I would like to keep discussion of NSA capabilities out of the BOF as well.
For the sake of having a focused and effective discussion I think we should just stipulate the list of possible compromises and focus on what we can do to address them. Speculation as to the nature of the NSA capabilities is probably best done in the bars and on mailing lists. What we discovered over the weekend should cause a lot of the assumptions as to how PRISM works to be reviewed. When we first heard of PRISM it was assumed that the data was being voluntarily disclosed by Google etc. It now appears that it is plaintext traffic on the Internet trunks that is being intercepted. While it is true that the NSA probably can't do the intercepts without any help, we can't build an Internet without intermediaries either. The question at issue should be not whether an intermediary can default but whether that default could be detected. Ben Laurie's Certificate Transparency demonstrates a way to keep one set of intermediaries under constant observation making default unlikely to succeed unobserved. We need to start looking for equivalent schemes for all the intermediaries we are forced to trust. These include: 1) Generation of ECC Curves 2) Cryptographic Hardware, in particular SSL accelerators 2a) Kleptography as described by Motti Young to encode random seeds in the modulus 2b) Disclosing private key through TLS covert channel 3) CAs 4) Standards organizations On (4) the folk who I am suspicious of are not so much the direct participants but the folk who I have never met that pop up and send me private emails telling me that they agree wholeheartedly on some proposal I am making and I should resist attempts to make some change.
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
