ietf
[Top] [All Lists]

RE: [saag] Is opportunistic unauthenticated encryption a waste of time?

2014-08-23 15:28:28
Nico said: 

For me OS is not about anti-PM, or at least not mainly anti-PM.  See below.
 
[BA] I agree - but IMHO it would be useful if we were clear about this in 
problem statement documents.  

Therefore OS can go a long distance relative to criminals in many situations.
 
[BA] We certainly do have a problem with criminals targeting payment networks 
to great effect.  However, given the urgency and potential deployment lags, is 
OS the most timely potential response to that problem? 

Sovereign powers will be able to do build active PM systems, no doubt.
 
[BA] In many cases (and certainly in the case of virtually all oppressive 
regimes), major portions of the Internet infrastructure are under control of 
the state.  So if the issue is oppressive regimes (and protection of 
dissidents), something considerably more comprehensive than OS is needed (e.g. 
more along the lines of Tor). 
 
[nico]  But if the end-state for OS is something like DANE 


  



                          



            

            



    

[Huitema] It is also fairly easy for OS conscious applications to use channel 
binding schemes and detect the MITM. 
[BA] If we are talking about DANE and channel binding schemes, aren't we out of 
the realm of "unauthenticated" opportunistic encryption?  
 
[IanG] "Agreed on both points.  And this is a big win.  Because then we know 
what they are doing and can provide evidence."
[Ted] This won't help in a totalitarian regime, certainly, but in democratic
societies having law enforcement agencies engaging in mass,
surreptitious surveilance might be less likely to be tolerated.

 
[BA] AFAIK, the surveillance budget is not a matter of public record in most 
nations of the world.  And as far as "toleration" in democratic societies is 
concerned, are there democratic societies in which there are comprehensive 
reform proposals that have a good chance of passage?  Just wondered if I was 
missing something. 

                                          
<Prev in Thread] Current Thread [Next in Thread>