I've been watching this thread for a while. The idea of making it harder
without actually expecting the encryption to work seems like an implicit
admission of failure. I think the right posture is to make privacy via
encryption the default at every level, or perhaps even mandatory, and to expect
it to work. Key management has to be seamless and automatic, and the software
and hardware have to be trusted. Let's button up the net and protect our
communication from prying eyes, whether they be ISPs wanting to charge us for
"high value" traffic, governments wanting to gather intelligence, or others.
There will still be lots of information that we can't easily protect, e.g.
"metadata." I am not worried about that even though that really does disclose
a lot of information. People who need anonymity or other strong protection
will need to use special services or third parties, just the way they do in
real life.
This my personal view and does not represent anyone else's. In particular, I
am not speaking for ICANN in this note.
Steve
On Nov 15, 2013, at 11:43 AM, Hannes Tschofenig
<hannes(_dot_)tschofenig(_at_)gmx(_dot_)net> wrote:
Yaakov, you have very nicely summarized the strategy: We need to make attacks
more expensive.
Am 15.11.13 14:54, schrieb Yaakov Stein:
That aside, just saying "you MUST do TLS with HTTP/2.0" doesn't buy much
security in a world
where CAs are not trustworthy, people still use RC4/MD5, use woefully short
keys for
otherwise strong algorithms, browsers have effectively trained people to
always click
"visit anyway" and so on.
I believe that this proposal was in line with Bruce Schneier's suggestion at
the plenary.
Do anything to make more work for people trying to listen in to everything
on the Internet.
For example, put a key at the top of the content and then encrypt using this
key.
This is meaningless from the confidentiality point of view,
but eats up computational resources and energy for someone trying to vacuum
up everything.
Even better - when you don't have anything to transmit, send meaningless
supposed encrypted packets.
If everyone did this their storage costs would skyrocket.
Even better, send packets with easily broken encryption containing keywords
of interest.
Y(J)S