I’m a little confused. I thought the concern was about decrypting intentionally mis-routed traffic, not a suggestion that ROV uses encryption…
Regards, -drc > On Oct 30, 2021, at 5:57 PM, J. Hellenthal via NANOG <nanog@nanog.org> wrote: > > He answered it completely. "You" worried about interception of RPKI exchange > over the wire are failing to see that there is nothing there important to > decrypt because the encryption in the transmission is not there ! > > And yet you've failed to even follow up to his question... "What's your point > regarding your message? ROV does not use (nor needs) encryption." > > So maybe you could give some context on that so someone can steer you out of > the wrong direction. > > -- > J. Hellenthal > > The fact that there's a highway to Hell but only a stairway to Heaven says a > lot about anticipated traffic volume. > >> On Oct 30, 2021, at 10:31, A Crisan <alina.flo...@gmail.com> wrote: >> >> >> Hi Matthew, >> >> Quantum computing exists as POCs, IBM being one of those advertising them >> and announced to extend their project. There are others on the market, >> Amazon advertised quantum computing as a service back in 2019: >> https://www.theverge.com/2019/12/2/20992602/amazon-is-now-offering-quantum-computing-as-a-service >> >> <https://www.theverge.com/2019/12/2/20992602/amazon-is-now-offering-quantum-computing-as-a-service>. >> The bottle neck of the current technology is scalability: we will not see >> QC as personal computing level just yet (to go in more detail, current >> technologies work at cryogenic temperatures, thus they are hyper expensive >> and not really scalable), but they exist and one could be imagine they >> are/will be used for various tasks. >> >> On the other hand, you've actually commented every word of my mail, minus >> the stated question. Thanks. >> >> Best Regards, >> Dora Crisan >> >> >> >> >> >> On Fri, Oct 29, 2021 at 8:10 PM Matthew Walster <matt...@walster.org >> <mailto:matt...@walster.org>> wrote: >> >> >> On Fri, 29 Oct 2021, 15:55 A Crisan, <alina.flo...@gmail.com >> <mailto:alina.flo...@gmail.com>> wrote: >> Hi Matthew, >> I was reading the above exchange, and I do have a question linked to your >> last affirmation. To give you some context, the last 2021 ENISA report seem >> to suggest that internet traffic is "casually registered" by X actors to >> apply post Retrospective decryption (excerpt below). This would be at odds >> with your (deescalating) affirmation that hijacks are non-malicious and they >> are de-peered quickly, unless you pinpoint complete flux arrest only. Are >> there any reportings/indicators... that look into internet flux constant >> monitoring capabilities/capacities? Thanks. >> >> RPKI uses authentication not confidentiality. There is no encryption taking >> place, other than the signatures on the certificates etc. >> >> Excerpt from the introduction: "What makes matters worse is that any cipher >> text intercepted by an attacker today can be decrypted by the attacker as >> soon as he has access to a large quantum computer (Retrospective decryption). >> >> Which do not exist (yet). >> >> Analysis of Advanced Persistent Threats (APT) and Nation State capabilities, >> >> Buzzwords. >> >> along with whistle blowers’ revelations >> have shown that threat actors can and are casually recording all Internet >> traffic in their data centers >> >> No they're not. It's just not possible or indeed necessary to duplicate >> everything at large scale. Perhaps with a large amount of filtering, certain >> flows would be captured, but in the days of pervasive TLS, this seems less >> and less worthwhile. >> >> and that they select encrypted traffic as interesting and worth >> storing.This means that any data encrypted using any of the standard >> public-key systems today will need to be considered compromised once a >> quantum computer exists and there is no way to protect it retroactively, >> because a copy of the ciphertexts in the hands of the attacker. This means >> that data that needs to remain confidential after the arrival of quantum >> computers need to be encrypted with alternative means" >> >> None of this is relevant to RPKI (ROV) at all. In fact, it reads like the >> fevered dreams of a cyber security research student. What's your point >> regarding your message? ROV does not use (nor needs) encryption. >> >> M >>