- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Sat, 16 Aug 2014 01:27:15 +0100
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>, Greg Wilkins <gregw@intalio.com>
- CC: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On 16/08/14 01:03, Poul-Henning Kamp wrote: > -------- > In message <CAH_y2NHOspsVugNZZgvD3XMZ522PzNkTRMS1dapcRDWQCL5ZsQ@mail.gmail.com> > , Greg Wilkins writes: > >> ie the overwhelming response to BCP188 should be that this is not a problem >> we can fix on our own, but we are prepared to be part of the solution. > > Agreed, but I think we should also point out that defending against > the 'pervasive' aspect is much cheaper than "real" privacy. > I've disagreed with one aspect of this offlist in some exchanges with PHK. I do not think that weak ciphers form any part of the mitigation to PM. Using such would I think inevitably leave open vulnerabilities that would allow the bad actor to continue to do PM at no significantly greater expense. For example, if a "faster weaker" cipher were to be used, that is always distinguishable (e.g. via timing), allowing the bad actor to simply record ciphertext for those packets and decrypt later on demand. PHK and I disagree a bit about the definition of PM in that respect. I conclude that BCP188 would include storing breakable ciphertext in the definition of PM. He doesn't. So I don't agree with his distinction, if "real" privacy is meant to mean strong encryption and cheaper is meant to mean something trivially breakable. And I think that leads us back to the opp-sec draft as this WG's specific response to PM. S.
Received on Saturday, 16 August 2014 00:27:47 UTC