
protocols through some undefined socket mechanism. Applications are
then capable of using the kex to do wider authentication. Also, there
is scope for saving the key and using it a new startup. But these
things are more for later phases.
> Is the IETF going to design a one-size fits all key
> management protocol?
Gawd no, I hope not. They're a committee, they're not competent to do
new work that the rest of us have failed to do.
> 3. You can't just add key management without dealing with policy
> adjudication. And you can't adjudicate without a (globally) scalable way
> to deal with the identity of humans and programs. How do we represent
> and store policy attributes and rules? Is this beyond the purview of the
> IAB? If so, whom does the IAB coordinate with?
Let's call it beyond purview, but I'd rather say it is missing the
point. The goal is unauthenticated encryption, first and foremost.
> 4. You can't encrypt without dealing with legal issues, like supporting
> judicial warrants for "wire taps". We cannot ignore most (democratic?)
> societies' need to investigate crime. (I expect to get heated flame mail
> over this point.)
Wot? I encrypt all the time without dealing with legal issues. No idea
what this means for a protocol, what are you going to do, arrest a
packet and read it it's rights?
> 5. You can't successfully secure your comm links if your nodes are
> insecure. At the very least we will need to have operating systems that
> support something like a Biba integrity model for processes. And to do
> this we need some sort of Reference Monitor inside each OS. How can we
> do this without hardware support? And how do we get all the OS vendors
> to agree to secure their OS's in manner that supports these new (and
> retrofitted) protocols keying and policy needs?
Nah. You are thinking 1990s full security models, tracing back to
military aggressive threat models. This is not what this is about.
This is opportunistic security, where the attacker is moved from
pervasive surveillance passivity to an active decision making. He must
attack! He must knock down the protocol if he wants to eavesdrop. No
more free lunches, no more rolling over and playing doggy.
> Quoting ianG <iang at iang.org>:
>
>> For what it is worth, I twittered the below statement last night, and
>> it got 2 orders of magnitude more response than anything I've ever
>> said. I conclude that the IAB's statement has struck a public nerve;
>> there is clear approval in the public's mind.
>>
>> iang
>>
>> ps; I submit that this is a sensible top-post ;)
>>
>>
>> On 14/11/2014 13:46 pm, Salz, Rich wrote:
>>>
>>> -----Original Message-----
>>> From: IAB Chair [mailto:iab-chair at iab.org]
>>> Sent: Friday, November 14, 2014 4:26 AM
>>> To: IETF Announce
>>> Cc: IAB; IETF
>>> Subject: IAB Statement on Internet Confidentiality
>>>
>>> Please find this statement issued by the IAB today.
>>>
>>> On behalf of the IAB,
>>> Russ Housley
>>> IAB Chair
>>>
>>> = = = = = = = = = = = = =
>>>
>>> IAB Statement on Internet Confidentiality
More information about the cryptography
mailing list