
PRISM-Proof Security Considerations - onosendai
http://www.ietf.org/id/draft-hallambaker-prismproof-req-00.txt
======
milesf
Fitting that it was published on September 11th, 2013.

A dozen years after the attacks on the World Trade Centers, it's clear that
the terrorists won. The USA cannot be called the "land of the free, home of
the brave" anymore. Terrorists know that their tactics work very well, and has
made the US vulnerable to even more attacks because of cowardice.

Imagine if the US government had decided _not_ to be terrorized, like the
Norwegians did for the 2011 Oslo attacks:

\---

    
    
      And at the political level, the Prime Minister Jens Stoltenberg pledged
      to do everything to ensure the country's core values were not undermined.
    
      "The Norwegian response to violence is more democracy, more openness and 
      greater political participation," he said.
    
      A year later it seems the prime minister has kept his word.
    
      There have been no changes to the law to increase the powers of the police
      and security services, terrorism legislation remains the same and there
      have been no special provisions made for the trial of suspected terrorists.
    
      On the streets of Oslo, CCTV cameras are still a comparatively
      rare sight and the police can only carry weapons after getting special
      permission.
    
      Even the gate leading to the parliament building in the heart of Oslo
      remains open and unguarded.
    
      "It is still easy to get access to parliament and we hope it will stay 
      that way, " said Lise Christoffersen, a Labour party MP.
    
      She is convinced people do not want laws passed which would curtail
      their basic rights and impinge on their privacy despite the relative
      ease with which Breivik was able to plan and carry out his attacks.
    

\---

There is a way back to the way the US used to be, but the answer is not
something most people will even consider or listen to.

~~~
tptacek
This is a comment that could be attached to any NSA related story on the site.
It betrays no evidence whatsoever of being informed by the story it's attached
to.

------
tptacek
I don't understand what point of this I-D is. It's a sort of white paper
survey of random Internet surveillance concepts by the CTO of a SSL CA. It
doesn't make internal sense; in one instance, "kleptography" means using as
many as 1000 of the bits of an RSA modulus to sneak hidden messages out, and
in another it means constructing weak ECC curves. Amusingly, the two sentences
in the whole draft about CAs _downplay_ the notion of CA complicity in
surveillance. CA's are, of course, one of the biggest Internet privacy weak
points.

~~~
javajosh
Okay Thomas, what _is_ the NSA attack tree for doing things like stealing the
private key(s) off of my machine or doing meta-data analysis on me? I bet a
lot of people would like to see this analysis from you!

~~~
tptacek
I'm not sure what this has to do with my comment.

~~~
javajosh
You keep poo-pooing internet commentators that are trying to identify and
mitigate the threat posed by the NSA - you did it in this thread, and you did
it in another HN thread [1], the article where some kid wants to generate
private keys in a secure way.

But what you're not doing is giving your own alternative analysis. What is the
threat posed by the NSA and what are the attacks that we should think
seriously about, and what are the threats we can safely ignore? What can we do
about the former?

[1]
[https://news.ycombinator.com/item?id=6385866](https://news.ycombinator.com/item?id=6385866)

~~~
tptacek
That's not what I'm doing here at all.

~~~
stephengillie
That's the effect are having!

Kleptography is pretty well defined in the first sentence of its section:
_Kleptography is persuading the party to be intercepted to use a form of
cryptography that the attacker knows they can break._ So yes, in some
instances it's encouraging the cracked RSA standard, and in others, it means
encouraging "weak ECC curves".

You're a highly-regarded member of this site and a very vocal security expert,
yet lately you've started dodging security questions you used to freely
answer, and you post odd comments that tend to derail security threads. At one
time, you regularly had the top comment with a highly insightful technical
explanation of how a security concept works. What happened?

~~~
tptacek
That's not happening either. Are you alarmed by how easily you can be
manipulated into sniping at people? Have you ever once on this site been
sniped at by me? Are you comfortable with the kind of comment you just wrote?
Are conversations like these why you read HN?

~~~
stephengillie
Way to avoid the question!

------
sdfjkl
> Phillip Hallam-Baker, Comodo Group Inc.

That would be this Comodo Group:
[http://en.wikipedia.org/wiki/Comodo_Group#2011_breach_incide...](http://en.wikipedia.org/wiki/Comodo_Group#2011_breach_incident)

------
educating
Some comments from:
[http://www.theregister.co.uk/2013/09/12/ietf_floats_prismpro...](http://www.theregister.co.uk/2013/09/12/ietf_floats_prismproof_plan_for_harder_internet/)

'The proposal has just one author - Phillip Hallam-Baker of the Comodo Group –
which makes it a little unusual as most IETF proposals are the work of several
folks in pursuit of a common goal.'

'Sadly the paper is a little light on for actual ideas about how the internet
can be PRISM-proofed, offering “a security policy infrastructure and the audit
and transparency capabilities to support it” as one item that should be on any
hardening effort's to-do list. More use of cryptography is also proposed, so
that “two layers of public key exchange using the credentials of the parties
to negotiate a temporary key which is in turn used to derive the symmetric
session key used for communications”. That regime should, Hallam-Baker
suggests, make it harder to snoop on everyday traffic.'

Heavily emphasis on the _should_ on that last sentence.

------
csears
Anyone notice "Writing I-Ds using HTML" was in the header of each page? I
assume the author reused something from his other RFC by that name [1] and
forgot to update the page header.

[1]: [http://tools.ietf.org/html/draft-hallambaker-
rfctool-01](http://tools.ietf.org/html/draft-hallambaker-rfctool-01)

------
educating
> Passive attacks are however limited in the information they can reveal

Of course they are limited in the information they can reveal. They can only
reveal as much information as is there to reveal. That in itself is a limit.
That is a non-informational, misleading statement.

> ... and easily defeated with relatively simple cryptographic techniques.

While some cryptographic techniques are "relatively simple" to use, those same
techniques can be undermined. In the current case, the attacker was involved
in developing that technique and/or has the overwhelming power to make the
technique worthless (acres of server farms, able to churn on any of it).

The only tecnique to guard data against passive attacks is to destroy the
data, all its copies, and all who ever saw the data.

------
UVB-76
> PRISM is reputed to be a classified US government that involves [...] This
> document describe the security concerns [...]

/facepalm

~~~
antsar
Those darn classified governments.

------
rtpg
I feel like there's some irony in serving up these recommendations on a non-
encrypted connection

------
anxiousest
Not to be pedantic but "PRISM" is a code name for a specific program, and it's
not the one that does in-transit interception. That would be XKeyscore.

~~~
Create
why would one expect the Comodo Group(!) to be more aware of the subtleties
and technical details?

