Privacy protection takes more than resolve (was Re: Last Call: <draft-farrell-perpass-attack-02.txt...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/11/2013 7:18 AM, Randy Bush wrote:
how many documents say if you want priavcy use ipsec.  that's been a
real winner for us, eh?
...
that we did not design the internet as a *far* more secure place is a
major embarrassment.  clean it up.


Sentiments about the history of Internet security efforts, such as the above, are prevalent. They are also quite wrong.

The presumption of statements like the above is that current Internet security problems represent the technical community's failure to attend to 'security' concerns.

The reality is that there has been an extensive range of very serious efforts over many years, including the one cited above. One can always wish for more and maybe even different efforts, but the ones that have been pursued were all reasonable and would have been useful, if they had gained widespread deployment.

Yet the only two IETF efforts to reach mass-adoption are[1]:

1) TLS, and only for server authentication and 'link' encryption. (That is, not client authentication and not end-to-end, within multi-hop applications[2]) Worse, while server authentication is useful to mitigate man-in-the-middle attacks, it has not proved very useful at improving user evaluation of server context -- that is, whether they should trust the content from the server.)

   2) DKIM, with its narrow, domain- and server-oriented authentication.

In both cases, 'mass' adoption really means within the relatively tiny community of server operators, rather than amongst the much larger end-user community.

It is counter-productive to indulge in mea culpas, like "embarrassment", about failures to do things that are beyond the state of the art. And in the case of security a mass scale, we are very clearly in a topic far beyond what the 'usable security' world knows how to solve.

That does not mean we can't make the necessary progress, but it means we are in a realm of research, not just resolve.


d/


[1] Usually when I cite the poor success rate of IETF security work, someone insists it's actually better, and they come up with exactly one additional example, which turns out to be marginally qualified at best. However none of the successful security mechanisms started in the IETF, which is a point we should consider instructive. If there is one way we really should adjust our attitudes, it is about the challenge of gaining widespread use.

[2] Protection at the transport layer is fine, but it isn't just email that is multi-hop at the application layer, needing meaningful, object-based end-to-end protection. For example, so is the Web, given caching and the like...

--
Dave Crocker
Brandenburg InternetWorking
bbiw.net




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]