IETF Floats Draft PRISM-Proof Security Considerations

hypnosec writes "PRISM-Proof Security Considerations, a draft proposal to make it harder for governments to implement and carry out surveillance activities like PRISM, has been floated by the Internet Engineering Task Force (IETF). The draft highlights security concerns as a result of government sponsored PRISM-like projects and the security controls that may be put into place to mitigate the risks of interception capabilities. Authored by Phillip Hallam-Baker of the Comodo Group the draft is however very sparse on details on how the Internet can be PRISM-proofed."

Not an IETF Draft

[petithug]

An IETF draft starts with "draft-ietf-". This is merely a proposal by a member of the IETF to discuss this subject.

Re: Not an IETF Draft

[Can't log in due to another slashfail, I wrote the draft]

Yeah, I did rather wonder about that when I got sent the Register article. They didn't even ask me for comment before publishing or I would have told them.

This is merely a summary I wrote of the traffic on a private list that we have been discussing PRISM on. It is not even all my work. And the main point is simply to set a baseline for the three drafts to follow so that we can avoid prolonged discussion of purported PRISM capabilities.

The next draft divides the problem space into two parts, first things that we already have good solutions for, second things that we need to improve on. Much of that is taken from the work I did on secure email in my book 'dotCrime Manifesto'. At the moment we have two email security solutions, neither of which is viable. S/MIME has ubiquitous deployment, PGP has mindshare. It does not matter how long we try, we are not going to get everyone on the Internet to use PGP. It is just too complicated for people to understand. And so is S/MIME. But there are parts of S/MIME and STARTTLS that we can just build on without modification. S/MIME message format works fine and many email clients can receive S/MIME encrypted mail without any horrid user issues. Key validation and distribution on the other hand is not done at all well. So we need a standard for a 'socket' that can fit into a MUA that allows them to access a module that does those well.

The idea of that draft is that there are four are five people who are working on innovative PKI schemes to address key distribution. But users don't want to have to bet on any one of those being the 'winner'. Plus we have lots of people who just want to hack cool crypto code into Thunderbird or the like. So if we define the interface between the two groups then we can both work in parallel and without wasted effort. And if there are enough people implementing sockets in MUAs then pretty much everyone can use encrypted email with their favorite mail client.

The third draft deals with key generation and proposes that we have a tool that generates keypairs and (optionally) submits them to some service that will be the gateway to the key distribution scheme. Although there are keygenerators out there, there are issues that just make them unsuited and none offers a good way to backup a private key or transfer it into another device. [No encrypting your private key with a human readable password with 40 bits of entropy is not a good approach). That draft goes beyond the current capabilities but is something I think we can all agree on as a common infrastructure.

The final part will be my solution to the researchy part of the problem. I doubt mine will be the only one. I am looking at building on the ideas in Google's Certificate Transparency but without the transparency proofs in the cert part which I find silly and for email is unnecessary since we do not worry about shaving a hundred milliseconds off latency. There is also a second layer of notaries, the inter-notary infrastructure.

Re: Not an IETF Draft

[Zeinfeld]

It is not even meant to be a proposal.

The point of the document is that I took all the points that had been made five or more times already and put them into one document so that we can move the discussion on to the next stage. Otherwise every time we get a new person joining the group we have to go through the same thing all over. And the third or fourth time round it becomes 'we already know that', 'NOO you are trying to censor me, NSA plant!'.

It isn't meant to become an IETF draft, they would make me take out all the fun parts. Like pointing out the abject incompetence of an organization that lets a 29 year old contractor with a pole dancer for a girl friend have access to that material six months after joining. Why do Alexander and Clapper still have jobs? And spying on US citizens and then trading the raw SIGINT with foreign powers that are certain to share it with my commercial competitors? What were these idiots thinking?

There is work going on in IETF and in fact we started before his Bruce-ship made his call to arms. I doubt the PRISM-PROOF branding will stick. But it is powerful mind share as this story proves. We have botched deployment of almost all the security protocols developed in IETF except for TLS and that succeeded before it went in. This is a chance to hit the reset button and fix the mindbogglingly stupid deployment gaps. Like having no standard way to discover recipient keys and having two different message formats (OpenPGP and S/MIME) forcing people to choose between two key endorsement schemes rather than allow them to pick the one suited to their needs.

Yes, I do think there was interference in the past efforts but I suspect it was subtler than most imagine and not coming from the NIST folk. Rather, I think the interference came from folk who would encourage both sides in technical disputes to dig in and refuse to compromise, folk who participate with no visible means of financial support and seem to have limitless time to write drafts but are not very technical.

It's called IPv6 DNSSEC

[VortexCortex]

Mandatory end to end security was in IPv6. The Feds didn't like that, so guess what? It got removed.

If you ask me, it's time to shit-can the IETF too.

Re:IETF is better than NIST, how?

[icebike]

I can't imagine what difference it would make.

Well not being owned by the US Government might be a good start, don't you think?

There is some (debated) evidence that NIST was compromised by directions from above, by external control of its budget, etc.

Lets face it, security and privacy were not designed into the protocols we use on the internet today, they were bolted on afterward, and the government played a big (and self serving) part of that effort. Any amount of data hardening would be welcome at this point. There will still be metadata that can be collected but content should be able to be kept private by default.

I would rather have a community of enraged engineers driving the design and management than a bunch of federal paper pushers with a police mentality.

Maybe PRISM is a US government; I don't know.

[Zero__Kelvin]

"PRISM is reputed to be a classified US government that involves covert interception of a substantial proportion of global Internet traffic."

He repeats this line at least twice, which I am assuming is a result of copy and paste. Unless he is saying that PRISM is a second government, I guess my first suggestion would be to add the word "program" in there somewhere ;-)

Re:cat & mouse

[causality]

Why play cat and mouse with your own governing body? PRISM is illegal. Put effort towards ending it. Otherwise, you're helping terrorists... (rolls eyes)

Out-of-control governments are the real terrorists. Al-CIA-da would salivate at doing one one-thousandth the damage a cancerous government can do.

Re:IETF is better than NIST, how?

[Anachragnome]

"Lets face it, security and privacy were not designed into the protocols we use on the internet today, they were bolted on afterward, and the government played a big (and self serving) part of that effort."

For those that doubt that statement, please read the documentation provided by the none other than the NSA itself.

http://www.nsa.gov/ia/programs/suiteb_cryptography/

That page was posted by the NSA 4 1/2 years ago and updated in May 2013. Surprisingly, they name names--exactly who worked on what--and even go so far as to provide addresses and personal information for these people. These names can be used to locate networks of "cooperation", just like the NSA uses metadata to find out things about us. For instance, one of the key writers in this document ( http://www.ietf.org/rfc/rfc6318.txt?number=6318 ) when Googled is linked to this document-- https://www.google.com/patents/US6243467 , which in turn adds more names. Follow the names, and see just how much trust you have afterwards.

Dig through the links! Very informative! Start asking yourself what crypto might be safe from the NSA, and you'll quickly realize--the further you dig--that none of it is safe from the NSA. They've identified and created "secure" versions of almost every protocol, for themselves (Suite B), and stuck the rest of the world with lesser versions, versions that would obviously be crackable given that they possess something better.

To be honest, I'm a little surprised that page is still available. I suspect it won't be for long.

Re:IETF is better than NIST, how?

[george14215]

Like the 100k civilian dead in Iraq? How in the world do we have any right pontificating on Syria?

Corrections

[WaffleMonster]

Anyone can submit an I-D for anything. With few exceptions they are uploaded automatically with no human review, zero buy-in, endorsement, weight..etc by anyone. This ID has not even been adopted by a particular WG.

Then theres question of what is it this draft proposes reads more like a hapazard list of one mans problems.

To be clear I'm not attacking the I-D I'm attacking the warped characterization of it by people who should know better.

Re:IETF is better than NIST, how?

[SuricouRaven]

The number of civilians killed in the 9/11 attack was approximately equal to a little over a month of fatal traffic accidents in the US for 2001. If the government had spent even a fraction of the money spent on security and military action after 9/11 on road safety and public transport instead, they could have prevented several 9/11s each year.

Politics and public reaction are not rational.

Re:IETF is better than NIST, how?

[causality]

Politics and public reaction are not rational.

More like, the media discovered long ago that sensationalism sells better than rational thinking because emotions are much easier to manipulate. Being mostly followers who have been conditioned not to think critically, the public and thus the public's representatives simply follow.