-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 12/08/2013 03:55 PM, Nicholas Weaver wrote: > > On Dec 7, 2013, at 4:09 PM, Bruce Perens <[email protected]> wrote: >> Well, we do have some HTTP uses where encryption that hides the >> content won't be allowed, and thus authentication is important. >> >> We can't have encryption when we use HTTP over Amateur Radio in >> the US and many other countries. There is self-policing on ham >> frequencies that requires that people be able to copy other >> people's transmissions, and encryption defeats that. Obviously >> we don't put confidential data on those frequencies, that belongs >> on your cell phone. So, an authentication-only WiFi protocol is >> needed for Amateur Radio, and possibly an authentication-only >> version of TLS. > > NO!!!! > > The reason is downgrade attacks. A huge problem with the IPSec > standard is that NULL encryption was allowed in there, and also > known weak modes (single DES, 720b D/H etc). Its one of the > primary reasons why John Gilmore and therefore others feel the > IPSec process was sabotaged by the NSA. Really? That makes no sense to me. I've never heard any report of a use of IPsec that "accidentally" used a NULL or weak cipher. Have you? And Jeff Schiller I think convincingly repudiated claims that either the development process for IPsec or the output were saobtaged in any such way. I wasn't much involved myself but my impression was that we (the IETF security community) shot ourselves in the foot a bit via complexity and various refusals to prioritise progress and deployment over purity. We need to carefully balance security and pragmatism here IMO if our goal is to make for a more secure and privacy friendly Internet. I also think that throwing "sabotage" into the mix damages that discussion so should be avoided. S. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQEcBAEBAgAGBQJSpNtuAAoJEC88hzaAX42iZbIH/iT8GFrHPhn/+4fUq4Z1+fIb zZyMhypk0bV4LJaSRXvke2ExU0q8NuMp1OTqhw1baxGPpTR5WK6Xj0H6Dm5iRNKK 61ONTbeTnPwp8AW1CaRzT+3kX82D+vy1guz7pEP0iE4EQIKRtsFsIo/JaUtDIv1k +xvHdyjnUFcSPQQqh4T969IpB0WpGT1Iw9RNGjqrEws9CqakMyVw8k2BiT7GtQOt X71Z9DWdjZkohEEDvzZGj9m0NyeZz//r1qNDgKTWCPM6YLtHxhjyzyI7Qv38Lcyo SV/5+OOSbjpenQp8rStTFvfZVeFzXYe5vr5l+vZJARfJLUv+d3HdVK/jYT0U2gU= =m8H+ -----END PGP SIGNATURE----- _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
