[GNU/consensus] Fwd: [secu-share] What STRINT has to offer... paper review

[hellekin]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

lynX's review of the upcoming Web conference in London.  Interesting
and funny as well. Except GNS is not a DHT, but a name system that
uses a local name root with global-secure-non-memorable cryptograhic
public keys optionally available over a DHT--that is you can exchange
them with people, and/or advertise them to the DHT, and
local-secure-memorable aliases under the .gnu top-level domain, whose
root authority is you.

See also https://www.w3.org/2014/strint/report.html

==
hk

- -------- Original Message --------
Subject: [secu-share] What STRINT has to offer... paper review
Date: Sat, 8 Feb 2014 23:38:49 +0100
From: carlo von lynX <address@hidden>
To: address@hidden

Maybe I was a bit too loudmouthed in my post to
secushare-announce. Let's look at those papers
at https://www.w3.org/2014/strint/report.html
more closely and see if anything has a similar
spirit or otherwise a chance of fixing the net.
Surely the list of authors is impressive.

////

1.  Privacy Protected Email | Phillip Hallam-Baker

adds fingerprints to the email address. addresses
one fundamental critique that has been articulated
for over a decade - the public key MUST be part of
the routing strategy to help protect against
impersonations. still, it's email - therefore the
other 14 reasons not to start using PGP still apply.
not to mention S/MIME.

Sorry, I will skip a lot of papers because they are
just too many...

2.  Opportunistic Encryption for MPLS | Stephen Farrell, Adrian Farrrelll
3.  Overcoming the Friend-or-Foe Paradigm in Secure Communication |
Sebastian Gajek, Jan Seedorf, Marc Fischlin, Oezguer Dagdalen
4.  Flows and Pervasive Monitoring | Ted Hardie
5.  BetterCrypto.org Applied Crypto Hardening | Aaron Zauner, L. Aaron
Kaplan
6.  A Complimentary Analysis | Andrei Robachevsky, Christine Runnegar,
Karen O'Donoghue, Mat Ford
7.  Trust Issues with Opportunistic Encryption | Scott Rose, Stephen
Nightingale, Doug Montgomery
8.  Challenges with End-to-End Email Encryption | Jiangshan Yu,
Vincent Cheval, Mark Ryan
9.  Strengthening the path and strengthening the end-points | Xavier
Marjou, Emile Stephan, Jean-Michel Combes, Iuniana Oprescu
10. SIP is Difficult | Jon Peterson
11. Thoughts of Strengthening Network Devices in the Face of Pervasive
Surveillance | Dacheng Zhang, Fuyou Miao
12. Opportunistic Encryption for HTTP URIs | Mark Nottingham
13. Cyberdefense­Oriented Multilayer Threat Analysis | Yuji Sekiya,
Daisuke Miyamoto, Hajime Tazaki
14. A Threat Model for Pervasive Passive Surveillance | Brian Trammel,
Daniel Borkmann, Christian Huitema
15. Why Provable Transparency is Useful Against Surveillance | Ben Laurie
16. Withheld

A surprise guest with a surprise opinion!  :-D

17. Monitoring message size to break privacy - Current issues and
proposed solutions | Alfredo Pironti

Some serious scientific talking on security issues here. How to improve
encryption so that statistical analysis will not give us trouble.
The author proposes some extensions and improvements to TLS which
sound similar to strategies that have been employed by GNUnet and
other tools.

I think fundamentally the usage patters have to change. Pond is a nice
demonstration on how e-mail can be a lot more secure if it drops the
requirement to be immediate. The web could be a lot more anonymous if
it was a push medium rather than pull. Multicast is a very natural way
of providing better privacy. As long as browsers try to fetch things
in real-time, Tor can only do its best. So the architecture of the web
is fundamentally b0rked and should only be used when inevitable.

18. Withheld

Another one. Very curious about these.  :)

19. Making The Internet Secure By Default | Michael H. Behringer, Max
Pritkin, Steinthor Bjarnason

Cisco employees recommending that we can trust all of
our devices because they will come with certificates
signed by the manufacturer.

20. Increasing HTTP Transport Confidentiality with TLS Based Alternate
Services | Patrick McManus
21. Balance - Societal security versus individual liberty | Scott Cadzow
22. Strengthening the Extensible Messaging and Presence Protocol
(XMPP) Peter Saint-Andre

Honest summary of the sorry status of the XMPP network. Respect.

23. The Internet We Want or the Internet We Deserve? | David Rogers
24. Beyond Encrypt Everything: Passive Monitoring | Mark Donnelly, Sam
Hartman
25. Examining Proxies to Mitigate Pervasive Surveillance | Eliot Lear,
Barbara Fraser
26. Spontaneous Wireless Networking to Counter Pervasive Monitoring |
Emmanuel Baccelli, Oliver Hahm, Matthias WÀhlisch
27. Is Opportunistic Encryption the Answer? Practical Benefits and
Disadvantages | John Mattsson
28. Clearing off the Cloud over the Internet of Things | Carsten
Bormann, Stefanie Gerdes, Olaf Bergmann

Carsten wins the award for best backronym: "state-level
tenacious attackers with significant infrastructure (STASI)"
He presents ten laws of "clear sky" (as opposed to the cloud)
that we can indeed agree upon, in particular number 8:
        "Communication must be direct between the enti-
        ties that actually need to communicate, with no
        diversion to additional parties simply for imple-
        mentation convenience."
In the secushare scenario these laws are actually easy to abide
since secushare does not delegate any trust concerning user data
to any entity that isn't a final recipient. Law number 5 however
is the old "open standard" thinking which we consider debatable
and potentially harmful.

29. The ARPA2.net project; Integrating and bundling hardened services
for normal users | Michiel Leenars, Rick van Rein

Michiel from NLnet is completely right here: We need
to make tools like Tor, GNUnet or I2P the "NEW NORMAL."
The new way to use the Internet so that users of these
tools do not stick out in the crowd. That's why secushare
is targeting Facebook as the primary application and
target crowd. But then Michiel presents the "ARPA2"
project being a cloud-oriented "open source solution"
for old-fashioned things such as "secure mail," "key
distribution" (LDAP!), "forward secrecy" (XMPP! SIP!)
and even OStatus for public messaging. Basically ARPA2
is a bundling of technologies that we think are bound
to disappear. Why? Because those servers accumulate
large amounts of clear meta data (the social graph etc)
if not actual cleartext data and are thus big pots of
honey for surveillance intrusion.

30. The Trust-to-Trust Model of Cloud Services | Alissa Cooper, Cullen
Jennings
31. Linkability Considered Harmful | Leif Johansson
32. Simple Opportunistic Encryption | Andrea Bittau, Michael Hamburg,
Mark Handley, David MaziÚres, Dan Boneh

A nice plan to add encryption by default to all TCP
sessions. Very susceptible to man in the middle and
does not protect meta data nor against analysis, but
still better than nothing. But not better than a
redesign of the Internet.

33. An Architecture for a Secure Cloud Collaboration System | Cullen
Jennings, Suhas Nandakumar
34. Security and Simplicity | Steven Bellovin
35. Privacy at the Link Layer | Piers O’Hanlon, Joss Wright, Ian Brown
36. Erosion of the moral authority of middleboxes | Joe Hildebrand

The XMPP man at Cisco raises some hot issues concerning
business interests in "middle boxes" having access to
unencrypted traffic.
    - Caching
    - Enterprise policy controls
    - Service provider acceleration of mobile data
    - Advertisement insertion for "free" networks
Best paragraph: "Some middlebox capabilities are currently
implemented using the same mechanisms employed by attackers,
including passive capturing of plaintext data, active imper-
sonation, and denial of service." He concludes: "When the
moral authority of middleboxes is eroded, arguments by their
developers to allow unfettered access to the plaintext of traffic
that traverses those boxes may be called into question. As an
industry, we should look for other mechanisms to provide
legitimate third-party value."
Yes, and we have some ideas on how to do that.

37. Policy Responses, Implications and Opportunities | Joseph Lorenzo Hall
38. Is it time to bring back the hosts file? | Peter Eckersley

The Technology Projects Director of the EFF suggesting we should, in
the spirit of the pre-DNS era, share a data base of public key
material worldwide, and keep it in sync on most devices.
This plan probably scales worse than Bitcoin, but luckily we
don't need this - we already have GNS.

39. Service concentration | Larry Masinter

Larry, the man who invented the HTTP file upload form and is
responsible for the ETag surveillance bug making it into the
HTTP standard. He has some wise points:
  - Surveillance is not an "attack"
  - "Enryption Everywhere" can backfire.
  - "Enryption Everywhere" is not enough if you don't protect meta data.
  - "Enryption Everywhere" adds cost everywhere
  - Service concentration is a key factor in allowing pervasive monitoring
I think we agree on all of this and have designed our tools
accordingly.

40. Levels of Opportunistic Privacy Protection for Messaging-Oriented
Architectures | Dave Crocker, Pete Resnick
41. What is fingerprinting? | Nicholas Doty
42. Eradicating Bearer Tokens for Session Management | Philippe De
Ryck, Lieven Desmet, Frank Piessens, Wouter Joosen
43. STREWS Web-platform security guide: security assessment of the Web
ecosystem | Martin Johns, Lieven Desmet
44. Pervasive Attack: A Threat Model and Problem Statement | Richard
Barnes, Bruce Schneier, Cullen Jennings
45. Cryptech - Building a More Assured HSM with a More Assured
Tool-Chain | Randy Bush
46. Replacing passwords on the Internet AKA post-Snowden Opportunistic
Encryption | Ben Laurie, Ian Goldberg

Ben from Google meets Prof. OTR. They suggest to persist Diffie-Hellman
exchanges opportunistically in order to authenticate returning web
customers without annoying them with having to remember passwords.
It's a nifty plan but what if I want to use somebody else's computer to
access Facebook? What if my hard disk crashes? Will I be cut out of my
old account and have to make a new one? Why are we talking about
client/server architectures anyway?

47. End-User Concerns about Pervasive Internet Monitoring: Principles
and Practice | Tara Whalen, Stuart Cheshire, David Singer
48. Developer-Resistant Cryptography | Kelsey Cairns, Graham Steel
49. Kai Engert's Position Paper | Kai Engert

"Attempts to control surveillance using legislation won't work."
Depends on the legislation. "We rather need technical solutions
that make surveillance difficult or impossible." That's the kind
of legislation I promote.  ;-)  Kai has been proposing MECAI and
DetecTor.io, which is very similar to our libcertpatrol: both are
certificate pinning implementations in C.

50. Mike O'Neill's Position Paper | Mike O'Neill
51. Detecting MITM Attacks on Ephemeral Diffie-Hellman without Relying
on a PKI in Real-Time Communications | Alan Johnston
52. Trust & Usability on the Web, a Social/Legal perspective | Rigo
Wenning, Bert Bos
53. Hardening Operations and Management Against Passive Eavesdropping
| Bernard Aboba
54. A few theses regarding privacy and security | Andreas Kuckartz

We had quite some religious fights on this mailing list, but
after meeting in person at 30c3 the disputes were off the table.
Andreas specifically mentions projects that aim to protect the
social graph (thank you). The core problem of insecure inter-server
communications in federated architecture is addressed (SMTP, XMPP).

55. Meet the new threat model, same as the old threat model | Eric
Rescorla

Nice citation, seen from the perspective of "We used to hope we
were just being paranoid" - from The Importance of Being Earnest:
  "It is a terrible thing for a man to find out suddenly that all
   his life he has been speaking nothing but the truth."
        Usability (1): Make it easy and automatic.
        Usability (2): Only make a secure version.
        Usability (3): Do something new or better.
The man from Mozilla admits the X.509 certification authority
scheme is suboptimal after all. But then concerning SSH's success
"attempts to use a similar key continuity mechanism with HTTPS
 have seen only very limited usage." Well, you still haven't
adopted CertPatrol as an official certificate pinning strategy!
... and help to handle the usability issues related to X.509.
Eric concludes that server-based identification is the way of the
future which leaves me hitting my head against the wall. Also,
he gives up all hope on protecting meta data.

56. It’s Time for Application-Centric Security | Yuan Gu
57. Sabatini Monatesti position paper | Sabatine Monatesti
58. Trust problems in pervasive monitoring | Melinda Shore, Karen
O'Donoghue
59. Beyond "Just TLS Everywhere": From Client-encrypted Messaging to
Defending the Social Graph | Harry Halpin, George Danezis

Harry Halpin writes a tribute to the LEAP project. We have
discussed in the past what the problems of the LEAP approach
are. I kept them at http://about.psyc.eu/LEAP. What is George
doing in the author list? He's a Tor developer, he should
know better that the future of the Internet has something to
do with DHT technology, not doctoring pre-DHT tech.

60. Network Security as a Public Good | Wendy Selzer
61. Statement of Interest on behalf of the W3C TAG | Dan Appelquist

Probably a co-founder of the W3C, Dan ran an attempt to
implement "One Social Web" over XMPP. With this position
paper he suggests using more HTTPS with certificate
pinning. The job that "Certificate Patrol" does.

62. Improving Security on the Internet | Hannes Tschofenig

The chair of the workshop himself, who met and invited us
at 30c3. He steers clear of controversy and presents a
historic view on internet security lifecycles concluding that
the deployment of technologies is insufficiently correlated
to their development (especially when standards bodies are
in the way ;-)).

63. Protecting customer data from government snooping | Orit Levin
64. Privacy Aware Internet Development Initiative 2014 | Achim Klabunde

A point of view from the data protection authorities.

65. The Internet is Broken: Idealistic Ideas for Building a NEWGNU
Network | Christian Grothoff, Bartlomiej Polot, Carlo von Loesch

Here we are. Daring to say that BGP can be replaced by a
DHT technology called GNS. DNS and X.509, also, by the way.
And I few more drastic things.

66. Opportunistic Keying as a Countermeasure to Pervasive Monitoring |
Stephen Kent

////

Feel invited to fill in the gaps by reading the other papers.. :)


- -- https://lists.tgbit.net/mailman/listinfo.cgi/secu-share

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJS9sBTXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQ0IyNkIyRTNDNzEyMTc2OUEzNEM4ODU0
ODA2QzM2M0ZDMTg5ODNEAAoJEEgGw2P8GJg98ZcP/3p6PBeG0jPFu4i5ywOMCdKV
bQuEp5kzDjXzjEASXrCek1+jqr5JbLSSQcdmoZtULp6KJlwnw+/JPIJSu2mbrvTH
8VLdkPrthXsbXu+9VMuWxrq/5pgDaBs2xAwQfPG+Dr25iZG4Hu4aEYiZ4tmRAZZr
9IJE3lM4x0bouqlwF8KEbzyUPkjIcgGHPwe/AuHRreeQq+Z3iELS9PUByLf8AMHa
BBL2ip0bfHufahNZzUAoha57i3AigvO7ID+MGrKEbZpbHiAsfKZAMxssNjo3rvH4
xkXJ2ISLOpeUbzUG7BoFqClIyZLLwEBUPPim6ji0oKh2skBpJOaM/msWC0TomQaC
SOyBnyAviuupK7x7AN06yRHWOrY2LFZqgatVxmx5suLF4dBF/333RPIDYbw4BpXC
x03LT4iQdiXfpo9Qsk42f5sEgfnyo7gxa20744aKFpZMVM/I3CnMIp/lPTJNiZTJ
KTQ3R4vFQs7V8TriMqSlPiuxx6HUOJpw6wbq8hzGqDTNwT7YLb1FJWQYkNoY0wie
Ab6ZTym3rK1VIh0SaPEP2loYVOln/w9xWTU2e5J/pjmcEXIX5kK0utaMFrZlVAwL
UQ2HpLXHOFKdLou75tQkkPNMmiPwktkg6Fz+vCF+vGhbA0ZxndtSCq/iSbEH3uD9
uiQ+Gow7cEr4SxKiJkBX
=8Q0l
-----END PGP SIGNATURE-----