[Cryptography] IAB Statement on Internet Confidentiality

ianG iang at iang.org
Thu Nov 20 03:59:50 EST 2014

On 18/11/2014 04:18 am, Jerry Leichter wrote:
> On Nov 17, 2014, at 7:31 PM, ianG <iang at iang.org> wrote:
>>>> ... do we still feel so good about opportunistic encryption, at least defined in this way?
> There seems to be unanimity in the response here, but I'm not sure I agree.  Note my "at least defined in this way".

> However, if you limit it this way, opportunistic encryption has no way to tell you that it's been blocked.  If no one notices attacks, the step forward looks much less dramatic, no?

Right.  So far, if "defined in this way," and we stop there.

> Given the huge variety of protocols and protocol usage frameworks out there, it would be impossible to prescribe what kind of communications is appropriate.

Right, so one measure is TCPInc which adds opportunistic security into 
TCP without the user doing anything.

> But we could think about general frameworks and guidelines.  It's tricky, because any attempt to deliver the information in-line can be forged.

Right, and no auth, and needing to understand the protocol.  This is not 
a good direction to go.

> (E.g., if you try to add a "Delivered using STARTTLS" header, an attacker can disable STARTTLS, then add the header himself.)  But if you're going to say "this helps because it turns passive attacks into active attacks, and active attacks will be noticed" - you have to make sure they can be noticed.

Yes.  So the stage is set.

Skirmish 1:  attacker is just doing passive reading ov everything.
Counterskirmish 2:  we switch on OS and bite thumbs at their house.

Strike 3:  attacker strips off the OS layer and reads the traffic.
Counterstrike 4:  we read the logs, and draw swords.

Attack 5:  ...
Counterattack 6: ...

We're setting up an arms race.  The approach here is one of strategy. 
To get to the point where we can have a full scale war, we have to 
escalate it through some skirmishing first.

In order to do there, to get the attacker into the field, we have to 
force the attacker to actually attack.

> By large numbers of people, in ordinary operation, not just by experts who happen to be looking for exactly such an attack.

Yup.  This process has to be seen against the alternate choices we've 
tried:  Do nothing (we got pillaged), and use TLS (failed to deploy).


More information about the cryptography mailing list