Re: Call for a Jasmine Revolution in the IETF: Privacy, Integrity, Obscurity
2011-03-10 12:32:01
On 04/03/2011, at 8:06 PM, Dean Willis wrote:
[snip]
Every document we now produce has a "Security Considerations". I hereby
propose the following extensions to that section, such that each
specification requiring a meaningful Security Considerations section MUST
address the following:
1) Privacy and Integrity: We believe that intermediaries should be neither
able to understand nor alter the transmitted material without the explicit
consent and awareness of the users. How are the principles of end-to-end
privacy and integrity provided by the specification? Reasonable solutions
might include any of our well-documented encryption and signature systems
coupled with applicable key management mechanisms. Analysis within the
specification should also describe the known limitations of the
specification, such as susceptibility to hostile certificate authorities.
Further, forthcoming IETF specifications MUST not allow plain-text
transmission of anything within any protocol. Sign or cipher (or both, as
appropriate) everything, all the time.
Encrypting *everything* means that all communications become exclusively
two-party, and thus requires that you implicitly trust the party at the other
end of the connection.
I trust both my government and my ISP much more than I trust many of the Web
sites that I visit with my browser.
Privacy researchers (like Balachander Krishnamurthy, who unearthed many of the
liberties that Web sites take with privacy, leading to the current kerfuffle in
the FTC and recent action by the EU) won't be able to verify how servers treat
our data if it's all opaque. I think that's a much worse world than the one we
live in today.
2) Privacy and Obscurity: We believe that observation of a traffic flow pr
sequence of traffic flows should reveal as little information about the
application or user of the application as possible to an intermediary who
observes the traffic without the explicit consent and awareness of the user.
In principle, "deep packet inspection" should be completely useless, as
should attempts by an intermediary to trace the end-user(s) to a specific
physical location. How does the specification provide for obscuring the
content of the application and the identity and location of users involved in
the sequence? Reasonable solutions might include things like TOR combined
with TLS. Analysis within the specification should also describe known
limitations of the specification, such as frequency and time domain analysis
at a network-adjacent node, or dependency on interceptible dereferencing
mechanisms like the DNS.
This will have the effect of isolating some companies and countries from the
Internet. Is that a good outcome?
[snip]
--
Mark Nottingham http://www.mnot.net/
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: Call for a Jasmine Revolution in the IETF: Privacy, Integrity,, (continued)
- Re: Call for a Jasmine Revolution in the IETF: Privacy, Integrity,, Martin Rex
- Re: Call for a Jasmine Revolution in the IETF: Privacy, Integrity, Obscurity, Phillip Hallam-Baker
- Re: Call for a Jasmine Revolution in the IETF: Privacy, Integrity,, Martin Rex
- Re: Call for a Jasmine Revolution in the IETF: Privacy, Integrity,, Phillip Hallam-Baker
- Re: Call for a Jasmine Revolution in the IETF: Privacy, Integrity,, Martin Rex
- Re: Call for a Jasmine Revolution in the IETF: Privacy, Integrity,, Dean Willis
- Re: Call for a Jasmine Revolution in the IETF: Privacy, Integrity,, Phillip Hallam-Baker
- Re: Call for a Jasmine Revolution in the IETF: Privacy, Integrity,, Stephen Kent
Re: Call for a Jasmine Revolution in the IETF: Privacy, Integrity, Obscurity, Phillip Hallam-Baker
Re: Call for a Jasmine Revolution in the IETF: Privacy, Integrity, Obscurity, SM
Re: Call for a Jasmine Revolution in the IETF: Privacy, Integrity, Obscurity,
Mark Nottingham <=
- Re: Call for a Jasmine Revolution in the IETF: Privacy, Integrity, Obscurity, Dean Willis
- Re: Call for a Jasmine Revolution in the IETF: Privacy, Integrity, Obscurity, Mark Nottingham
- Re: Call for a Jasmine Revolution in the IETF: Privacy, Integrity, Obscurity, Dean Willis
- Re: Call for a Jasmine Revolution in the IETF: Privacy, Integrity, Obscurity, Alessandro Vesely
- Re: Call for a Jasmine Revolution in the IETF: Privacy, Integrity, Obscurity, Joel Jaeggli
- Re: Call for a Jasmine Revolution in the IETF: Privacy, Integrity, Obscurity, Hannes Tschofenig
- Re: Call for a Jasmine Revolution in the IETF: Privacy, Integrity, Obscurity, Dean Willis
- Re: Call for a Jasmine Revolution in the IETF: Privacy, Integrity, Obscurity, Alessandro Vesely
Re: Call for a Jasmine Revolution in the IETF: Privacy, Integrity, Obscurity, SM
Re: Call for a Jasmine Revolution in the IETF: Privacy, Integrity, Obscurity, Hannes Tschofenig
|
Previous by Date: |
Re: Call for a Jasmine Revolution in the IETF: Privacy, Integrity, Obscurity, Ted Hardie |
Next by Date: |
Re: Secdir review of draft-ietf-sidr-res-certs, Paul Hoffman |
Previous by Thread: |
Re: Call for a Jasmine Revolution in the IETF: Privacy, Integrity, Obscurity, SM |
Next by Thread: |
Re: Call for a Jasmine Revolution in the IETF: Privacy, Integrity, Obscurity, Dean Willis |
Indexes: |
[Date]
[Thread]
[Top]
[All Lists] |
|
|