[AusNOG] Consensus from the IETF 88 Technical Plenary - Internet hardening

jake anderson yahoo at vapourforge.com
Fri Nov 8 18:21:16 EST 2013 

I think that as always there is a need for balance.
ENCRYPT ALL THE THINGS! is going to cause problems particularly as far 
as caching and any other form of "legitimate" snooping.
I feel that as a % the volume of traffic that would benefit from 
encryption is low.
IE encrypt your VoIP call, not so much the cat videos.

Perhaps more focus needs to be put on advertising to legit snooping 
boxes the data they need to do said snooping, and if perhaps they can do 
that snooping *without* spying on the *content* then so much the better.
IE encrypt content by default, but leave the ability to declare some 
elements as plain text or with some form of unique ID that lets things 
cache and proxy perhaps even better than before. IE you could plausibly 
cache bit torrent style traffic by storing a uuid and md5 (say) for each 
block without actually knowing what was in said block.

If wiretap style snooping is your pet bugbear then encrypt the network 
link itself, not necessarily the traffic going over it. If you 
transparently encrypted all the data as it went over the wire, then 
inside your switch decrypt it, and recrypt it as it goes onto its next 
hop that would really put a spanner in their works.

That said I figure *most* of the important traffic these days would 
already be encrypted and the wiretap is mostly going to be giving meta 
information, IE who is talking to whom and how much. The decrypted info 
would I imagine mostly be coming from compromised end points (a task 
made vastly easier with meta information about your target)
On 8/11/2013 5:56 PM, David Miller wrote:
>
> On 11/7/2013 11:55 PM, Dobbins, Roland wrote:
>> On Nov 8, 2013, at 11:06 AM, David Miller <dmiller at tiggee.com> wrote:
>>
>>> Perhaps, given the current state of DDoS mitigation hardware.  Build better boxes.
>> It has nothing to do with building better boxes.  How precisely does one use flow-telemetry to detect, say, a SYN-flood inside an encrypted tunnel?
> A SYN-flood inside an encrypted tunnel?  You can't use flow-telemety to
> detect that from a node that does not participate in the encryption.
>
> You also can't listen in on a VoIP call with a butt set and alligator clips.
>
> If your argument is "Everything must be in the clear or we can't stop
> the bad guys.", then you probably won't find a lot of support for that
> position.
>
>> And flow telemetry is the only way to do that sort of thing at any kind of scale.
> The only way right now.  Arbor has a lot of smart folks.  I have faith
> in you to find a solution. :-)
>
>> And adding more boxes with more copies of keys and certs is in and of itself a vast expansion of the attack surface (most cryptosystems are actually broken via implementation miscues and side-channel attacks).
> A solvable issue - see any organization with a large base of
> infrastructure (that doesn't fall over regularly - I'm not saying that
> everyone has solved it, just that it can be solved).
>
>>> I don't buy that.
>> Whether you 'buy' it or not, it's already happening.
> Clearly they were getting some data from the endpoints, and clearly they
> weren't getting everything they wanted from the endpoints.  Thus they
> were/are groping inter-DC traffic from some organizations that we know
> were providing data (of some sort) from their endpoints.
>
> Your stated that encryption is "useless - the spooks and spies (not to
> mention the ODCs) simply bypass it all and get everything en clair from
> the endpoints themselves" and I disagree.
>
> 'data from endpoints' and 'snooping fiber' are *both* "already
> happening".  If your contention that they can get all they want from the
> endpoints were true, then they wouldn't have needed to snoop fiber (not
> snooping fiber would have been even cheaper and easier).
>
> I will also point out that we now know that the NSA (and likely other
> agencies of the same ilk) deliberately weakened some crypto.  If crypto
> were useless, then why weaken it?
>
>>>   If they could have simply bypassed it all and gotten everything from the endpoints, then why were/are they groping inter-DC traffic and longhaul fiber?
>> Because it's cheaper and easier to do mass surveillance via the network links, obviously.
> Obviously, I am all for more expensive and harder.
>
>> But, since we're talking about governments, they've nearly in
>>
>>> Now that the curtains has been pulled back, I expect to see a large amount of pushback from individuals and from those organizations that manage
>>> said "endpoints".
>> It won't matter, unless the issues are resolved at the political level.
> There is, without a doubt, a political component to a "resolution"
> (given some definition of "resolution").  However, I think that most
> people in the world are now well beyond "trusting" that there would not
> be future abuses, regardless of any political wrangling that may occur.
>
> Political solutions have a limited area of influence.  Even if the US
> passed new laws to restrict monitoring; that wouldn't affect data
> collection abuses anywhere else (Great Britain, Germany, France, China,
> Russia, North Korea, Syria, Iran, etc., etc.).  Despite Chancellor
> Merkel's faux righteous indignation, BND is monitoring fiber and IXes
> just like the NSA (reportedly under a letter that she herself signed).
>
> Suppose that all nations of the world agreed not to collect data without
> probable cause and judicial oversight, would anyone "trust" that?
> Pretty much all the nations of the world agreed a long time ago that
> torture should not happen and yet we had extraordinary rendition.
>
>>> What?  Nobody who sells products or services on the internet would want to do away with HTTPS.
>> Strawman.  I never proposed doing away with HTTP/S for things like credit card numbers, personal information, VPNs, and whatnot.
> No.  You just seem to be proposing that any other data that I might pass
> over the internet is not important and does not need to be protected in
> any manner -and- that protocols not be expanded to even give me the
> option of protecting data that I might want to keep private in flight.
>
>>>   Encryption is already available in a large number of services without yet degrading the overall security posture of
>>> the internet.
>> The vast majority of Internet traffic is unencrypted.
> Quite true, now.  The IETF consensus is, unless I missed the point, that
> encryption needs to be worked into existing protocols and
> required/strongly suggested in any new protocols.  This would lead, if I
> am understanding the direction of this, to less unencrypted traffic.
>
> I imagine this will end up more like STARTTLS in SMTP and less like
> encrypted tunnels with amorphous endpoints everywhere that could contain
> SYN-floods.  But, we will see how it develops.
>
>>> There have been throughout history, many many technical solutions to social ills.
>> I suspect we have differing definitions of 'social ills'.
> Perhaps you could provide your definition of 'social ills', so we can
> both use the same definition.
>
> -DMM
>
>> -----------------------------------------------------------------------
>> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
>>
>> 	  Luck is the residue of opportunity and design.
>>
>> 		       -- John Milton
>>
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20131108/6722b7df/attachment.html>

More information about the AusNOG mailing list