Hello,
I've read your I-D (extremely interesting) and have a few comments:
1- The attacker model of the 20sec and kill-switch scenarios
We assume "the adversary cannot compromise smartphones or other
participating devices".
It looks rather strange to me. Personally I'd rather state the opposite:
the threat model must be that of a powerful attacker (as in the 3rd scenario).
Indeed, a device owners can be arrested and obliged to unlock its
device... He may also be obliged to move around and to collect more
information on others, using a modified device.
Is it motivated by the desire to have some progression in the threat model
in the document? If that's the case, then I understand, but state it clearly.
2- The 20sec scenario and the list of peers
Is it recommended to have such a list with possibly thousands
peers in this scenario when a device might be compromised
(previous comment)? Is it the reason why the threat model makes
the opposite assumption?
3- The 20sec scenario: clarification
I understand the wired Internet is here, and usable, even if
many links/servers/services are compromized. Am I correct?
Because if it's not the case, then how would it be possible to
broadcast a message to 20 million devices in 20sec using
bluetooth and wifi networks only? 20 millions is a lot and having
a meshed network large enough to reach them all using small
range wireless techniques seems rather challenging ;-)
4- AThe friend-to-friend scenario
What does the following bullet mean?
o The adversary can choose the data written to the microblogging
layer by higher protocol layers.
(I confess I didn't read [BRIAR] where it's certainly explained)
5- Concerning Tor...
I agree, it's not the panacea for this use-case. In addition to
what you're saying, we can add that it can make the situation
worse. My colleagues have a paper on this topic:
S. Leblond, A. Chaabane, P. Manils, M.A. Kaafar, C. Castelluccia, A. Legout, W.
Dabbous,
"One Bad Apple Spoils the Bunch: Exploiting P2P Applications to Trace and
Profile Tor Users",
USENIX Workshop on Large Scale Exploits and Emergent Threats (LEET'11), April
2011.
http://arxiv.org/abs/1103.1518
I'll be at the side-meeting.
Cheers,
Vincent
_______________________________________________
ietf-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-privacy
