On Mon, Jan 6, 2014 at 6:24 PM, Richard Barnes <[email protected]> wrote: > Dear PERPASS, > > Stephen asked me to take a stab at a problem statement for PERPASS. With > some help from Bruce, Cullen, and Ted, the results have just been published > as draft-barnes-pervasive-problem-00. > > In general, this draft tries to outline at a technical level what we mean by > pervasive attack, and what the high level mitigations are. > > Comments welcome!
Minor quibble: Intermediate nodes can also be active attackers, e.g. an ISP could insert fake email for its customers. At a higher level this draft feels overly removed from the real problem: users assumptions about what is public on the Internet have frequently been violated, even when technical measures to address these issues exist. This gets mentioned in passing, but should be front and centre. The NSA is not the only organisation doing this: Saudi Arabia, the UK, China, Ethiopia, France all have major monitoring systems in place that can only work because of how weak the core protocols of the internet are against manipulation. (And let's not forget the Pakistani ISP that accidentally knocked Youtube offline) Also, BGP tricks mean that anyone can be local. The point should be very simple: no more cleartext, authenticate everything, limit authority, and produce an audit trail for when things go wrong. Now let's see if we can do more about it than the CRYPTO '13 rump session accomplished.[1] Sincerely, Watson Ladd [1] For those who are unfamiliar: http://www.youtube.com/watch?v=cVUIk6nXVcw is the best statement of the issue and the solution. > > Thanks, > --Richard > > > > ---------- Forwarded message ---------- > From: <[email protected]> > Date: Mon, Jan 6, 2014 at 9:17 PM > Subject: New Version Notification for draft-barnes-pervasive-problem-00.txt > To: Cullen Jennings <[email protected]>, Ted Hardie <[email protected]>, > Bruce Schneier <[email protected]>, Richard Barnes <[email protected]> > > > > A new version of I-D, draft-barnes-pervasive-problem-00.txt > has been successfully submitted by Richard Barnes and posted to the > IETF repository. > > Name: draft-barnes-pervasive-problem > Revision: 00 > Title: Pervasive Attack: A Threat Model and Problem Statement > Document date: 2014-01-06 > Group: Individual Submission > Pages: 23 > URL: > http://www.ietf.org/internet-drafts/draft-barnes-pervasive-problem-00.txt > Status: > https://datatracker.ietf.org/doc/draft-barnes-pervasive-problem/ > Htmlized: http://tools.ietf.org/html/draft-barnes-pervasive-problem-00 > > > Abstract: > Documents published in 2013 have revealed several classes of > "pervasive" attack on Internet communications. In this document, we > review the main attacks that have been published, and develop a > threat model that describes these pervasive attacks. Based on this > threat model, we discuss the techniques that can be employed in > Internet protocol design to increase the protocols robustness to > pervasive attacks. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > > > _______________________________________________ > perpass mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/perpass > -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
