Re: Call for a Jasmine Revolution in the IETF: Privacy, Integrity,

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is one of my bigger problems with so-called end to end security.


Contrary to what Ron wrote in his paper, Alice is NOT a Turing machine. She is a person. And in the general case it is not even Alice who is the real endpoint of the transaction.

The ends of a business transaction are corporations and/or people.

And what turns out to matter in government information systems is not really the communication part of the problem at all. Its the document life-cycle.


Rather than put Bernard Manning in the Quantico brig we should put the people who let a low level clerk have access to such a vast quantity of information. We had the technology that could have prevented a low level clerk from having the ability to download and redistribute that data, it was not deployed.


End-to-end has been turned into an ideology and ideologies ALWAYS fail where security is concerned.

Unless we have the endpoints implanted in the brains of the sender and receiver we will never achieve true end-to-end security. 


On Fri, Mar 11, 2011 at 12:57 PM, Dean Willis <dean.willis@xxxxxxxxxxxxx> wrote:

On Mar 11, 2011, at 11:03 AM, Martin Rex wrote:

> Phillip Hallam-Baker wrote:
>>
>> 1) WPA/WPA2 is not an end to end protocol by any stretch of imagination.
>>   It is link layer security.
>
> It is a 100% end-to-end security protocol.
>

I'm reminded of those signs saying "Repent! The end is closer than you think!"

I think we have different ends in mind here. In the real-time community, we usually think of WPA2 as an "end to middle" security protocol, in that it doesn't protect the entire path from Alice to Bob unless both are running on the same ad-hoc wireless network.  It does protect the specific link, say from Alice to her access-point, but does nothing to keep the access point itself from mirroring the cleartext onto another port.

--
Dean



--
Website: http://hallambaker.com/

_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]