On Mar 14, 2011, at 5:17 AM, Iljitsch van Beijnum wrote:
Privacy and obscurity are tools that cut both ways. It can protect legitimate
communications from evil regimes, but it can also shield illegal behavior
from the law, or privacy violations commited by applications, or services
running in a browser from the user.
Shielding illegal activity from the law is a prime use case. if we consider
that political discourse is an illegal activity under conditions that some
authoritarians, supported by violence, call "the law".
As for a trojan service running on your computer being shielded: Nobody
suggested that the applications API-calls to your transport layer have to be
encrypted. I personally believe you should have full access to your own
computer's innards. And I suspect that a great many trojans also communicate
privately today, even though we're still putting our user's data out on public
display.
It also makes debugging orders of magnitude harder, uses more overhead and
engergy and slows down the communication. (Especially in mobile networks
where one end is on battery power and the extra round trips required to
negotiate encryption and authentication are typically slow.)
True, things have consequences. Someone on this thread emailed me a quote from
Benjamin Franklin: "They who can give up essential liberty to obtain a little
temporary safety, deserve neither liberty nor safety." Much can also be said
about those who give up essential liberty in order to obtain a bit of
convenience or a marginal increase in battery power.
Your argument is something akin to requiring people to not lock the doors on
their homes, because not having the doors locked might make it easy for
emergency services personnel to respond to a reported break-in.
As for overhead, someone else was kind enough to send me a link to tcpcrypt,
which seems to offer a lighter-weight solution than TLS:
http://tools.ietf.org/html/draft-bittau-tcp-crypt-00
As I've said earlier in this thread: if our security tools are too heavy to
use, we need to consider the possibility that we need new tools.
As such, it would be a very big mistake to start encrypting ALL
communication. Whether the applying these mechanisms is sufficiently
beneficial to be worth the numerous downsides should be evaluated on a
case-by-case basis. It's not the IETF's job to force vendors and users to do
something that they would otherwise choose not to do.
True, there are certain communications that are truly "broadcast in nature" and
would be disserviced by requiring them to be encrypted. Many of them, however,
would do well to be integrity-protected. Consider the harm that a rogue DHCP
server can produce.
It IS the IETF's job to decide whether IETF protocols will be published with
built-in back doors, especially when we know that by default said back doors
will be generally left standing wide open and that most developers (and
consequently users) will never bother to even try the more-secured "front door"
and see if it works for them.
If we don't want security holes, we shouldn't build them into our protocols!
You're trying to attack the problem from the wrong side, anyway: you assume
using the large infrastractures that are easy to control by states and then
try to add a layer of protection. It would be better to work around these
infrastructures completely. Why is it that when I email my colleague two
meters away, within easy wireless range, that the message goes through the
servers of Google somewhere (not even sure in which country those are)?
That's also a very good question, and I'm aware and supportive of efforts to
make a fundamental change here. One thing that was brought to my attention
during this conversation is "Mondonet":
http://www.mondonet.org
Self-organizing models have tremendous potential. Consider how important
something like this could be for rescue efforts currently underway in Japan.
Imagine how much better the communications could be if every cell phone
switched over into a self-organizing ad-hoc mode and relayed messages
peer-to-peer both between phones and back to whatever fixed infrastructure
survives.
But that simple fact of the matter is that TODAY we have this large
infrastructure called "The Internet" and that TODAY it is easily controlled by
states and intercepted by criminals , and that TODAY people are using it to
organize against abusive states and to carry out their private lives (financial
or otherwise), and that TODAY people are being robbed, killed or otherwise
suppressed because our infrastructure leaks private data all over the place.
So, what are we going to do about today's networks for tomorrow, not for the
next millennium?
--
Dean
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf