-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi John, On 02/01/2014 11:18 PM, John C Klensin wrote: > Hi. > > After looking through the agenda and thinking about end to end > confidentiality mechanisms, a few questions/suggestions: > > (1) Other than a probably-appropriate level of general paranoia, do > we have any reason to believe that PGP (Symantec and/or GNUPG > versions) has been sufficiently compromised to not provide a good > defense against either pervasive surveillance or general snooping? That's two questions. IMO, neither S/MIME nor PGP provide highly effective protection against pervasive monitoring (PM). Either can be pretty good against "general snooping." In both cases the protocol crypto is, as far as we know, just fine. Both protocols (PGP and S/MIME) however were designed in a different time, when an enterprise security mode was far more often an accurate description of most Internet users' reality, so that's not that surprising. So there's no yes/no answer to your question(s) #1. > > (2) If the answer is "no, they are probably ok" or better, should > we be doing a key signing in London? That would facilitate longer > keys for those who would benefit from that and getting the > facilities more generally available to relative newcomers [1]. I'm fine to help get a room, if someone else takes on the organising. > > (3) If the answer is "yes, they have to be treated with great > suspicion", they why are there not BOFs or other sessions on the > agenda to consider whether the IETF standards should be upgraded > or, if that is not feasible, deprecated? I think the lack of BoFs is because end-to-end interpersonal messaging and how to make that resistant to PM is a significantly hard problem. And there is also the issue that there are plenty of reasons why various folks (e.g. advertisers, not just govt.) would rather that interpersonal messaging were not secured end to end, so it seems the people with significant deployment also lack motivation, to say the least. I do however think the XMPP folks are doing the right things as far as I can see. We are however having a workshop [1] before IETF-89 that will discuss this and other topics related to PM. (Sorry, its already oversubscribed, but we'll be reporting on it at the saag session.) [1] https://www.w3.org/2014/strint/ > (4) If we are going to do a key signing, would there be enough > interest in signing of CACERT X.509 keys to see if there are enough > people with the right credentials who will be in London to certify > those too (in spite of the non-presence of the CACERT root keys in > various browsers, etc.)? No idea personally. > If we are really serious about preventing monitoring, especially at > the application layer and doing so within our own community as an > example, this should be obvious. I disagree as it happens. Putting an emphasis on identification and authentication seems backwards to me. First, we ought try provide means to communicate that resist PM, (which requires confidentiality and can use some help from Mr. Data Minimisation:-) and after we have that nicely unerway, we can then see how to establish various kinds of authentication. I don't believe that starting from authentication is at all the right approach. But, I might be wrong, so happy to see people signing keys. > Indeed, it might be interesting as a first step to fix the IETF > list so it wouldn't accept unsigned messages. Wasn't that debated a few months ago. I don't think that would be at all useful for anyone. > Conversely, if it is not obvious, maybe we are not really that > serious. No. Being serious about PM does not mean wanting to start by identifying and authenticating everything in sight. I've deliberately put that in an argumentative way, but I hope it makes it clear why we really need to start from confidentiality and mechanisms like minimising the PII in our protocols. Cheers, S. > > best, john > > [1] Some people will sign PGP keys on the basis of documents (like > passports) alone, others won't. But, even if most people won't, it > has been a sufficiently long time since we've done a key-signing > at IETF that I imagine there are a number of no-longer-newcomers > around who might benefit and who are reasonably well known to > others . > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQEcBAEBAgAGBQJS7a0VAAoJEC88hzaAX42i+6MH/An544gWl1H6dvAnfMuW9/2I fLI4D3fwvVRzXXRU0ElLhfNZwjQaA+Ofu0EmshCoenmHOy845wugRUnFOB3+pedq n2g3c60zbR0VMI6GzkjViC1dj6W0Z0L2CKJrIYTzA4ve1suMjoMqDCDg7ZsoWIsn sXjx7gL9ubsyOm7TtmWHvamV/oaDrZGuqEYzxKIVZnyooEYKa1xplapPCrFpsIK2 18B/YfCRfYzKqdFxHFZQC2A3P/Iw7phbKUwOL2OoZTePZw5LjhK9HF39p+Al0neL crXRpn8WObY0OLqiV89cYHafOAZex2bfgd8jZBJfpxOceFbSjE7GizuTENl6Wmg= =RYeX -----END PGP SIGNATURE-----