It's not just encryption that is indistinguishable from noise - perfect compression can be, too. We can drive up monitoring costs in the clear by just encouraging deployment of IPComp and stream and payload compression. With a really expensive-to-decode and effective compression algorithm. At that point, distinguishing cleartext from the encrypted traffic becomes much harder, as does determining targets to attack. And since compression is entirely in the clear, it's not subject to munitions embargoes, being prohibited, etc. It's just more work to handle for an attacker, which is rather the point. Of course, once you have widespread compression deployed, adding encryption in is not that hard, no? All you need to do is encrypt the compression dictionary, not the entire content. Kolmogorov complexity, here we come. (As an aside, I've long suspected that it should be possible to make a more efficient yet completely compatible file gzip with multi-pass building of the most suitable dictionary before outputting the file. One-pass streaming, even with -9 block size, is ultimately limiting...) Lloyd Wood http://sat-net.com/L.Wood/ ________________________________________ From: ietf [ietf-bounces@xxxxxxxx] On Behalf Of John C Klensin [john-ietf@xxxxxxx] Sent: 11 December 2013 20:53 To: Brian E Carpenter; ietf@xxxxxxxx Subject: Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice Responding to the most tempting target even though it is several days old... --On Saturday, December 07, 2013 10:01 +1300 Brian E Carpenter <brian.e.carpenter@xxxxxxxxx> wrote: >... > ...this is a social, economic and political issue outside the > IETF's scope. Our ethical obligation as engineers is clear to > me: make the Internet as secure as possible, from all security > points of view including privacy. Actually the recent > revelations don't change a thing except that they have brought > a well understood attack model into public view and underlined > that we need to defend against it. While I favor the principle, I'm not so sure about the ethical obligation, especially from the perspective of my background in political communications and their effects. Consider the following scenario: (1) We conclude that access to the free flow of information, including across national boundaries, and access to the Internet as a medium for such flows, are desirable. Note that this is implicit in frequently-repeated statements such as "The Internet is for Everyone". (2) Some government concludes that, as a matter of national security (its definition), it should declare the use of encryption illegal [1] and block all Internet traffic and connections that involve pervasive encryption. Now, keeping in mind the conclusion in the first statement, the very long history of transmission and sharing of coded information in apparently clear-text messages, and that application of the second statement would essentially disconnect the population of that country from the Internet if encryption were pervasive, are you sure that: (i) Trying to insist on pervasive encryption is an ethical obligation? (ii) That population, including but not limited to whatever subset of it wants to openly discuss or change the behavior of the relevant government, is better served by pervasive encryption (and hence being cut off from the Internet) than being left connected and with alternatives that have historically included encoding information into seemingly-innocuous message flows? I want to stress that I'm not arguing for or against pervasive encryption here. I'm also a long term advocate of encouraging countries who want to disconnect to do so, especially when their doing that would have obvious and severe negative economic or political consequences. I just think we should be careful about starting to base our reasoning and conclusions on perceived ethical imperatives, especially without sorting through the possible scenarios consequent of such conclusions. I also want to suggest a thought experiment as an exercise before I go back to lurking. One of the more frequent arguments for pervasive encryption of traffic passing over the Internet is to drive up the costs of those who would engage in pervasive surveillance by forcing them to decrypt everything. Suppose instead that everyone adopted the practice of including either encrypted message components or seemingly-random blocks of text or strings or seemingly-random words in every message, web pages, or other protocol transaction while leaving other portions of those messages, etc., in the clear, taking advantage of the observation that a really well-encrypted message is, with the exception of header or envelope information, superficially indistinguishable from noise. That would make it harder to block traffic simply because it was encrypted but would still require the surveillance agency to attempt to decrypt those blocks of text (many of which could not be decrypted even with unlimited resources because they contained no information) to determine whether they carried messages of interest. Of course the use of that approach would not prevent the use of strong encryption, just as today, if someone thought it necessary. With the understanding that these questions are part of that thought experiment but otherwise purely rhetorical, -- Would we be more or less secure as a result of that sort of practice? -- Would the Internet be accessible to more or fewer people with that approach than with pervasive encryption? -- Especially noting that some code-breaking techniques become easier with larger bodies of crypto-text and that content-free noise that is superficially indistinguishable from encrypted text may be worst nightmare for some other techniques, how would that approach compare to pervasive encryption from the standpoint of costs to the would-be surveillance agency? --john X416q9zYedFlZIMPw/6jL+tfT+omtap3A9xg1s8aXxI6IfaQ6zcwLGDW/iuKMDXa PKQ2eekXgg7m5pJ6tCpCD8lvH26rnS3R0NYdPyCivwB6l/dIHd9jUfPkOEnzx5rB /V95CLCVopT/z2CRLR9g3+wI3BBSaG5jwR6xTvAJ5mpGMyVNFFuRx5xtL5QgYFYF cXDQggDq7OR2NGN8U9kUrUqzkpCpWLVezMYk9oiiUEH+EXw4YBMZj1vX7JotkV43 lK1oBQMf4cFyEPqix0bAx6HoHFOpMHXSNzShzssLNDGlF8v8GsaExngqvQcuGzO1 OUJddtJK9A3p+up6S7EFiqNb6a3/wVZdzF7xlszJXF3fXc09JzUNuvuzJr/klRGJ oVa0c90ga553i2yxzqAKOilAeV192j7O6GXQMzI3IFTGUyB92nh3wR7xB+A9esLG efDXBvci3pQLSkIRKTiP4C/zL1pgcCU631hyaNcfAZYK0ch59EbeZbPtj+IUCgCT pN20WVuoVjXQ8K9j7KEgFgJpFeKH7AC7cm4WSwGnlxywEkoNhNs80aSkcTN2jjJ/ ROuozyFKPfhMuExii84WLM+BfSBTTWESK+w2xBfpX5KVsD6ybenNgjaCxVJE90n6 Y7QTAeqihkogo53dPBl6D+L7JIlh+nVkIGh4bkImTKwjUAdtOYM7hDiaj+eUfJIw 5eYjDlWup53uGdcSGg5WsaT5uUQhHbg/l8GgKNniMFaYdG2TLUSK2ZbJ6FfBTZIB 1wsrNBw7NAliBzjxyvZZ1KMA0ZZyPzM32FdtNlb/DpZxr5WoZWNmeij2F0tZ5evL 4YMsKtw8PWp6lGfuzIVFqL2zZJKASzEMUpjBGhCD658NuHFNNX94Mc6e5wes+DHy biXkzAxj+2zzGxMfNa1DRrRW8ENzjTuaPQCeOdD9je3sAXRl4gqaCBkMczx3CYWt :-) [1] There is lots of precedent for conclusions of that type, including among governments usually considered friendly to individual freedom. > > We don't solve (e.g.) consumer protection issues by allowing > the Internet to trivially breach privacy. > > Brian