Forgot your password?
typodupeerror
Encryption Privacy The Internet

IETF Floats Draft PRISM-Proof Security Considerations 75

Posted by timothy
from the there-should-be-an-spf-rating-for-such-things dept.
hypnosec writes "PRISM-Proof Security Considerations, a draft proposal to make it harder for governments to implement and carry out surveillance activities like PRISM, has been floated by the Internet Engineering Task Force (IETF). The draft highlights security concerns as a result of government sponsored PRISM-like projects and the security controls that may be put into place to mitigate the risks of interception capabilities. Authored by Phillip Hallam-Baker of the Comodo Group the draft is however very sparse on details on how the Internet can be PRISM-proofed."
This discussion has been archived. No new comments can be posted.

IETF Floats Draft PRISM-Proof Security Considerations

Comments Filter:
  • Not an IETF Draft (Score:5, Informative)

    by petithug (133086) * on Thursday September 12, 2013 @05:53PM (#44835055)

    An IETF draft starts with "draft-ietf-". This is merely a proposal by a member of the IETF to discuss this subject.

    • The summary doesn't say it is a draft standard, it specifically says: "a draft proposal". This means that he is proposing that they create a draft standard.
      • What I mean is that "floating by the IETF..." is misleading. Anybody can submit an I-D for standard track. Few are adopted by the IETF.

        • by mellon (7048)

          Drafts aren't draft standards. They are drafts of documents that might someday become standards. Drafts that start with draft-ietf are drafts that have the consensus of some IETF working group to work on them, and are therefore somewhat closer to becoming standards. But they still aren't standards, and many of them die on the vine.

          What PHB's document is is an individual submission. It's not got any kind of consensus yet. Not shocking, since the first version was published this morning. It's poss

          • by Zeinfeld (263942) on Thursday September 12, 2013 @09:51PM (#44836681) Homepage

            It is not even meant to be a proposal.

            The point of the document is that I took all the points that had been made five or more times already and put them into one document so that we can move the discussion on to the next stage. Otherwise every time we get a new person joining the group we have to go through the same thing all over. And the third or fourth time round it becomes 'we already know that', 'NOO you are trying to censor me, NSA plant!'.

            It isn't meant to become an IETF draft, they would make me take out all the fun parts. Like pointing out the abject incompetence of an organization that lets a 29 year old contractor with a pole dancer for a girl friend have access to that material six months after joining. Why do Alexander and Clapper still have jobs? And spying on US citizens and then trading the raw SIGINT with foreign powers that are certain to share it with my commercial competitors? What were these idiots thinking?

            There is work going on in IETF and in fact we started before his Bruce-ship made his call to arms. I doubt the PRISM-PROOF branding will stick. But it is powerful mind share as this story proves. We have botched deployment of almost all the security protocols developed in IETF except for TLS and that succeeded before it went in. This is a chance to hit the reset button and fix the mindbogglingly stupid deployment gaps. Like having no standard way to discover recipient keys and having two different message formats (OpenPGP and S/MIME) forcing people to choose between two key endorsement schemes rather than allow them to pick the one suited to their needs.

            Yes, I do think there was interference in the past efforts but I suspect it was subtler than most imagine and not coming from the NIST folk. Rather, I think the interference came from folk who would encourage both sides in technical disputes to dig in and refuse to compromise, folk who participate with no visible means of financial support and seem to have limitless time to write drafts but are not very technical.

        • Re: (Score:2, Informative)

          by Anonymous Coward

          [Can't log in due to another slashfail, I wrote the draft]

          Yeah, I did rather wonder about that when I got sent the Register article. They didn't even ask me for comment before publishing or I would have told them.

          This is merely a summary I wrote of the traffic on a private list that we have been discussing PRISM on. It is not even all my work. And the main point is simply to set a baseline for the three drafts to follow so that we can avoid prolonged discussion of purported PRISM capabilities.

          The next draft

  • by VortexCortex (1117377) <VortexCortex AT ... trograde DOT com> on Thursday September 12, 2013 @05:57PM (#44835079)

    Mandatory end to end security was in IPv6. The Feds didn't like that, so guess what? It got removed.

    If you ask me, it's time to shit-can the IETF too.

    • by steelfood (895457)

      At this point, does it even matter? IPv6 is taking forever to adopt. By the time any new PRISM-proof standard gains any amount of traction, the NSA would have developed a new system to work around it. And that's assuming that the NSA hasn't sabotaged its efforts either by directly convincing the standard-writers to put in back doors, or indirectly by convincing companies not to adopt secure portions of the standards.

      Communication has been, and always will be about trust. Without trust, no communication can

      • by rtb61 (674572)

        Well, right now the US Administration has a choice, either get the NSA back under control or face the global exclusion of US software, hardware and computer services and US companies are fully entitled to send the bill for losses straight to the NSA. If fact they should start the court cases for damages right now.

    • Hindsight is 20/20. If they did that today then I would agree with you, however I'm assuming that happened prior to the Snowden Enlightenment, in which case you are criticizing them for not knowing what you didn't know either at the time.
    • Aren't you still trusting certs to a third party with DNSSEC? Hasn't the NSA already subverted that model of trust?

      And doesn't this only protect resolution confidentiality and integrity? What about actual http requests?
      • by mellon (7048)

        You can publish your PKI cert in DNSSEC. This forces an attacker not only to get a CA to sign their fake cert, but also to subvert the DNSSEC hierarchy. The cert protects the integrity and confidentiality of the communication. So in fact DNSSEC can play a role in that, and result in a system that's harder to subvert.

        Furthermore, the NSA hasn't entirely subverted that model of trust. It is not _as_ trustworthy as people thought, but systematically snooping on https traffic with faked certs is still s

        • Good information, thanks for the reply. Unfortunately, I think it's far easier than faking certs. A national sec letter delivered to a CA seems to render the entire hierarchy useless. Am I wrong here?
      • by slick7 (1703596)

        Aren't you still trusting certs to a third party with DNSSEC? Hasn't the NSA already subverted that model of trust? And doesn't this only protect resolution confidentiality and integrity? What about actual http requests?

        Here's the circle of trust and you're not in it.

    • by Burz (138833)

      Only encrypted onion routing such as this [geti2p.net] can provide end-to-end security that does not leave reams of metadata (all of the who / when / where details of our communications) on the NSA's front porch every morning. No carrier can tell you what your addressing or NAT scheme can be, nor interfere with packet delivery in any fashion other than all-on-or-all-off. You even get to decide the number-of-hops vs speed tradeoff for different applications, and your address doubles as the cryptographic key that affirms

  • by Zero__Kelvin (151819) on Thursday September 12, 2013 @06:17PM (#44835243) Homepage

    "PRISM is reputed to be a classified US government that involves covert interception of a substantial proportion of global Internet traffic."

    He repeats this line at least twice, which I am assuming is a result of copy and paste. Unless he is saying that PRISM is a second government, I guess my first suggestion would be to add the word "program" in there somewhere ;-)

  • the draft is however very sparse on details

    Don't worry the NSA and GCHQ will help fill in those details.

    • by slick7 (1703596)

      the draft is however very sparse on details

      Don't worry the NSA and GCHQ will help fill in those details.

      And you still won't have a clue what they are.

  • Corrections (Score:5, Informative)

    by WaffleMonster (969671) on Thursday September 12, 2013 @06:40PM (#44835407)

    Anyone can submit an I-D for anything. With few exceptions they are uploaded automatically with no human review, zero buy-in, endorsement, weight..etc by anyone. This ID has not even been adopted by a particular WG.

    Then theres question of what is it this draft proposes reads more like a hapazard list of one mans problems.

    To be clear I'm not attacking the I-D I'm attacking the warped characterization of it by people who should know better.

  • Is this guy kosher?

  • This is an individual submission, not an IETF working group draft, and does not appear to either be proposed for an IETF wg draft or to be in the RFC Editor's queue [rfc-editor.org]. In short, it has nothing to do with the IETF.

  • We need this. Without a way to make sure the NSA isn't invading our privacy, we need to take matters into our own hands. Laws won't do the job. My God, the NSA's philosophy is "We're hunting terrorists. We don't need no stinking 4th Amendment." Unfortunately, I doubt that encryption will keep NSA out entirely, but it will make it harder for them to pick us out of the crowd. Decrypting still takes extra time & effort and that little bit of hassle may be enough to keep their noses out of your business.

Passwords are implemented as a result of insecurity.

Working...