On Dec 7, 2013, at 4:09 PM, Bruce Perens <[email protected]> wrote: > Well, we do have some HTTP uses where encryption that hides the content won't > be allowed, and thus authentication is important. > > We can't have encryption when we use HTTP over Amateur Radio in the US and > many other countries. There is self-policing on ham frequencies that requires > that people be able to copy other people's transmissions, and encryption > defeats that. Obviously we don't put confidential data on those frequencies, > that belongs on your cell phone. So, an authentication-only WiFi protocol is > needed for Amateur Radio, and possibly an authentication-only version of TLS.
NO!!!! The reason is downgrade attacks. A huge problem with the IPSec standard is that NULL encryption was allowed in there, and also known weak modes (single DES, 720b D/H etc). Its one of the primary reasons why John Gilmore and therefore others feel the IPSec process was sabotaged by the NSA. To explicitly support downgraded, athuentication w/o encryption is STUPID! it is DANGEROUS! About the only thing that is not a horrid idea is to have the key exchange generate a separate MAC and encryption key, using an encrypt then MAC structure. Yet that loses out on the benefit of authenticated encryption modes that build the MAC into the communication. So face it Bruce, your only option should be to have the client leak the session keys keys, and thereby explicitly say "NO SECURITY ON THIS CONNECTION, HAVE A NICE DAY". And yes, this means the French can pwn you. Sorry, use a network that allows encryption. Or have your session key leaker in UDP, and only 2-3 hops on the TTL, so only locals can pwn you. [1] Anything more built into the protocol to support unencrypted communication represents a sabotage attempt on the rest of the Internet. [1] I'm just waiting for the Botnet that uses open-WiFi to pwn the fellow computers in the local starbucks. Its an old idea, but a good one... -- Nicholas Weaver it is a tale, told by an idiot, [email protected] full of sound and fury, 510-666-2903 .signifying nothing PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
