ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Call for a Jasmine Revolution in the IETF: Privacy, Integrity,

2011-03-11 12:50:12
from [Phillip Hallam-Baker] [Permanent Link] 
This is one of my bigger problems with so-called end to end security.


Contrary to what Ron wrote in his paper, Alice is NOT a Turing machine. She
is a person. And in the general case it is not even Alice who is the real
endpoint of the transaction.

The ends of a business transaction are corporations and/or people.

And what turns out to matter in government information systems is not really
the communication part of the problem at all. Its the document life-cycle.


Rather than put Bernard Manning in the Quantico brig we should put the
people who let a low level clerk have access to such a vast quantity of
information. We had the technology that could have prevented a low level
clerk from having the ability to download and redistribute that data, it was
not deployed.


End-to-end has been turned into an ideology and ideologies ALWAYS fail where
security is concerned.

Unless we have the endpoints implanted in the brains of the sender and
receiver we will never achieve true end-to-end security.


On Fri, Mar 11, 2011 at 12:57 PM, Dean Willis 
<dean(_dot_)willis(_at_)softarmor(_dot_)com>wrote:



On Mar 11, 2011, at 11:03 AM, Martin Rex wrote:


Phillip Hallam-Baker wrote:


1) WPA/WPA2 is not an end to end protocol by any stretch of imagination.
  It is link layer security.


It is a 100% end-to-end security protocol.



I'm reminded of those signs saying "Repent! The end is closer than you
think!"

I think we have different ends in mind here. In the real-time community, we
usually think of WPA2 as an "end to middle" security protocol, in that it
doesn't protect the entire path from Alice to Bob unless both are running on
the same ad-hoc wireless network.  It does protect the specific link, say
from Alice to her access-point, but does nothing to keep the access point
itself from mirroring the cleartext onto another port.

--
Dean





-- 
Website: http://hallambaker.com/

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Follow-on to "Jasmine" call: poll for ad-hoc in Prague, Dean Willis
Next by Date:  Re: Call for a Jasmine Revolution in the IETF: Privacy, Integrity, Obscurity, Dean Willis
Previous by Thread:  Re: Call for a Jasmine Revolution in the IETF: Privacy, Integrity,, Dean Willis
Next by Thread:  Re: Call for a Jasmine Revolution in the IETF: Privacy, Integrity,, Stephen Kent
Indexes:  [Date] [Thread] [Top] [All Lists]