ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice

2013-12-11 01:21:34
from [Stefan Winter] [Permanent Link] 
Hi,


<tp>

And that is another example of the use of encryption that I think
may be abusive.

Increasingly, I find that when I access a website, of some leisure
interest, an https:// tunnel has been set up to Google, Facebook,
Twitter or some such, which makes me think that they are acquiring
personal information about me, information which I cannot see,
perhaps for use in a way I will not approve of.  It is like phishing,
only
different.


The HTTPS tunnel originates from your own machine. You can see what's
going into the tunnel if you want. HTTPS is about securing the
transport, not the endpoints.


And there seems to be no way of stopping it (short of a router ACL to
prevent access to Google).


It's well-known that Facebook "Like" buttons and things like that
communicate home before being used for anything. If they'd do it
unencryptedly, they'd still do it. The encryption doesn't change their
desired behaviour, only the way their payload is transported.

By encrypting, at the very least your personal data leaks to Google etc.
alone. (*) If they'd send it unencryptedly, everyone on the IP path,
such as a perpass attacker, *also* learns about your personal data.

So: encryption does something good even in the scenario you describe.

Greetings,

Stefan Winter


Tom Petch

</tp>


What I don't feel good about is perpass-attack, which is going to
be at best ignored, or wildly misinterpreted and misused by its intended
audience. It's primarily a kneejerk reaction to news events to assuage
the consciences of IETF insiders.

also, do we get drafts through last call by simply now announcing in
the draft that it has been through last call? That does make things
easier. Must start writing 'this RFC' in drafts, which will help that
benighted state come to pass.

Lloyd Wood
http://sat-net.com/L.Wood/





-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: https at ietf.org, Douglas Otis
Next by Date:  Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice, Stefan Winter
Previous by Thread:  Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice, t.p.
Next by Thread:  Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice, Stewart Bryant
Indexes:  [Date] [Thread] [Top] [All Lists]