[146808] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: [Cryptography] Opening Discussion: Speculation on "BULLRUN"

daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Sun Sep 8 03:11:07 2013

X-Original-To: cryptography@metzdowd.com
In-Reply-To: <718DFA7882181D45B8BD18F31C46D55427B2248B@MBX204.domain.local>
Date: Sat, 7 Sep 2013 22:11:17 -0400
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Gregory Perry <Gregory.Perry@govirtual.tv>
Cc: "Jeffrey I. Schiller" <jis@mit.edu>,
	"cryptography@metzdowd.com" <cryptography@metzdowd.com>,
	ianG <iang@iang.org>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com

--===============1209567182989045367==
Content-Type: multipart/alternative; boundary=001a11c26456790c2404e5d5c9ba

--001a11c26456790c2404e5d5c9ba
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On Sat, Sep 7, 2013 at 8:53 PM, Gregory Perry <Gregory.Perry@govirtual.tv>w=
rote:

> On 09/07/2013 07:52 PM, Jeffrey I. Schiller wrote:
> > Security fails on the Internet for three important reasons, that have
> > nothing to do with the IETF or the technology per-se (except for point
> > 3).
> >  1.  There is little market for =93the good stuff=94. When people see t=
hat
> >      they have to provide a password to login, they figure they are
> >      safe... In general the consuming public cannot tell the
> >      difference between =93good stuff=94 and snake oil. So when present=
ed
> >      with a $100 =93good=94 solution or a $10 bunch of snake oil, guess
> >      what gets bought.
> The IETF mandates the majority of the standards used on the Internet
> today.


No they do not. There is W3C and OASIS both of which are larger now. And
there has always been IEEE.

And they have no power to mandate anything. In fact one of the things I
have been trying to do is to persuade people that the Canute act commanding
the tides to turn is futile. People need to understand that the IETF does
not have any power to mandate anything and that stakeholders will only
follow standards proposals if they see a value in doing so.




>  If the IETF were truly serious about authenticity and integrity
> and confidentiality of communications on the Internet, then there would
> have been interim ad-hoc link layer encryption built into SMTP
> communications since the end of U.S. encryption export regulations.
>

Like STARTTLS which has been in the standards and deployed for a decade now=
?



> There would have been an IETF-mandated requirement for Voice over IP
> transport encryption, to provide a comparable set of confidentiality
> with VoIP communications that are inherent to traditional copper-based
> landline telephones.  There would at the very least be ad-hoc (read
> non-PKI integrated) DNSSEC.
>

What on earth is that? DNS is a directory so anything that authenticates
directory attributes is going to be capable of being used as a PKI.



> And then there is this Bitcoin thing.  I say this as an individual that
> doesn't even like Bitcoin.  For the record and clearly off topic, I hate
> Bitcoin with a passion and I believe that the global economic crisis
> could be easily averted by returning to a precious metal standard with
> disparate local economies and currencies, all in direct competition with
> each other for the best possible GDP.
>

The value of all the gold in the world ever mined is $8.2 trillion. The
NASDAQ alone traded $46 trillion last Friday.

There are problems with bitcoin but I would worry rather more about the
fact that the Feds have had no trouble at all shutting down every prior
attempt at establishing a currency of that type and the fact that there is
no anonymity whatsoever.





> So how does Bitcoin exist without the IETF?  In its infancy, millions of
> dollars of transactions are being conducted daily via Bitcoin, and there
> is no IETF involved and no central public key infrastructure to validate
> the papers of the people trading money with each other.  How do you
> counter this Bitcoin thing, especially given your tenure and experience
> at the IETF?


Umm I would suggest that it has more to do with supply and demand and the
fact that there is a large amount of economic activity that is locked out
of the formal banking system (including the entire nation of Iran) that is
willing to pay a significant premium for access to a secondary.


> Nonsense.  Port 25 connects to another port 25 and exchanges a public
> key.  Then a symmetrically keyed tunnel is established.  This is not a
> complex thing, and could have been written into the SMTP RFC decades ago.


RFC 3702 published in 2002.


--=20
Website: http://hallambaker.com/

--001a11c26456790c2404e5d5c9ba
Content-Type: text/html; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On Sat, Sep 7, 2013 at 8:53 PM, Gregory Perry <span dir=3D"ltr">&lt=
;<a href=3D"mailto:Gregory.Perry@govirtual.tv" target=3D"_blank">Gregory.Pe=
rry@govirtual.tv</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div class=3D"im">On 09/07/2013 07:52 PM, Je=
ffrey I. Schiller wrote:<br>
&gt; Security fails on the Internet for three important reasons, that have<=
br>
&gt; nothing to do with the IETF or the technology per-se (except for point=
<br>
&gt; 3).<br>
&gt; =A01. =A0There is little market for =93the good stuff=94. When people =
see that<br>
&gt; =A0 =A0 =A0they have to provide a password to login, they figure they =
are<br>
&gt; =A0 =A0 =A0safe... In general the consuming public cannot tell the<br>
&gt; =A0 =A0 =A0difference between =93good stuff=94 and snake oil. So when =
presented<br>
&gt; =A0 =A0 =A0with a $100 =93good=94 solution or a $10 bunch of snake oil=
, guess<br>
&gt; =A0 =A0 =A0what gets bought.<br>
</div>The IETF mandates the majority of the standards used on the Internet<=
br>
today. </blockquote><div><br></div><div>No they do not. There is W3C and OA=
SIS both of which are larger now. And there has always been IEEE.</div><div=
><br></div><div>And they have no power to mandate anything. In fact one of =
the things I have been trying to do is to persuade people that the Canute a=
ct commanding the tides to turn is futile. People need to understand that t=
he IETF does not have any power to mandate anything and that stakeholders w=
ill only follow standards proposals if they see a value in doing so.</div>
<div><br></div><div><br></div><div>=A0</div><blockquote class=3D"gmail_quot=
e" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">=
=A0If the IETF were truly serious about authenticity and integrity<br>
and confidentiality of communications on the Internet, then there would<br>
have been interim ad-hoc link layer encryption built into SMTP<br>
communications since the end of U.S. encryption export regulations.<br></bl=
ockquote><div><br></div><div>Like STARTTLS which has been in the standards =
and deployed for a decade now?</div><div><br></div><div>=A0</div><blockquot=
e class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc sol=
id;padding-left:1ex">

There would have been an IETF-mandated requirement for Voice over IP<br>
transport encryption, to provide a comparable set of confidentiality<br>
with VoIP communications that are inherent to traditional copper-based<br>
landline telephones. =A0There would at the very least be ad-hoc (read<br>
non-PKI integrated) DNSSEC.<br></blockquote><div><br></div><div>What on ear=
th is that? DNS is a directory so anything that authenticates directory att=
ributes is going to be capable of being used as a PKI.</div><div><br></div>
<div>=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;=
border-left:1px #ccc solid;padding-left:1ex">
And then there is this Bitcoin thing. =A0I say this as an individual that<b=
r>
doesn&#39;t even like Bitcoin. =A0For the record and clearly off topic, I h=
ate<br>
Bitcoin with a passion and I believe that the global economic crisis<br>
could be easily averted by returning to a precious metal standard with<br>
disparate local economies and currencies, all in direct competition with<br=
>
each other for the best possible GDP.<br></blockquote><div><br></div><div>T=
he value of all the gold in the world ever mined is $8.2 trillion. The NASD=
AQ alone traded $46 trillion last Friday.=A0</div><div><br></div><div>There=
 are problems with bitcoin but I would worry rather more about the fact tha=
t the Feds have had no trouble at all shutting down every prior attempt at =
establishing a currency of that type and the fact that there is no anonymit=
y whatsoever.</div>
<div><br></div><div><br></div><div><br></div><div>=A0</div><blockquote clas=
s=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;pad=
ding-left:1ex">
So how does Bitcoin exist without the IETF? =A0In its infancy, millions of<=
br>
dollars of transactions are being conducted daily via Bitcoin, and there<br=
>
is no IETF involved and no central public key infrastructure to validate<br=
>
the papers of the people trading money with each other. =A0How do you<br>
counter this Bitcoin thing, especially given your tenure and experience<br>
at the IETF?</blockquote><div><br></div><div>Umm I would suggest that it ha=
s more to do with supply and demand and the fact that there is a large amou=
nt of economic activity that is locked out of the formal banking system (in=
cluding the entire nation of Iran) that is willing to pay a significant pre=
mium for access to a secondary.</div>
<div><br></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex=
;border-left:1px #ccc solid;padding-left:1ex"><div class=3D"im"><br>
</div>Nonsense. =A0Port 25 connects to another port 25 and exchanges a publ=
ic<br>
key. =A0Then a symmetrically keyed tunnel is established. =A0This is not a<=
br>
complex thing, and could have been written into the SMTP RFC decades ago.</=
blockquote><div><br></div><div>RFC 3702 published in 2002.=A0</div></div><b=
r clear=3D"all"><div><br></div>-- <br>Website: <a href=3D"http://hallambake=
r.com/">http://hallambaker.com/</a><br>

</div></div>

--001a11c26456790c2404e5d5c9ba--

--===============1209567182989045367==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============1209567182989045367==--

home help back first fref pref prev next nref lref last post