Larry,
On 11/18/2013 11:43 AM, Larry Masinter wrote:
The growth of surveillance isn't an simply an attack by a small set
of actors; it's a cancerous growth of practices ranging from the
beneficial benign to the criminal, from account personalization ("Hi,
Larry!") through advertising-focused tracking, governments, law
enforcement, employers, industrial espionage, and gangs of thieves.
The subject line refers to pervasive surveillance but the above
doesn't, or at least not clearly.
What I think is the case, and I think we got strong agreement on
in the room in YVR is that pervasive monitoring/surveillance does
require actions that are indistinguishable from other attacks, and
thus can and should itself be considered an attack.
That does raise difficult issues related to higher layer things
(advertising, laws in various places) but many of those are not
in-scope for the IETF and nobody (sensible:-) that I heard said
we are or should be attempting to do "fix" those.
Discussing such issues on the perpass list in an attempt to
identify if there are specific things that are relevant for the
IETF (or IRTF) seems reasonable to me, but we're not setting out
to change laws here, but rather to mitigate the aspects of
pervasive monitoring that are attacks on the network.
Deployment funds are finite. The space is zero-sum and thus negative
for some.
Do we have evidence that this is a zero-sum game? I've not seen
any, and in fact don't I believe that it is - if we turn on
more and better security to make pervasive monitoring significantly
more expensive, then we also gain better security against other
attackers as well. And, if e.g. the httpbis wg come to a good
resolution for HTTP/2.0 and if we get TLS1.3 deployed as we
think we might, then we can get both better performance and better
security for less than it currently costs, in terms of RTT for
example. That seems far from a zero-sum game to me.
Yes, depending on how that's done, it might impact on some
current technologies or business models, but that does not mean
that its a zero-sum game at all.
In addition, some changes (e.g. switching to modern or better
modes-of-operation for ciphers or key agreement) can have very
modest costs for things that are already implemented in many
places and we just need to help deployments catch up. And yes,
some people will continue to e.g. use ECB mode for some things,
so while we can't force people to do the right thing, we
shouldn't do nothing just because there'll always be someone
who gets things badly wrong.
Deploying one solution means not deploying others.
Deploying solutions not only use up finite deployment resources, it
hurts some other features and services.
Mandatory encryption doesn't cure the cancer.
Nobody (sensible, again:-) that I've heard has said that the IETF
can "solve" pervasive monitoring, in fact, lots of (sensible:-)
folks that I've heard have said exactly the opposite - we cannot
"solve" the problem, but we can and should improve Internet
security so as to mitigate the pervasive monitoring attack to the
extent we can, where that is practical. Making more and better
use of confidentiality is definitely a part of that.
I do agree that if someone claimed to have a "cure" then that
person would be selling snake-oil. But IMO, the person who
says we should do nothing because its hopeless or not our
business, is also selling (a different flavour of) snake oil.
We should reject both.
Too much is revealed by
the envelope and message length, and the offered counter-measures to
those risks are far more expensive.... who will pay?
Well, it seems that at least one large browser/site-operator is
now encrypting links between data centres, so they presumably
do think that's worthwhile. If the IETF can provide protocols
that really help with lower layer security that that'd be a fine
thing, and some people reported on IPsec related work at the
saag session in Vancouver, so they at least see value in that
and it could also protect various higher layer headers in some
situations that are relevant. Another bunch of folks seem to be
very interested in developing BCPs to say how to e.g. do mail
and xmpp security better. And the xmpp community seem to want to
deploy that. So some people do see value in doing work here,
and that's great to see IMO.
Overall, I'd say its fine to be more optimistic than your mail
implies:-)
Cheers,
S.
Don't offer a non-cure and then claim that making it mandatory is
helpful. It costs. "Lost Opportunity Cost" is real. If the most
serious problems are operational, focus on those.
I am in favor of privacy as one of the core values of a safe and
secure Internet. I am not in favor of a blanket priority for privacy,
or for mandatory non-solutions for it.
Larry -- http://larry.masinter.net