Hiya, If that's approaching being computationally practical then I'd say write an I-D describing how it works and pursue it in the usual IETF style. If it works and gets adopted then I agree it could be useful.
Cheers, S. On 09/10/2013 10:41 PM, Ross Snider wrote: > Apologies in advance for the length of the proposal. There is no TL;DR. > Request for comment. > > A large issue with widespread surveillance is that we are unable to trust > even endpoints with some data, no matter the security of the container for > that data in transit between clients, as endpoints may be pressured > financially or politically into cooperation or may be compromised. Many > stakeholders have called for the effort to involve not only engineering but > some amount of legal and policy reform. > > It may at first seem unfortunate that all we have influence over are > protocol standards. More hopeless still is to realize that passing the > right policies and laws in North America won't fix our problem as agencies > and companies under the jurisdiction of the United States are not the only > players in the surveillance game, nor will they be in the > future. Furthermore there will likely be escape clauses around policies and > laws, especially where there may be international cooperation between > countries with unique mandates. > > I'd like to bring up the fact that there *are* some things we can do to > limit the damage that untrusted endpoints can do from a protocol > perspective (far above and beyond authorization/authentication). > > Secure Multiparty Communication is now, and has been, a feasible technology > - it's merely lacked a standardized protocol. I argue that its lack of > adoption so far is due to said lack of a standard. > > With SMC, parties can interact to solve problems like: > - Personalized advertisements without the advertising company getting raw > access to preferences, browsing history or target demographics. > - Search or database results without the service provider obtaining > unencrypted access to the query. > - Determine the winner of auction without revealing what price was paid (or > compute a fair price of an auction market whilst keeping financial > information of participants secure, as was done with sugar beets by the > Danish) > - Look up sex predators in an area without revealing an address. > - Transfer money from a customer to a merchant without revealing the > customer's credit card number to the merchant or the merchant's business ID > to the customer. > > That is to say with SMC there can be a finer gauged level of control over > what data gets shared with what endpoints. It is a way to engage in > cooperative computation without giving up permanent control of personal > data. > > Furthermore there are many protocols to consider that have been vetted by > academics and peer review, some of which are *unconditionally* secure so > that there is no need to worry at the possibility of cryptographic > backdoors. > > Nothing comes for free: there is communication and computation overhead > that is induced by participating in such a protocol. Thankfully the > constants and communication rates involved in modern SMC are small enough > to make many applications practical. > > We argue that now is the time to consider creating a standard for SMC, as > underlying cryptographic gadgets will only become more efficient after > standardization and because it's applications have become significantly > more important. > > Soliciting feedback. > > Best, > Ross Snider > > > > _______________________________________________ > perpass mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/perpass > _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
