[AusNOG] Consensus from the IETF 88 Technical Plenary - Internet hardening

David Miller dmiller at tiggee.com
Fri Nov 8 15:06:57 EST 2013



On 11/7/2013 10:20 PM, Dobbins, Roland wrote:
> 
> On Nov 8, 2013, at 10:11 AM, Mark Newton <newton at atdot.dotat.org> wrote:
> 
>> I can't say I'm disappointed in this resolution. Should have happened a long time ago.
> 
> The problem with overencryption of this magnitude is that besides the additional overhead, it makes dealing with DDoS attacks and other security issues considerably more difficult in terms of detection, classification, traceback, and mitigation, not to mention broadening the attack surface and providing a non-insignficant impact amplification, due to crypto overhead.  

Perhaps, given the current state of DDoS mitigation hardware.  Build
better boxes.

One persons "overencryption" is another persons "proper encryption".

> On top of that, it's useless - the spooks and spies (not to mention the ODCs) simply bypass it all and get everything en clair from the endpoints themselves.

I don't buy that.  If they could have simply bypassed it all and gotten
everything from the endpoints, then why were/are they groping inter-DC
traffic and longhaul fiber?

Also, many things were possible back in the "good old days" when it was
suspected, but still still secret (or at least unsubstantiated).  Now
that the curtains has been pulled back, I expect to see a large amount
of pushback from individuals and from those organizations that manage
said "endpoints".

"Sunlight is the best disinfectant." - Louis Brandeis

> This is a bad move; a gross over-reaction that, if implemented (which I doubt it will be), will degrade the overall security posture of the Internet to a significant degree.

What?  Nobody who sells products or services on the internet would want
to do away with HTTPS.  Encryption is already available in a large
number of services without yet degrading the overall security posture of
the internet.

> There are no technical solutions to social ills.  If this comes to pass, we will all regret it.

There have been throughout history, many many technical solutions to
social ills.

> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
> 
> 	  Luck is the residue of opportunity and design.
> 
> 		       -- John Milton
> 
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
> 

-- 
-______________________
David Miller
dmiller at tiggee.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20131107/55bef1ae/attachment.sig>


More information about the AusNOG mailing list