On Nov 7, 2013, at 8:55 AM, Benjamin Kaduk <[email protected]> wrote: > > However, I fear that the knowledge we gain may be more limited that we would > like. In particular, I fear that NSLs or similar things will come with gag > orders so strong that the company's counsel will not be able to use knowledge > of them to alter company policy, or even that the gag will prevent the > engineer being served from contacting the company's counsel. There are > probably technical measures which could help a little, such as requiring > multiple persons to authenticate certain classes of operations, though I > suspect those are out of scope for IETF protocol work.
I don’t disagree. That’s why we need best practices for: 1) end to end application-level (TLS, DTLS, etc.) 2) IP node to IP node (IP peer level; application level like HTTPS, IPSEC transport, or opportunistic tcpcrypt and/or BTN) 3) IP domain to IP domain (VPN; IPSEC tunnel) 4) MPLS-to-MPLS (and similar sub-IP overlays) 5) physical link (fiber drivers, WPA, etc.) encryptions and authentications all at the same time. Layers in a tasty birthday cake. If you’ve been subject to US junk food adverts, think of it like Lay’s potato chips. You can’t eat just one. Another motto: No eggshells. They’re going to hit the weak spot. We want the weak spot to require a whole stack of subpoenas and a whole lot of informed consent. Compliance with the law is required; our goal is to make sure the law is also complied with by the the attackers. And we don’t think that GCHQ is going to be able to get a subpoena directly in the US, or vice versa, so the game of using foreign agents to spy on domestic assets (and trade data with each other) will get mostly shut down. Sure, "they" might pass a law that says end-user encryption is illegal. We want them to have to pass that law, and have the public discourse needed to pass such a law in a democracy. Of course, rogue states are going to do whatever they’re going to do, but we can certainly reduce how much of it they do to other states. This is not a “resistance” thing; it’s a "civil-defense" thing. If one state’s or one enterprise’s infosec is appallingly weak, other actors are going to take advantage of that weakness. If one nation’s or enterprise’s IT products have weak infosec as a matter of policy, that nation or enterprise is going to be very disadvantaged in external sales of those products. Our task is to set the bar sufficiently high without breaking the bank in the process. We must also remember that said bar is going to keep moving at the pace of Moore’s law. Adequate security in 1990 is not adequate security in 2013, and so on. — Dean _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
