ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [saag] Is opportunistic unauthenticated encryption a waste of time?

2014-08-25 03:09:39
from [Hosnieh Rafiee] [Permanent Link] 
It is quite often the case that, under oppressive regimes, using
encryption technology will already flag you as "suspect" (if not
"guilty"). So in that case, you'd probably want to use something
probably want something more like a cover channel in those scenarios.



To some extend I agree with Fernando since I have the practical experience of 
such places. To be clear, if the purpose of the encryption is to avoid such 
places to access users' data or try to harden this process, actually it fails 
because the users force to use their devices and the main internet stream to 
those countries passed by their devices (where all traffic filtered and 
analyses and then sent to the users). Therefore, you cannot help them, 
especially, if you're talking about unauthenticated source of data. When OS or 
other ways try to help to authenticate this data, then maybe you can be 1% 
successful. Because this also helps that the users do not recognize this MITM 
attack. They can recognize this when they receive any warning message. (I am 
not talking about professional users that might trace their traffic. But about 
80% of internet users.)

Nevertheless, In my opinion, encryption, in general, is good. But it depends on 
what our target users or services are and who we want to hide this traffic 
from. Whether those people have access to the main internet stream and the user 
have no way to avoid them? Whether they have a power to apply regulation for 
internet in a country and user MUST follow them? Or whether they only want to 
sniff data passively in a way that user do not recognize it. In last case, 
encryption conditionally can be successful but I do not think it works in the 
first two cases. 
The conditions are that 1- whether those places can be easily recognized if 
they do active attacks? (it might be yes if they want to do this attack with 
the whole internet data stream that belongs to different countries but this is 
not true if it is only a small portion of traffic such as an enterprise or etc.)


I hope that I could explain my point clearly.

Best,
Hosnieh
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Hawaii Block - going, going...., Murray S. Kucherawy
Next by Date:  Re: Vacation locations (was: Re: [Recentattendees] Were You Planning a Vacation Around IETF91 Trip?), Jari Arkko
Previous by Thread:  Re: [saag] Is opportunistic unauthenticated encryption a waste of time?, Fernando Gont
Next by Thread:  Re: [saag] Is opportunistic unauthenticated encryption a waste of time?, Viktor Dukhovni
Indexes:  [Date] [Thread] [Top] [All Lists]