[Cryptography] FW: IAB Statement on Internet Confidentiality

Tom Mitchell mitch at niftyegg.com
Tue Nov 18 14:21:11 EST 2014


On Sun, Nov 16, 2014 at 8:54 PM, <alex at alten.org> wrote:

> Hmm...the Reddit posting has had no responses.
>
> On a more serious note, the IAB statement below opens up a whole can of
> worms.
>
> 1. The vast bulk of the Internet protocols now and in the future already
> exist. How are we going to retrofit them or somehow deal with them?  New
> secure protocols will be a tiny percentage of the installed base of
> insecure protocols.


<http://www.metzdowd.com/mailman/listinfo/cryptography>If the goal is too
large nothing will happen.

Pick one service (like mail) and design a protocol that
can be used between hosts.

<simple-mind>
Mail is a good example because it is store and forward.
At a big service like Yahoo or Google there are many sites
and internal store and forward links could use the new protocol.

At first key management might keep the new connections inside
a service.   Later a pair like Yahoo and Google could exchange
keys then others.

Same for nations.  Some *.gov email services were apparently hacked
recently so .gov mail service might see enough attention to wrap it
in a manditory access control envelope that enforces compartments.

IPV6 adds connectivity options that may allow protocol fences to be erected
they might look like VPN links and have very limited routing connectivity
rules.

All that is needed is a specific service and specific firewall rules that
current Cisco
and the like hardware can enforce and audit.

Cryptography is computationally heavy and most services are resource limited
so push-back is expected.   Establishing an on ramp to get services on
program willl be needed.   It took a long time for https to be common but
a vhttps: where all connections are via a VPN to https sites with cached
certificates might be next if http is the protocol of interest.
</simple-mind>

-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141118/18db4d1e/attachment.html>


More information about the cryptography mailing list