On Thu, Jan 16, 2014 at 2:23 PM, Theodore Ts'o <[email protected]> wrote:
> On Thu, Jan 16, 2014 at 09:57:07AM -0500, Phillip Hallam-Baker wrote: > > End to end ideology in security is particularly harmful because there are > > some security controls that are simply not compatible with end-to-end > > approaches. You cannot protect against traffic or meta-data analysis > > end-to-end. > > That may be true, but the alternative of edge-to-edge security is even > worse. Edge-to-edge security also doesn't protect against traffic or > meta-data analysis, and upon receipt of a National Security Letter to > your IMAP provider, doesn't protect the contents of your e-mail, > either. > > So I don't see how claiming that striving for end-to-end security is > "harmful". > Arguing for end to end security at the exclusion of transport models is harmful. Looking at NSLs as the attack paradigm is unwise as we don't currently have any IETF countermeasure. Not PGP, not S/MIME, not STARTTLS. You are free to propose one but it certainly won't be an end to end security solution because the internet infrastructure that is routing packets and messages needs to know the direction to send them in. PGP and S/MIME are both unable to protect meta-data against an attacker with intercept capability. STARTTLS is unable to protect content against attack by a corrupt system administrator. To have comprehensive security we need both the End 2 End security to protect the data at rest and the transport layer security to protect the metadata in motion. -- Website: http://hallambaker.com/
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
