ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [saag] Is opportunistic unauthenticated encryption a waste of time?

2014-08-22 21:14:28
from [Bernard Aboba] [Permanent Link] 
It used to be easy to dismiss opportunistic security as a waste of time, it 
is now clear to most that it is ....


[BA] Merely a waste of money. 
"Opportunistic unauthenticated encryption" that does not defend against 
man-in-the-middle attacks has no value against targeted surveillance.  So if 
the goal is to protect dissidents, look elsewhere.  Unfortunately, the line 
between "targeted surveillance" and  "mass surveillance" is a thin one.   
The value against mass surveillance is predicated on the assumption that "large 
scale targeted surveillance" is infeasible or that the cost of large scale 
meta-data collection can be increased to the point where it is too costly even 
for a nation-state.   
The first assertion, is likely to be proven false by the first gear to include 
built-in man-in-the-middle attack support.  Care to wager which appears first, 
carrier-class gear supporting man-in-the-middle attacks, or significant 
deployment of "opportunistic" encryption?  
The second assertion is likely to be proven false as soon as "opportunistic" is 
deployed widely enough to necessitate a surveillance budget increase (based on 
purchases of the above gear) necessary to defeat it.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Vacation locations, Chris Elliott
Next by Date:  Re: [saag] Is opportunistic unauthenticated encryption a waste of time?, Theodore Ts'o
Previous by Thread:  Re: [saag] Is opportunistic unauthenticated encryption a waste of time?, Viktor Dukhovni
Next by Thread:  Re: [saag] Is opportunistic unauthenticated encryption a waste of time?, Theodore Ts'o
Indexes:  [Date] [Thread] [Top] [All Lists]