On 12/11/2013 7:18 AM, Randy Bush wrote:
how many documents say if you want priavcy use ipsec. that's been a
real winner for us, eh?
...
that we did not design the internet as a *far* more secure place is a
major embarrassment. clean it up.
Sentiments about the history of Internet security efforts, such as the
above, are prevalent. They are also quite wrong.
The presumption of statements like the above is that current Internet
security problems represent the technical community's failure to attend
to 'security' concerns.
The reality is that there has been an extensive range of very serious
efforts over many years, including the one cited above. One can always
wish for more and maybe even different efforts, but the ones that have
been pursued were all reasonable and would have been useful, if they had
gained widespread deployment.
Yet the only two IETF efforts to reach mass-adoption are[1]:
1) TLS, and only for server authentication and 'link' encryption.
(That is, not client authentication and not end-to-end, within multi-hop
applications[2]) Worse, while server authentication is useful to
mitigate man-in-the-middle attacks, it has not proved very useful at
improving user evaluation of server context -- that is, whether they
should trust the content from the server.)
2) DKIM, with its narrow, domain- and server-oriented authentication.
In both cases, 'mass' adoption really means within the relatively tiny
community of server operators, rather than amongst the much larger
end-user community.
It is counter-productive to indulge in mea culpas, like "embarrassment",
about failures to do things that are beyond the state of the art. And
in the case of security a mass scale, we are very clearly in a topic far
beyond what the 'usable security' world knows how to solve.
That does not mean we can't make the necessary progress, but it means we
are in a realm of research, not just resolve.
d/
[1] Usually when I cite the poor success rate of IETF security work,
someone insists it's actually better, and they come up with exactly one
additional example, which turns out to be marginally qualified at best.
However none of the successful security mechanisms started in the IETF,
which is a point we should consider instructive. If there is one way we
really should adjust our attitudes, it is about the challenge of gaining
widespread use.
[2] Protection at the transport layer is fine, but it isn't just email
that is multi-hop at the application layer, needing meaningful,
object-based end-to-end protection. For example, so is the Web, given
caching and the like...
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net