Bruce Perens: > John, > > Of course I have sympathy for all of those who have their human rights > abridged, > and would not begrudge them the use of Tor, preferential https, or whatever > helps.
Really? Where is your sympathy exactly? I am one of those who have my human rights abridged, as is everyone on this list, I might add. It is nearly impossible for me to protect myself, even with Tor, because nearly all services and systems are insecure in the face of specific attacker capabilities. Is your sympathy simply that you begrudgingly will allow us to protect ourselves from your (and my) spy agency, the NSA? Some sympathy! > I am not sanguine that encryption is any barrier to NSA due to the ASIC > issue previously discussed, but it might well be a barrier to religious > extremist oppressors, etc. Do you understand how the TURMOIL and TURBINE programs work? The first is a passive sensor system that does DPI (Deep Packet Inspection) and the second is an active sensor system that does DPI (Deep Packet Injection). The TURMOIL system is used for protocol classification and selector based surveillance. The TURBINE system takes actions, usually packet injections for Man-on-the-Side, based on the results of TURMOIL and similar systems. For any agency to build a system like TURMOIL, they must be able to scan the traffic in real time. The time to race a TCP connection is very small and as it stands, they do not win all of the time - latency of injection provides enough variance to stop QUANTUMINSERTION related attacks. Do you have any evidence that these systems use super computer, ASIC or FGPA based decryption techniques as part of the TURMOIL or TURBINE programs? It is clear that they do decryption from captured and stored data. It is also clear that they cannot store *everything* and so traffic analysis is part of how they decide what to store and thus how they are able to record the ciphertext for later attacks. Only basic traffic analysis resistance in common protocols will start to change this balance. This is part of how we will end massive surveillance of the internet. We will not end mass surveillance by keeping the current economic balance and the current social cost that is afforded to these spies and other criminals. > > The problem with security is that however much you have is never enough, > because > there's always a new threat. And that is exactly why the United States is > pursuing a continuously increasing war in whiich surveilance and odious > security > procedures only increase. And thus IETF will also end up on a continuously > increasing war in which odious security procedures only increase, in response. > This is false. A key problem here is that you refuse to acknowledge that well known, even practically solved problems, are a threat to the users of the internet. TLS for HTTP will reduce the attack surface of every computer from third party network based threats. We can very nearly eliminate these threats entirely and we can ensure that when the threat becomes reality, we may detect it and fail in a closed manner. > The next step after encrypting every web query is locking down the browser to > the "trusted platform" and insisting on identifying certificates for all > users. > Our various corporate totalitarians are sure to want it, it already exists on > the iPhone and other DRM platforms, and will only get tighter. > This is a red herring and is also false. > So, this ends with the death of the open web. > The NSA has killed the open web as we know it. The Chinese "Great" firewall has killed the open web that most of China *never* knew anyway. > At some point, we have to draw a line and say this is enough, it doesn't > really > protect us, it protects someone else at our expense. > The question I ask myself, Bruce, is if at some point, you're working to the benefit of someone else? You certainly don't seem to care about the common good in the face of real threats because of your privilege as a US citizen and your general arrogance rooted in other privileges. > Where do you propose to do that? Right after _this_ change? And when the next > proposal is to draw the line right after the _next_ change, and so on ad > infinitum? > Attacks generally improve over time. We must iterate on protocols that have serious flaws and ensure that we defend against attackers. > So, I don't want to be forced onto this next security upgrade. I want to be > able > to intelligently decide whether I need it and when, and to control whether I > use > it, and when to dispense with it when it's being used for things that areck > not in > my interest. > You're apparently not doing that now, why will you do that later? You're not being forced to do anything, are you? You could use HTTP 1.1 forever, right? Oh right, sometimes choice is removed! How does it feel to be like the rest of the world for just one moment? Sincerely, Jacob _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
