-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi John,
On 02/01/2014 11:18 PM, John C Klensin wrote:
Hi.
After looking through the agenda and thinking about end to end
confidentiality mechanisms, a few questions/suggestions:
(1) Other than a probably-appropriate level of general paranoia, do
we have any reason to believe that PGP (Symantec and/or GNUPG
versions) has been sufficiently compromised to not provide a good
defense against either pervasive surveillance or general snooping?
That's two questions. IMO, neither S/MIME nor PGP provide
highly effective protection against pervasive monitoring (PM).
Either can be pretty good against "general snooping." In
both cases the protocol crypto is, as far as we know, just
fine. Both protocols (PGP and S/MIME) however were designed
in a different time, when an enterprise security mode was
far more often an accurate description of most Internet users'
reality, so that's not that surprising.
So there's no yes/no answer to your question(s) #1.
(2) If the answer is "no, they are probably ok" or better, should
we be doing a key signing in London? That would facilitate longer
keys for those who would benefit from that and getting the
facilities more generally available to relative newcomers [1].
I'm fine to help get a room, if someone else takes on the
organising.
(3) If the answer is "yes, they have to be treated with great
suspicion", they why are there not BOFs or other sessions on the
agenda to consider whether the IETF standards should be upgraded
or, if that is not feasible, deprecated?
I think the lack of BoFs is because end-to-end interpersonal
messaging and how to make that resistant to PM is a
significantly hard problem. And there is also the issue that
there are plenty of reasons why various folks (e.g. advertisers,
not just govt.) would rather that interpersonal messaging were
not secured end to end, so it seems the people with significant
deployment also lack motivation, to say the least.
I do however think the XMPP folks are doing the right things
as far as I can see.
We are however having a workshop [1] before IETF-89 that will
discuss this and other topics related to PM. (Sorry, its
already oversubscribed, but we'll be reporting on it at the
saag session.)
[1] https://www.w3.org/2014/strint/
(4) If we are going to do a key signing, would there be enough
interest in signing of CACERT X.509 keys to see if there are enough
people with the right credentials who will be in London to certify
those too (in spite of the non-presence of the CACERT root keys in
various browsers, etc.)?
No idea personally.
If we are really serious about preventing monitoring, especially at
the application layer and doing so within our own community as an
example, this should be obvious.
I disagree as it happens. Putting an emphasis on identification
and authentication seems backwards to me. First, we ought try
provide means to communicate that resist PM, (which requires
confidentiality and can use some help from Mr. Data Minimisation:-)
and after we have that nicely unerway, we can then see how to
establish various kinds of authentication.
I don't believe that starting from authentication is at all
the right approach.
But, I might be wrong, so happy to see people signing keys.
Indeed, it might be interesting as a first step to fix the IETF
list so it wouldn't accept unsigned messages.
Wasn't that debated a few months ago. I don't think that
would be at all useful for anyone.
Conversely, if it is not obvious, maybe we are not really that
serious.
No. Being serious about PM does not mean wanting to start
by identifying and authenticating everything in sight. I've
deliberately put that in an argumentative way, but I hope
it makes it clear why we really need to start from
confidentiality and mechanisms like minimising the PII in
our protocols.
Cheers,
S.
best, john
[1] Some people will sign PGP keys on the basis of documents (like
passports) alone, others won't. But, even if most people won't, it
has been a sufficiently long time since we've done a key-signing
at IETF that I imagine there are a number of no-longer-newcomers
around who might benefit and who are reasonably well known to
others .
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iQEcBAEBAgAGBQJS7a0VAAoJEC88hzaAX42i+6MH/An544gWl1H6dvAnfMuW9/2I
fLI4D3fwvVRzXXRU0ElLhfNZwjQaA+Ofu0EmshCoenmHOy845wugRUnFOB3+pedq
n2g3c60zbR0VMI6GzkjViC1dj6W0Z0L2CKJrIYTzA4ve1suMjoMqDCDg7ZsoWIsn
sXjx7gL9ubsyOm7TtmWHvamV/oaDrZGuqEYzxKIVZnyooEYKa1xplapPCrFpsIK2
18B/YfCRfYzKqdFxHFZQC2A3P/Iw7phbKUwOL2OoZTePZw5LjhK9HF39p+Al0neL
crXRpn8WObY0OLqiV89cYHafOAZex2bfgd8jZBJfpxOceFbSjE7GizuTENl6Wmg=
=RYeX
-----END PGP SIGNATURE-----