[AusNOG] Consensus from the IETF 88 Technical Plenary - Internet hardening

Mark Newton newton at atdot.dotat.org
Sat Nov 9 08:05:58 EST 2013 

On 9 Nov 2013, at 1:05 am, Dobbins, Roland <rdobbins at arbor.net> wrote:

> And of course, any governmental bureaux wanting to snoop the traffic would never get hold of those keys and certs by pwning the middlebox, or bribing an ISP employee, or doing a black-bag job and using any number of side-channels to get at the middlebox, would they?

Again, I feel like I'm being placed into the situation of having to tell the security
vendor about what security is.

If you can raise the cost to an attacker, to the point where attacks become impractical,
then you have attained a heightened state of security.

At the moment, three-letter-agencies can and do slurp up virtually everything with
impunity.  They do it because it's cheap and easy.

If we can adjust the playing field so that they have to individually tailor their attacks
to each middlebox, or bribe an ISP employee, or do a black-bag job, or use side-channels to
get at the middlebox, then that raises the cost to them.  They're all expensive activities
carrying a high risk of discovery.

Raise the cost enough, or compromise their ability to reliably operate covertly, and
they'll no longer be in a situation where, as now, they can hoover up everything on
general principles.   They'll actually need a *reason* to go after someone.

It's like the key-length argument, where you increase the number of bits in your key to
deal with the anticipated processing power of your adversary over the lifetime of your
data's importance.  Well, we currently secure much of the internet with zero-bit keys,
and we know full well that there are adversaries out there which have the resources to
unwrap the plaintext.  So it's past time to increase the key length, to raise the cost
to the adversaries.

> This isn't a serious discussion, as it seems that there isn't an appreciation of the entire problem-space.  No more replies, and this time, I really mean it.

You're right, it isn't a serious discussion -- partly because you seem to think there's
an answer to this exclusively within the realm of the polity.

Your nation's intelligence agencies are corrupt -- they're behaving lawlessly, performing
billions of warrantless searches against your countrymen every day of the week, removing
all meaningful import from the fourth amendment.

In parallel to that, though, the law that governs them gives them free reign to perform
as many warrantless searches as they like against people outside the borders of the USA,
which includes virtually everyone on this mailing list.  We're all foreigners, aka
"targets."  There is no effective limit on what US intelligence services can do against
us, up to and including kidnapping (as the CIA demonstrated with effective impunity in
Italy, among other places).

And that's to say nothing about other snooping nation states.

Your polity-driven solution will, *AT BEST*, address the first problem, that of US
intelligence agencies violating the US 4th Amendment by unlawfully searching the 
digital papers and personal effects of US citizens without a warrant.

There is no conceivable political answer to the second problem.  There is literally no
way that any government will ever impose limits on its intelligence services' capabilities
to gather _foreign_ intelligence.  And while Americans are justifiably upset at their 
government's corruption, there's essentially no conversation in the public sphere at 
the moment about how ordinary lowly everyday citizens of foreign countries are supposed
to be outraged about the US's unprecedentedly toxic behaviour.

So even if your proposal for a political solution is 100% effective, the participants
in this discussion will remain unserviced.

There is no political answer for us.  The only answers available are technical.  The 
only available protection for an Australian wishing to keep communications secret from
the Americans (or Chinese, or Brits, or...) is to make evesdropping impractical, and
that's where well designed and correctly deployed cryptographic countermeasures play
a part.

Your failure to acknowledge that undermines the seriousness of your arguments.  I'm not
sure that you understand the nature of the threat we're dealing with.  You're focusing 
on the threats your products respond to, and diminishing the importance of all the 
others.

Are DoS's bad?  Yup.  But they're not the worst.

  - mark

More information about the AusNOG mailing list