[AusNOG] Consensus from the IETF 88 Technical Plenary - Internet hardening

Karl Auer kauer at biplane.com.au
Fri Nov 8 19:30:30 EST 2013 

On Fri, 2013-11-08 at 17:54 +1100, Mark Newton wrote:
> Note also that we typically consider "security" to be something that
> inhabits a space defined by availability, integrity and
> confidentiality.

Yes.

I'm not clear on why people think that designing encrypted/secure
versions of things is a bad thing. Many the problems we have nowadays in
deploying half-way secure stuff is that so much extra stuff has to be
tacked on, stuff that has to work around the original stuff. Shims and
wedges and hooks, oh my! Look at the hassles accompanying SSL (another
add-on), but I'm sure anyone here can name a dozen other examples off
the top of their head. Email is totally open by design and default, the
DNS ditto, and look at the effort required to even *start* to "secure"
those protocols. Small wonder that the usual solution is to run a VPN to
"encrypt everything" and pretend that the result is secure. As Google
found out - it's not.

The fact that technical solutions are not complete solutions is neither
here nor there. There are no complete solutions to anything, they always
involve political and legal components. I don't think the IETF is saying
that their technical components are complete in themselves. But ask
yourself, you VPN users, if there was ANY level of political/regulatory
protection that would satisfy you enough to send your data in clear?

About the only arguments against that I can readily bring to mind are
performance and efficiency (and maybe somewhat harder troubleshooting,
though that's really a tools issue for legitimate participants). Why
encrypt stuff you don't want to hide? It wastes CPU time and bandwidth.
The answer to that is almost certainly that there is no such thing any
more as "stuff you don't want to hide". Our trust in officialdom has
been fatally crippled - "they" look at everything, even the innocent
stuff, and they use it ALL against their own citizens. That means that
the default position has to be "hide everything". For better or worse,
that starts with the technology.

At least the criminal classes are only interested in money. Our
governments mean us far greater harm - or if our current governments do
not, they are working hard to enable it for future governments.

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A
Old fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017

More information about the AusNOG mailing list