[AusNOG] Consensus from the IETF 88 Technical Plenary - Internet hardening

[David Miller]

On 11/7/2013 11:55 PM, Dobbins, Roland wrote:
> 
> On Nov 8, 2013, at 11:06 AM, David Miller <dmiller at tiggee.com> wrote:
> 
>> Perhaps, given the current state of DDoS mitigation hardware.  Build better boxes.
> 
> It has nothing to do with building better boxes.  How precisely does one use flow-telemetry to detect, say, a SYN-flood inside an encrypted tunnel?  

A SYN-flood inside an encrypted tunnel?  You can't use flow-telemety to
detect that from a node that does not participate in the encryption.

You also can't listen in on a VoIP call with a butt set and alligator clips.

If your argument is "Everything must be in the clear or we can't stop
the bad guys.", then you probably won't find a lot of support for that
position.

> And flow telemetry is the only way to do that sort of thing at any kind of scale.

The only way right now.  Arbor has a lot of smart folks.  I have faith
in you to find a solution. :-)

> And adding more boxes with more copies of keys and certs is in and of itself a vast expansion of the attack surface (most cryptosystems are actually broken via implementation miscues and side-channel attacks).

A solvable issue - see any organization with a large base of
infrastructure (that doesn't fall over regularly - I'm not saying that
everyone has solved it, just that it can be solved).

>> I don't buy that.
> 
> Whether you 'buy' it or not, it's already happening.

Clearly they were getting some data from the endpoints, and clearly they
weren't getting everything they wanted from the endpoints.  Thus they
were/are groping inter-DC traffic from some organizations that we know
were providing data (of some sort) from their endpoints.

Your stated that encryption is "useless - the spooks and spies (not to
mention the ODCs) simply bypass it all and get everything en clair from
the endpoints themselves" and I disagree.

'data from endpoints' and 'snooping fiber' are *both* "already
happening".  If your contention that they can get all they want from the
endpoints were true, then they wouldn't have needed to snoop fiber (not
snooping fiber would have been even cheaper and easier).

I will also point out that we now know that the NSA (and likely other
agencies of the same ilk) deliberately weakened some crypto.  If crypto
were useless, then why weaken it?

>>  If they could have simply bypassed it all and gotten everything from the endpoints, then why were/are they groping inter-DC traffic and longhaul fiber?
> 
> Because it's cheaper and easier to do mass surveillance via the network links, obviously.

Obviously, I am all for more expensive and harder.

> But, since we're talking about governments, they've nearly in
> 
>> Now that the curtains has been pulled back, I expect to see a large amount of pushback from individuals and from those organizations that manage
>> said "endpoints".
> 
> It won't matter, unless the issues are resolved at the political level.

There is, without a doubt, a political component to a "resolution"
(given some definition of "resolution").  However, I think that most
people in the world are now well beyond "trusting" that there would not
be future abuses, regardless of any political wrangling that may occur.

Political solutions have a limited area of influence.  Even if the US
passed new laws to restrict monitoring; that wouldn't affect data
collection abuses anywhere else (Great Britain, Germany, France, China,
Russia, North Korea, Syria, Iran, etc., etc.).  Despite Chancellor
Merkel's faux righteous indignation, BND is monitoring fiber and IXes
just like the NSA (reportedly under a letter that she herself signed).

Suppose that all nations of the world agreed not to collect data without
probable cause and judicial oversight, would anyone "trust" that?
Pretty much all the nations of the world agreed a long time ago that
torture should not happen and yet we had extraordinary rendition.

>> What?  Nobody who sells products or services on the internet would want to do away with HTTPS.
> 
> Strawman.  I never proposed doing away with HTTP/S for things like credit card numbers, personal information, VPNs, and whatnot.

No.  You just seem to be proposing that any other data that I might pass
over the internet is not important and does not need to be protected in
any manner -and- that protocols not be expanded to even give me the
option of protecting data that I might want to keep private in flight.

>>  Encryption is already available in a large number of services without yet degrading the overall security posture of
>> the internet.
> 
> The vast majority of Internet traffic is unencrypted.

Quite true, now.  The IETF consensus is, unless I missed the point, that
encryption needs to be worked into existing protocols and
required/strongly suggested in any new protocols.  This would lead, if I
am understanding the direction of this, to less unencrypted traffic.

I imagine this will end up more like STARTTLS in SMTP and less like
encrypted tunnels with amorphous endpoints everywhere that could contain
SYN-floods.  But, we will see how it develops.

>> There have been throughout history, many many technical solutions to social ills.
> 
> I suspect we have differing definitions of 'social ills'.

Perhaps you could provide your definition of 'social ills', so we can
both use the same definition.

-DMM

> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
> 
> 	  Luck is the residue of opportunity and design.
> 
> 		       -- John Milton
> 
> 
> 
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
> 



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20131108/3e23762a/attachment.sig>