Slashdot Mirror

← Back to Stories (view on slashdot.org)

Snowden's NSA Leaks Gave IETF a Needed Security Wake-up Call

Posted by Soulskill on from the don't-hit-the-snooze-button dept.

alphadogg writes "Security and how to protect users from pervasive monitoring will dominate the proceedings when members of Internet Engineering Task Force meet in London starting Sunday. For an organization that develops the standards we all depend on for the Internet to work, the continued revelations made by NSA whistleblower Edward Snowden have had wide-ranging repercussions. 'It wasn't a surprise that some activities like this are going on. I think that the scale and some of the tactics surprised the community a little bit. ... You could also argue that maybe we needed the wake-up call,' said IETF Chairman Jari Arkko. Part of that work will also be to make security features easier to use and for the standards organization to think of security from day one when developing new protocols."

52 comments

  1. They will destroy your reputation by Anonymous Coward · · Score: 2, Informative

    Go ahead. NSA will destroy you if you do anything that actually secures the internet.

    1. Re:They will destroy your reputation by Anonymous Coward · · Score: 0

      If they start destroying too many people then they will have more and better Snowdens. Their best people will realise how dangerous they are and already have a good example of how to do things and escape. Never let the fear make you give up.

    2. Re:They will destroy your reputation by Anonymous Coward · · Score: 0

      They don't even have to go to that length. Remember, the IETF refused to get rid of NSA employees working on crypto standards. The IETF is a poster boy for the NSA infiltration tactics that came out during the leaks.

      This "wakeup call" is all just PR nonsense. Whatever "security" they come up with is worthless from the get go.

  2. two words: trusted proxy by bazmail · · Score: 4, Insightful

    they still suggest things that hep the spy agencies like utterly retarded "trusted proxy" garbage. they are either still asleep or part of the spying apparatus.

    1. Re:two words: trusted proxy by jonwil · · Score: 3, Insightful

      We need to replace both SSL/TLS AND the broken CA cert model with a new security system specifically designed so its NOT possible to build such a "trusted proxy" or otherwise MITM the connection even if you control the client (i.e. all those corporate solutions that require a special root certificate on the client and then use that to proxy SSL in a way that users generally wont notice unless they start looking at the certificate details)

    2. Re:two words: trusted proxy by mlyle · · Score: 4, Insightful

      Uh.. secure communications for the client even if the adversary controls the client? Good luck with that.

    3. Re:two words: trusted proxy by Anonymous Coward · · Score: 0

      They're trying to lull the NSA into a false sense of security & complacency by giving them exactly what they want... clever.

    4. Re: two words: trusted proxy by Anonymous Coward · · Score: 0

      You didn't read the spec on that properly or your knee jerk reaction has stuck. Seriously this place had the best comments to bash out bullshit in the past

    5. Re:two words: trusted proxy by jonwil · · Score: 3, Interesting

      What I meant was more along the lines of preventing someone like, say, an IT shop at a big company from being able to install a "trusted client certificate" from one of those SSL proxy server things (websense etc) and MITM SSL that way.

      (cue IT guys saying "but we have to do that because xyz stupid law requires we monitor everything going in and out and if we cant monitor SSL traffic, we would have to block it and break half the internet")

    6. Re: two words: trusted proxy by Anonymous Coward · · Score: 3, Insightful

      I'll give you a hint. If it involves a premise of "trusted" it can't be.

    7. Re:two words: trusted proxy by AHuxley · · Score: 3, Interesting

      Yes your back to one time pad and number station, your family, village, tribe, faith, cult, community, country vs the Tempora http://en.wikipedia.org/wiki/T...

      --
      Domestic spying is now "Benign Information Gathering"
    8. Re:two words: trusted proxy by WaffleMonster · · Score: 4, Interesting

      We need to replace both SSL/TLS AND the broken CA cert model with a new security system

      I think care is needed in understanding the difference between failures of technology vs. failure in implementation.

      For example the technology to enable PKI may be sound however deploying SSL CA's in the manner they have with hundreds of redundant, global, overlapping CAs may prove to be unreasonably difficult to secure or trust.

      specifically designed so its NOT possible to build such a "trusted proxy" or otherwise MITM the connection even if you control the client

      Every possible security protocol which will ever exist requires a useful source of trust as the basis for useful operation. Without trust security is ALWAYS a useless illusion.

      If an untrustworthy source controls all the inputs and all the outputs there is no trust in that system, no sophisticated cryptographic concept or any amount of wishful thinking will ever change this.

      If it is not an untrusted cert it will be manipulation of the browsers security stack or rendering system. About as pointless as implementing RFC 3514.

    9. Re:two words: trusted proxy by Anonymous Coward · · Score: 0

      (cue IT guys saying "but we have to do that because xyz stupid law requires we monitor everything going in and out and if we cant monitor SSL traffic, we would have to block it and break half the internet")

      This is what my Sixth form (College not school, dumbass) did a few years ago, MITM certificates never occurred to them apparently? I wouldn't know, I never asked them about it.

    10. Re:two words: trusted proxy by Anonymous Coward · · Score: 0

      they still suggest things that hep the spy agencies like utterly retarded "trusted proxy" garbage. they are either still asleep or part of the spying apparatus.

      I think the latter.
      If IETF doesn't help, we might need to get rid of them like we need to get rid of ICANN.

    11. Re:two words: trusted proxy by manu0601 · · Score: 1

      We need to replace both SSL/TLS AND the broken CA cert model

      Here is a proposal: DNSSEC ensures DNS record integrity, so use it to publish domain-specific CA. If you need to connect to www.example.com, get example.com's CA from the DNS, and use it to validate www.example.com certificate.

    12. Re:two words: trusted proxy by bill_mcgonigle · · Score: 1

      (cue IT guys saying "but we have to do that because xyz stupid law requires we monitor everything going in and out and if we cant monitor SSL traffic, we would have to block it and break half the internet")

      Why do you have a problem with that? They should just let employees shuttle corporate trade secrets out of the company via a web browser because you feel like doing your personal banking on a work computer?

      Make the case for giving every employee unrestricted Internet access from a computer connected to the corporate LAN.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    13. Re:two words: trusted proxy by Anonymous Coward · · Score: 0

      What I meant was more along the lines of preventing someone ... MITM SSL that way.

      And the reply you got said that it's impossible. If you change the trust infrastructure, the tech guys will change their operating method. For example they would replace all your web-of-trust certificates with one they controll, and make the database readonly for you. They will also drop any connection that tries to circumvent it.

    14. Re:two words: trusted proxy by IamTheRealMike · · Score: 1

      How do you intend to stop IT departments reconfiguring computers they themselves purchased?

      I don't think you thought that one through. At all. It's not even a reasonable goal.

    15. Re:two words: trusted proxy by Anonymous Coward · · Score: 0

      Domain CAs are a great idea:

      - set up once for the domain, bind it firmly to the DNS and domain itself
      - manage your certs yourself
      - no ridiculous per certificate charges
      - each client gets its own cert/key (no key sharing for wildcard certs necessary)
      - impossibility to have multiple CAs for the same domain / compromised CAs not able to give certs for domains they shouldnt have

      Any negatives?

  3. oh really.. what about a but of a clean up first? by Anonymous Coward · · Score: 3, Informative

    And yet, despite the clear conflict of interest, an NSA employee remains in a position of trust in a cryptography standard. No accusation against the guy since don't know him. However, if you or I got caught trying to damage the standard we were working in, we'd get sued. If he got caught he'd just be told to be more careful next time. It is totally inappropriate and the IETF should act.

  4. long overdue by Virtucon · · Score: 1

    It's about time... There are many standards that the IETF has domain over that are weak and some that should be considered wholly insecure and not recommended or deprecated. These were developed when we were much more trusting of our neighbors on the Internet. Hopefully they'll start taking this to heart when it comes to new standards.

    --
    Harrison's Postulate - "For every action there is an equal and opposite criticism"
  5. Damn! Ghostery blocked 13 tracking scripts by evanh · · Score: 2

    And that's with scripting disabled even. NetworkWorld is a whore.

  6. Re:oh really.. what about a but of a clean up firs by Anonymous Coward · · Score: 2

    just to answer the bullshit "the co-chair can't influence the standard he's working on line"; remember, if he works for the NSA, he already knows where the problem in the standard is. If he notices someone working in that direction, all he has to do is ask a few extra favors and they won't have time to spot the problem.

  7. Article by DaMattster · · Score: 4, Interesting

    This article is an example of poor technology journalism. The article offered a pathetic excuse as to why security has not been implemented: it's too complex and difficult. No one ever bothered to write a good user interface for the security mechanisms. Most of the security tools are written to be used by engineers. Why not make a user interface that glues together these tools so that every Tom, Dick, and Harry can use them? It isn't necessary to use such complex tetminology either. I'm not saying dumb it down completely but make some tools for the less computer savvy.

    1. Re:Article by houghi · · Score: 4, Interesting

      I was also looking at the ease of use part. How many people do encrypt their email? And I mean because of reason, not because they are geeks.
      I am talking about the CEO sending messages that should stay secure.

      I think the reason they do not encrypt their email is because it is not implemented in the email client as a standard and doing so is not easy enough.

      "But there is XYZ that they ciould use/do." Well, they don't and that is a serious problem.

      --
      Don't fight for your country, if your country does not fight for you.
    2. Re:Article by IamTheRealMike · · Score: 2

      Er, it is implemented in the client! S/MIME has been implemented by all non-webmail clients for years. When used correctly it's more or less transparent: every email is signed (you get an smime.p7s attachment), and if you receive a signed mail and have S/MIME configured too, your client can/will automatically encrypt the response.

      But there are reasons it's not widely used: in the consumer space, most people don't bother getting an email address cert (even though Comodo and StartSSL give them away for free, it takes 2 minutes). And in the corporate space, often you don't actually want employees using end to end encryption, because you need the ability to do things like have internal messaging archives that are searchable, you need the ability to do document discovery when you get sued, employees suck at key management and keep losing them, etc.

      Encrypted asynchronous messaging is just a tremendously hard problem. Look at agl's Pond project to get a flavor for what doing it seriously takes.

  8. I don't think the IETF woke up at all... by QuietLagoon · · Score: 4, Interesting
    No, I Don't Trust You! -- One of the Most Alarming Internet Proposals I've Ever Seen

    If you care about Internet security, especially what we call "end-to-end" security free from easy snooping by ISPs, carriers, or other intermediaries, heads up! You'll want to pay attention to this.

    You'd think that with so many concerns these days about whether the likes of AT&T, Verizon, and other telecom companies can be trusted not to turn our data over to third parties whom we haven't authorized, that a plan to formalize a mechanism for ISP and other "man-in-the-middle" snooping would be laughed off the Net.

    But apparently the authors of IETF (Internet Engineering Task Force) Internet-Draft "Explicit Trusted Proxy in HTTP/2.0" (14 Feb 2014) haven't gotten the message.

    What they propose for the new HTTP/2.0 protocol is nothing short of officially sanctioned snooping.

    1. Re:I don't think the IETF woke up at all... by Anonymous Coward · · Score: 0

      With end-to-end encryption there can be no malware protection in front of applications. That would make NSA happy.

    2. Re:I don't think the IETF woke up at all... by goddidit · · Score: 2

      From what I understand from the RFC, the proposal is actually trying to protect from local eavesdropping when accessing http-resources. I.e. you define a trusted proxy, and use HTTP2 with TLS to access insecure HTTP resources through it. This does not offer end-to-end security, but offers protection for the user against local adversaries, such as their ISP.

      --
      This .sig is exactly 120 characters long.
    3. Re:I don't think the IETF woke up at all... by ale2011 · · Score: 1

      MITM proxies are among us, and there is nothing the IETF can do to stop corporate networks forcing their clients into such bad practice. The proxy sinthesizes a certificate for each https requests made by the client. The client has to trust the corporate CA, of course. There are various shortcomings with that model. For example, for opt-out to be occasionally possible, the client browser needs to know about the MITM proxy, rather than unwittingly trust the corporate CA. The "Explicit Trusted Proxy in HTTP/2.0" draft just aims at introducing browser awareness into that game.

  9. Bake Anonymity Into the Internet Itself using Tor by colordev · · Score: 1

    In November IETH already almost promised that. Now we are holding our breath. Please hurry. Thank you.

  10. Re:Bake Anonymity Into the Internet Itself using T by AHuxley · · Score: 1

    So we get great changes to how packets move and their origins while moving. This would have made any city, state, federal or intergovernmental efforts for tracking not so easy in past years.
    The reason we seem to be getting all the good crypto news and 'fixes' might be that the vast illegal domestic spying programs have move on and are now ready for any such changes to the internet.
    The next step seems to be "NSA head floats idea: What if we only gathered terrorist communications?" Mar 1 2014
    http://arstechnica.com/tech-po...
    i.e. a new “collect-it-all” option for domestic and international use offering deep pack inspection at a level (exchange, digital loop carrier) to keep the first 'hop'.
    You can then move all the packets globally, encrypt all you want, at some point if your work, First Amendment-related activities or tracked daily movements become interesting your digital interactions can all be recreated.
    Other efforts to gain your passwords can then be attempted.

    --
    Domestic spying is now "Benign Information Gathering"
  11. Re:God's temple by Anonymous Coward · · Score: 0

    Is God a markov chain generator?

  12. Any Idiot by bl968 · · Score: 1

    Any Idiot can right a RFC-Draft, they don't even have to know anything about networking.

    --
    "GET / HTTP/1.0" 200 51230 "-" "Mozilla/4.0 (compatible; Setec Astronomy)"
    1. Re:Any Idiot by Anonymous Coward · · Score: 1

      Any Idiot can right a RFC-Draft, they don't even have to know anything about networking.

      I dunno about that. I'm pretty sure any idiot can write one, but I think they'd have to have some skill to right it if it's stupid.

  13. A stochastic process... by rmdingler · · Score: 1
    Markov Chain Generator, eh?

    Perhaps if the God you refer to is Tyche.

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

  14. Out of curiousity, and with no animosity, by rmdingler · · Score: 1

    are you currently reading The Catcher in the Rye?

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

  15. It's not a bug it's a feature by Anonymous Coward · · Score: 0

    Oxymoron? The security industry, both govenment and private are too big to be fixed! It would be eaisy to make things so hard to hack that no one would bother... It's a feature, your data is valuable... If companies where held responsible for the issues, it'd be fixed in a hurry... I have an agreement posted, by taking my data you agree to pay $1000 per bit per instance...

    Thets not protect it people, lets charge for it!

  16. Fight fire with fire by Anonymous Coward · · Score: 0

    I pay fat bastard $600 a week to sit in front of my webcam greased up in the hopes one of them will be scarred for life.

  17. Or... by Darkling-MHCN · · Score: 1

    Or they'll just pay someone smarter than you to unsecure it again.

  18. My 2c by Darkling-MHCN · · Score: 1

    These guys work 24/7 with a budget beyond most corporations to ensure they are one step ahead of everyone and can access any piece of information they want to get to.

    Short of never connecting your computer to a public network (and even that might not cut it), You're fighting a losing battle against these guys. If there's any technology out there you could truly use to secure yourself against the NSA, they'll do everything to make sure it never sees the light of day.

    The only way to really combat this, is to fight for democracy, open government, and legislation to make these sorts of operations criminal activity.

    1. Re: My 2c by Anonymous Coward · · Score: 0

      right ... fight for democracy. and how sir are you gonna do/organize that (if all your comms are no good)? cue knocking on door in 3, 2, 1

  19. The IETF has always been a bunch of dumbasses. by VortexCortex · · Score: 1

    The IETF is deprecated, and can never be trusted. They have always been against security, as demonstrated by HTTP and HTML's lack of interaction with TLS/SSL.

    We already have HTTP-Auth using hash based proof of knowledge via HMAC with a server nonce. So, when deciding to add encryption to the Internet we could have just taken the output of the existing HTTP-Auth -- the proof of knowledge -- and key your symmetric stream ciphers with it instead of sending the proof back and forth in the clear. See?

    Yes, this means that you must arrange a pre-shared key with the endpoints, but it's not MITM able (the MITM would only be a relay for encrypted data.

    Oh, and before you get all Public Key Crypto on me: Public key crypto just moves the problem of pre-shared secret to be the public keys of the end points. We could use a trust graph -- and I do with PGP -- but no one actually does that. At least if you share a secret in person, face to face with friends, or even when physically at your local bank, then plain old fucking symmetric stream crypto using hash based proof of knowledge as keys instead of exchanging them as in HTTP-Auth would give you an avenue to have security. You should be putting in your password BEFORE the site even pops up, hell the browser can remember it or perhaps optionally generate a per-domain passphrase via hashing your master password with the domain name and some salt -- Presto: ONE PASSWORD FOR THE WHOLE DAMN WEB. That wasn't so fucking hard, now was it? It's been decades. Why don't we have this? The IETF has always been antagonistic to security.

    SSL / TLS PKI has always been completely fucked up by design. Just look at the CA system whereby roots can create certs without domain's permission: FF > Settings > Advanced > Certificates > View > "Hong Kong Post" -- you trust bad actors as roots, and introduce an explicit man in the middle. Remember Diginotar? Every security researcher knows to avoid a single point of failure. The CA system isn't a single point of failure, it's MANY points of failure and a SINGLE compromise of any trusted root destroys the security of the whole system -- THAT'S FUCKING INEPT. No competent security aware individual would design a system thus!

    Fire the IETF. They have never had our best interests in mind when it comes to security. If this was the best they could do for decades, then they do not deserve to be in charge of any networking standards.

  20. So should companies crack your bank account? by Anonymous Coward · · Score: 0

    So you say that companies should crack your bank account? You DO know that MITM attack is actually fraudulent misrepresentation, right? You know that's criminal computer trespass, right?

    The company doesn't have to provide access for your internet banking.

    It is costing in the UK an estimated 3 billion a year to provide internet access to employees for non-business use. So you could call it reasonable to stop providing it.

    However, it's also saving businesses in the UK an estimated 30billion a year in unpaid overtime. Since people will need to go home to do internet banking, this overtime should be removed by the employees and it would be reasonable to stop providing it.

    IN NO CASE is it reasonable to spy on your employees use of internet access.

  21. Enforce the computer fraud acts by Anonymous Coward · · Score: 0

    "How do you intend to stop IT departments reconfiguring computers they themselves purchased?"

    Enforce the computer fraud acts. MITM is computer fraud: THEY ARE NOT THE COMPANY YOU THINK THEY ARE.

  22. Ghostery = Inferior + 'souled-out' by Anonymous Coward · · Score: 0

    Hosts do more w/ less (1 file) @ a faster level (ring 0) vs redundant browser addons (slowing up slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ OS, & 1st net resolver queried w\ 45++ yrs.of optimization):

    ---

    APK Hosts File Engine 9.0++ 32/64-bit:

    http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74

    (Details of hosts' benefits enumerated in link)

    Summary:

    ---

    A. ) Hosts do more than AdBlock ("souled-out" 2 Google/Crippled by default) + Ghostery (Advertiser owned) - "Fox guards henhouse", or Request Policy -> http://yro.slashdot.org/comments.pl?sid=4127345&cid=44701775

    B. ) Hosts add reliability vs. downed or redirected DNS + secure vs. known malicious domains too -> http://tech.slashdot.org/comments.pl?sid=3985079&cid=44310431 w/ less added "moving parts" complexity + room 4 breakdown,

    C. ) Hosts files yield more speed (blocks ads & hardcodes fav sites - faster than remote DNS), security (vs. malicious domains serving mal-content + block spam/phish), reliability (vs. downed or Kaminsky redirect vulnerable DNS, 99% = unpatched vs. it & worst @ ISP level + weak vs FastFlux + DynDNS botnets), & anonymity (vs. dns request logs + DNSBL's).

    ---

    * Addons are more complex + slowup browsers in message passing (use a few concurrently & see) - Addons slowdown SLOWER usermode browsers layering on MORE: I work w/ what you have in kernelmode, via hosts (A tightly integrated PART of the IP stack itself)

    APK

    P.S.=> * "A fool makes things bigger + more complex: It takes a touch of genius & a lot of courage to move in the opposite direction." - Einstein

    ** "Less is more" = GOOD engineering!

    *** "The premise is, quite simple: Take something designed by nature & reprogram it to make it work FOR the body, rather than against it..." - Dr. Alice Krippen "I AM LEGEND"

    ...apk

  23. Ghostery *is* a natural response by evanh · · Score: 1

    Ghostery turns the tables just like Mega turns the tables. It's tells advertisers what we really think of their methods by adding a usable opt-in layer to their supposed opt-out. The difference here is the advertising industry is happy to pay for that knowledge.

    Also, no speed problems with NoScript doing it's thing. Most web pages get bogged down on useless scripts and flash videos.

    1. Re:Ghostery *is* a natural response by evanh · · Score: 1

      By "their methods" I mean drag-netting to achieve targeted advertising.

  24. To supplement hosts (this rocks) by Anonymous Coward · · Score: 0

    Monitor you connections to Slashdot to supplement hosts using NIRSOFT's Network Latency Viewer -> (essentially a timer driven gui based netstat -ano++) http://download.cnet.com/Netwo... for FIREWALL LEVEL RULESETS (vs. you wouldn't BELIEVE how much there is that you DON'T SEE like ads, by the hundreds)... for more speed, & my guess is FAR less tracking/webbeacons-webbugs, etc. - et al actually.

    * Adding them to a NEW custom firewall rule (by IP or ranges)? Cake in Windows 7...

    APK

    P.S.=> I tell you: It even made surfing using IE 11 fast, WITH scripts on here (but yes, faster than when not as you said too also) - all that & hosts before it in the IP stack + FAST kernelmode ops + caching in kernelmode too (vs. usermode services)? Flies...

    ... apk