On Mar 14, 2011, at 5:17 AM, Iljitsch van Beijnum wrote: > > Privacy and obscurity are tools that cut both ways. It can protect legitimate communications from evil regimes, but it can also shield illegal behavior from the law, or privacy violations commited by applications, or services running in a browser from the user. Shielding illegal activity from the law is a prime use case. if we consider that political discourse is an illegal activity under conditions that some authoritarians, supported by violence, call "the law". As for a trojan service running on your computer being shielded: Nobody suggested that the applications API-calls to your transport layer have to be encrypted. I personally believe you should have full access to your own computer's innards. And I suspect that a great many trojans also communicate privately today, even though we're still putting our user's data out on public display. > > It also makes debugging orders of magnitude harder, uses more overhead and engergy and slows down the communication. (Especially in mobile networks where one end is on battery power and the extra round trips required to negotiate encryption and authentication are typically slow.) True, things have consequences. Someone on this thread emailed me a quote from Benjamin Franklin: "They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." Much can also be said about those who give up essential liberty in order to obtain a bit of convenience or a marginal increase in battery power. Your argument is something akin to requiring people to not lock the doors on their homes, because not having the doors locked might make it easy for emergency services personnel to respond to a reported break-in. As for overhead, someone else was kind enough to send me a link to tcpcrypt, which seems to offer a lighter-weight solution than TLS: http://tools.ietf.org/html/draft-bittau-tcp-crypt-00 As I've said earlier in this thread: if our security tools are too heavy to use, we need to consider the possibility that we need new tools. > As such, it would be a very big mistake to start encrypting ALL communication. Whether the applying these mechanisms is sufficiently beneficial to be worth the numerous downsides should be evaluated on a case-by-case basis. It's not the IETF's job to force vendors and users to do something that they would otherwise choose not to do. True, there are certain communications that are truly "broadcast in nature" and would be disserviced by requiring them to be encrypted. Many of them, however, would do well to be integrity-protected. Consider the harm that a rogue DHCP server can produce. It IS the IETF's job to decide whether IETF protocols will be published with built-in back doors, especially when we know that by default said back doors will be generally left standing wide open and that most developers (and consequently users) will never bother to even try the more-secured "front door" and see if it works for them. If we don't want security holes, we shouldn't build them into our protocols! > You're trying to attack the problem from the wrong side, anyway: you assume using the large infrastractures that are easy to control by states and then try to add a layer of protection. It would be better to work around these infrastructures completely. Why is it that when I email my colleague two meters away, within easy wireless range, that the message goes through the servers of Google somewhere (not even sure in which country those are)? That's also a very good question, and I'm aware and supportive of efforts to make a fundamental change here. One thing that was brought to my attention during this conversation is "Mondonet": http://www.mondonet.org Self-organizing models have tremendous potential. Consider how important something like this could be for rescue efforts currently underway in Japan. Imagine how much better the communications could be if every cell phone switched over into a self-organizing ad-hoc mode and relayed messages peer-to-peer both between phones and back to whatever fixed infrastructure survives. But that simple fact of the matter is that TODAY we have this large infrastructure called "The Internet" and that TODAY it is easily controlled by states and intercepted by criminals , and that TODAY people are using it to organize against abusive states and to carry out their private lives (financial or otherwise), and that TODAY people are being robbed, killed or otherwise suppressed because our infrastructure leaks private data all over the place. So, what are we going to do about today's networks for tomorrow, not for the next millennium? -- Dean _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf