ietf
[Top] [All Lists]

Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice

2013-12-06 13:54:24

Replying to two of your mails at once...

On 12/06/2013 06:49 PM, t.p. wrote:
----- Original Message -----
From: "Stefan Winter" <stefan(_dot_)winter(_at_)restena(_dot_)lu>
To: <ietf(_at_)ietf(_dot_)org>
Sent: Friday, December 06, 2013 10:15 AM


If encryption makes terrorism, crime and so on more likely, then we
could see countries impose restrictions on encryption in the same way as
for guns, and a few years down the line, the role of the IETF in
encouraging the use of strong encryption could be seen as a serious
misjudgment, one that is damaging to the standing of the IETF.

Wow. The IETF already has a consensus on the use of strong
crytopgraphy. And has had for 17 years. Please read RFC 1984.
If you have read it, I have no clue how you could accept it
and make the above (spurious, but that's beside the point)
argument. If you have read it, but don't accept it, then go
right ahead and write a draft suggesting a replacement that
fits your worldview better. If you have not read it, please
do.

On 12/06/2013 06:57 PM, t.p. wrote:
----- Original Message -----
From: "Stephen Farrell" <stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie>
To: "Stefan Winter" <stefan(_dot_)winter(_at_)restena(_dot_)lu>; 
<ietf(_at_)ietf(_dot_)org>
Sent: Friday, December 06, 2013 11:58 AM

On 12/06/2013 10:15 AM, Stefan Winter wrote:
The TV manufacturer could have used it - they were simply stupid
enough to forget about it.

I think in that case, the person who spotted the issue would
also have considered it odd if ciphertext continued to be
emitted after they had clicked the "don't send" button.

The person who spotted the issue did click "don't send" and the messages
continued to be sent (according to the reports).  Which is, after all,
exactly what you would expect to see with good security - don't give the
other parties an opportunity to use traffic analysis to determine what
is going on.

My point was in response to your saying that that case
demonstrated that ciphertext would prevented the person
from knowing their TV was sending out messages when
they didn't want that. The fact is in that case that
any message ciphertext or plain would demonstrate that
the TV is misbehaving. So your argument falls.

Cheers,
S.

<Prev in Thread] Current Thread [Next in Thread>