[Cryptography] IPsec DH parameters, other flaws
Christian Huitema
huitema at huitema.net
Mon Jul 20 21:03:01 EDT 2020
On 7/20/2020 12:05 PM, Paul Wouters wrote:
> On Sun, 12 Jul 2020, Ben Laurie wrote:
>
>> On Tue, 7 Jul 2020 at 05:15, Paul Wouters <paul at cypherpunks.ca> wrote:
>> And if it makes you feel better, once I investigated the
>> history and
>> lack of justification of RFC 5114, which Steve Kent admitted to
>> having
>> just forwarded from NSA/BNN to IETF without explanation, I
>> pushed to
>> kill the whole thing. It's now dead.
>>
>> Not noticeably: https://tools.ietf.org/html/rfc5114
>
> What were you hoping to see there? A historic status? I'm afraid a lot
> more time would need to pass for the IESG to do that. But anyone can ask
> them to, you don't need to write an RFC for it.
>
> Note, when I said "It is now dead", I meant for IKE/IPsec. I don't think
> TLS ever saw much use either, but I simply don't know if it is in use
> there or not.
Paul, when you say "I don't think TLS ever saw much use either", could
you qualify the context for that lack of use? We get all kinds of
statistics showing that the majority of the web connections are now
using HTTPS, and that the TLS 1.3 version is being deployed, e.g.,
https://ietf.org/blog/tls13-adoption/.
This brings us to the questions about "what did we learn" and "what
would we do now"? Of course, we learned that the NSA and others are
spying on the Internet connections. We learned that the end-to-end model
of deployment worked well for TLS and HTTPS, and also for SSH. We
learned with the Let's Encrypt initiative that automating X.509
certificate acquisition and renewal helped deployment a lot. We also
learned that there are two big issues left unaddressed: the collection
of metadata, and corporate surveillance.
Many people have been working to limit the metadata available outside of
the encryption enveloped, but there are still hard issues. For TLS, SNI
Encryption is almost ready for standardization, and that would be one
big step. The work on DNS encryption complements that. But there are
still large gaps -- for example, there seems to be no appetite to
diminish metadata in email messages, because it is used for controlling
spam. The need to control spam and malware is also used as an argument
to resist DNS encryption, and resist metadata removal in general. And
then, the IP addresses are also metadata, which only Tor seems to remove
so far.
On the other hand, focusing on this type of leaks feels a bit like the
quip about "speeding ticket at Indianapolis" in "Apocalypse Now". The
apocalypse is happening already, with the generalized surveillance
implemented by Google, Facebook and their likes. What is the good of
encrypting web connections if the other end is going to conduct a web
auction and broadcast the metadata to all auctioneers? What is the point
of focusing on little details when companies continue being funded to
acquire as much metadata as possible and sell it? What is the point of
limited collection by government agencies when they can just turn around
and get the data from resellers, like the CBP just did by buying
databases of license plate surveillance?
-- Christian Huitema
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20200720/eac25cb2/attachment.htm>
More information about the cryptography
mailing list