Maybe I was a bit too loudmouthed in my post to
secushare-announce. Let's look at those papers
at https://www.w3.org/2014/strint/report.html
more closely and see if anything has a similar
spirit or otherwise a chance of fixing the net.
Surely the list of authors is impressive.
////
1. Privacy Protected Email | Phillip Hallam-Baker
adds fingerprints to the email address. addresses
one fundamental critique that has been articulated
for over a decade - the public key MUST be part of
the routing strategy to help protect against
impersonations. still, it's email - therefore the
other 14 reasons not to start using PGP still apply.
not to mention S/MIME.
Sorry, I will skip a lot of papers because they are
just too many...
2. Opportunistic Encryption for MPLS | Stephen Farrell, Adrian Farrrelll
3. Overcoming the Friend-or-Foe Paradigm in Secure Communication | Sebastian
Gajek, Jan Seedorf, Marc Fischlin, Oezguer Dagdalen
4. Flows and Pervasive Monitoring | Ted Hardie
5. BetterCrypto.org Applied Crypto Hardening | Aaron Zauner, L. Aaron Kaplan
6. A Complimentary Analysis | Andrei Robachevsky, Christine Runnegar, Karen
O'Donoghue, Mat Ford
7. Trust Issues with Opportunistic Encryption | Scott Rose, Stephen
Nightingale, Doug Montgomery
8. Challenges with End-to-End Email Encryption | Jiangshan Yu, Vincent Cheval,
Mark Ryan
9. Strengthening the path and strengthening the end-points | Xavier Marjou,
Emile Stephan, Jean-Michel Combes, Iuniana Oprescu
10. SIP is Difficult | Jon Peterson
11. Thoughts of Strengthening Network Devices in the Face of Pervasive
Surveillance | Dacheng Zhang, Fuyou Miao
12. Opportunistic Encryption for HTTP URIs | Mark Nottingham
13. CyberdefenseÂOriented Multilayer Threat Analysis | Yuji Sekiya, Daisuke
Miyamoto, Hajime Tazaki
14. A Threat Model for Pervasive Passive Surveillance | Brian Trammel, Daniel
Borkmann, Christian Huitema
15. Why Provable Transparency is Useful Against Surveillance | Ben Laurie
16. Withheld
A surprise guest with a surprise opinion! :-D
17. Monitoring message size to break privacy - Current issues and proposed
solutions | Alfredo Pironti
Some serious scientific talking on security issues here. How to improve
encryption so that statistical analysis will not give us trouble.
The author proposes some extensions and improvements to TLS which
sound similar to strategies that have been employed by GNUnet and
other tools.
I think fundamentally the usage patters have to change. Pond is a nice
demonstration on how e-mail can be a lot more secure if it drops the
requirement to be immediate. The web could be a lot more anonymous if
it was a push medium rather than pull. Multicast is a very natural way
of providing better privacy. As long as browsers try to fetch things
in real-time, Tor can only do its best. So the architecture of the web
is fundamentally b0rked and should only be used when inevitable.
18. Withheld
Another one. Very curious about these. :)
19. Making The Internet Secure By Default | Michael H. Behringer, Max Pritkin,
Steinthor Bjarnason
Cisco employees recommending that we can trust all of
our devices because they will come with certificates
signed by the manufacturer.
20. Increasing HTTP Transport Confidentiality with TLS Based Alternate Services
| Patrick McManus
21. Balance - Societal security versus individual liberty | Scott Cadzow
22. Strengthening the Extensible Messaging and Presence Protocol (XMPP) Peter
Saint-Andre
Honest summary of the sorry status of the XMPP network. Respect.
23. The Internet We Want or the Internet We Deserve? | David Rogers
24. Beyond Encrypt Everything: Passive Monitoring | Mark Donnelly, Sam Hartman
25. Examining Proxies to Mitigate Pervasive Surveillance | Eliot Lear, Barbara
Fraser
26. Spontaneous Wireless Networking to Counter Pervasive Monitoring | Emmanuel
Baccelli, Oliver Hahm, Matthias WÀhlisch
27. Is Opportunistic Encryption the Answer? Practical Benefits and
Disadvantages | John Mattsson
28. Clearing off the Cloud over the Internet of Things | Carsten Bormann,
Stefanie Gerdes, Olaf Bergmann
Carsten wins the award for best backronym: "state-level
tenacious attackers with significant infrastructure (STASI)"
He presents ten laws of "clear sky" (as opposed to the cloud)
that we can indeed agree upon, in particular number 8:
"Communication must be direct between the enti-
ties that actually need to communicate, with no
diversion to additional parties simply for imple-
mentation convenience."
In the secushare scenario these laws are actually easy to abide
since secushare does not delegate any trust concerning user data
to any entity that isn't a final recipient. Law number 5 however
is the old "open standard" thinking which we consider debatable
and potentially harmful.
29. The ARPA2.net project; Integrating and bundling hardened services for
normal users | Michiel Leenars, Rick van Rein
Michiel from NLnet is completely right here: We need
to make tools like Tor, GNUnet or I2P the "NEW NORMAL."
The new way to use the Internet so that users of these
tools do not stick out in the crowd. That's why secushare
is targeting Facebook as the primary application and
target crowd. But then Michiel presents the "ARPA2"
project being a cloud-oriented "open source solution"
for old-fashioned things such as "secure mail," "key
distribution" (LDAP!), "forward secrecy" (XMPP! SIP!)
and even OStatus for public messaging. Basically ARPA2
is a bundling of technologies that we think are bound
to disappear. Why? Because those servers accumulate
large amounts of clear meta data (the social graph etc)
if not actual cleartext data and are thus big pots of
honey for surveillance intrusion.
30. The Trust-to-Trust Model of Cloud Services | Alissa Cooper, Cullen Jennings
31. Linkability Considered Harmful | Leif Johansson
32. Simple Opportunistic Encryption | Andrea Bittau, Michael Hamburg, Mark
Handley, David MaziÚres, Dan Boneh
A nice plan to add encryption by default to all TCP
sessions. Very susceptible to man in the middle and
does not protect meta data nor against analysis, but
still better than nothing. But not better than a
redesign of the Internet.
33. An Architecture for a Secure Cloud Collaboration System | Cullen Jennings,
Suhas Nandakumar
34. Security and Simplicity | Steven Bellovin
35. Privacy at the Link Layer | Piers OâHanlon, Joss Wright, Ian Brown
36. Erosion of the moral authority of middleboxes | Joe Hildebrand
The XMPP man at Cisco raises some hot issues concerning
business interests in "middle boxes" having access to
unencrypted traffic.
- Caching
- Enterprise policy controls
- Service provider acceleration of mobile data
- Advertisement insertion for "free" networks
Best paragraph: "Some middlebox capabilities are currently
implemented using the same mechanisms employed by attackers,
including passive capturing of plaintext data, active imper-
sonation, and denial of service." He concludes: "When the
moral authority of middleboxes is eroded, arguments by their
developers to allow unfettered access to the plaintext of traffic
that traverses those boxes may be called into question. As an
industry, we should look for other mechanisms to provide
legitimate third-party value."
Yes, and we have some ideas on how to do that.
37. Policy Responses, Implications and Opportunities | Joseph Lorenzo Hall
38. Is it time to bring back the hosts file? | Peter Eckersley
The Technology Projects Director of the EFF suggesting we should, in
the spirit of the pre-DNS era, share a data base of public key
material worldwide, and keep it in sync on most devices.
This plan probably scales worse than Bitcoin, but luckily we
don't need this - we already have GNS.
39. Service concentration | Larry Masinter
Larry, the man who invented the HTTP file upload form and is
responsible for the ETag surveillance bug making it into the
HTTP standard. He has some wise points:
- Surveillance is not an "attack"
- "Enryption Everywhere" can backfire.
- "Enryption Everywhere" is not enough if you don't protect meta data.
- "Enryption Everywhere" adds cost everywhere
- Service concentration is a key factor in allowing pervasive monitoring
I think we agree on all of this and have designed our tools
accordingly.
40. Levels of Opportunistic Privacy Protection for Messaging-Oriented
Architectures | Dave Crocker, Pete Resnick
41. What is fingerprinting? | Nicholas Doty
42. Eradicating Bearer Tokens for Session Management | Philippe De Ryck, Lieven
Desmet, Frank Piessens, Wouter Joosen
43. STREWS Web-platform security guide: security assessment of the Web
ecosystem | Martin Johns, Lieven Desmet
44. Pervasive Attack: A Threat Model and Problem Statement | Richard Barnes,
Bruce Schneier, Cullen Jennings
45. Cryptech - Building a More Assured HSM with a More Assured Tool-Chain |
Randy Bush
46. Replacing passwords on the Internet AKA post-Snowden Opportunistic
Encryption | Ben Laurie, Ian Goldberg
Ben from Google meets Prof. OTR. They suggest to persist Diffie-Hellman
exchanges opportunistically in order to authenticate returning web
customers without annoying them with having to remember passwords.
It's a nifty plan but what if I want to use somebody else's computer to
access Facebook? What if my hard disk crashes? Will I be cut out of my
old account and have to make a new one? Why are we talking about
client/server architectures anyway?
47. End-User Concerns about Pervasive Internet Monitoring: Principles and
Practice | Tara Whalen, Stuart Cheshire, David Singer
48. Developer-Resistant Cryptography | Kelsey Cairns, Graham Steel
49. Kai Engert's Position Paper | Kai Engert
"Attempts to control surveillance using legislation won't work."
Depends on the legislation. "We rather need technical solutions
that make surveillance difficult or impossible." That's the kind
of legislation I promote. ;-) Kai has been proposing MECAI and
DetecTor.io, which is very similar to our libcertpatrol: both are
certificate pinning implementations in C.
50. Mike O'Neill's Position Paper | Mike O'Neill
51. Detecting MITM Attacks on Ephemeral Diffie-Hellman without Relying on a PKI
in Real-Time Communications | Alan Johnston
52. Trust & Usability on the Web, a Social/Legal perspective | Rigo Wenning,
Bert Bos
53. Hardening Operations and Management Against Passive Eavesdropping | Bernard
Aboba
54. A few theses regarding privacy and security | Andreas Kuckartz
We had quite some religious fights on this mailing list, but
after meeting in person at 30c3 the disputes were off the table.
Andreas specifically mentions projects that aim to protect the
social graph (thank you). The core problem of insecure inter-server
communications in federated architecture is addressed (SMTP, XMPP).
55. Meet the new threat model, same as the old threat model | Eric Rescorla
Nice citation, seen from the perspective of "We used to hope we
were just being paranoid" - from The Importance of Being Earnest:
"It is a terrible thing for a man to find out suddenly that all
his life he has been speaking nothing but the truth."
Usability (1): Make it easy and automatic.
Usability (2): Only make a secure version.
Usability (3): Do something new or better.
The man from Mozilla admits the X.509 certification authority
scheme is suboptimal after all. But then concerning SSH's success
"attempts to use a similar key continuity mechanism with HTTPS
have seen only very limited usage." Well, you still haven't
adopted CertPatrol as an official certificate pinning strategy!
... and help to handle the usability issues related to X.509.
Eric concludes that server-based identification is the way of the
future which leaves me hitting my head against the wall. Also,
he gives up all hope on protecting meta data.
56. Itâs Time for Application-Centric Security | Yuan Gu
57. Sabatini Monatesti position paper | Sabatine Monatesti
58. Trust problems in pervasive monitoring | Melinda Shore, Karen O'Donoghue
59. Beyond "Just TLS Everywhere": From Client-encrypted Messaging to Defending
the Social Graph | Harry Halpin, George Danezis
Harry Halpin writes a tribute to the LEAP project. We have
discussed in the past what the problems of the LEAP approach
are. I kept them at http://about.psyc.eu/LEAP. What is George
doing in the author list? He's a Tor developer, he should
know better that the future of the Internet has something to
do with DHT technology, not doctoring pre-DHT tech.
60. Network Security as a Public Good | Wendy Selzer
61. Statement of Interest on behalf of the W3C TAG | Dan Appelquist
Probably a co-founder of the W3C, Dan ran an attempt to
implement "One Social Web" over XMPP. With this position
paper he suggests using more HTTPS with certificate
pinning. The job that "Certificate Patrol" does.
62. Improving Security on the Internet | Hannes Tschofenig
The chair of the workshop himself, who met and invited us
at 30c3. He steers clear of controversy and presents a
historic view on internet security lifecycles concluding that
the deployment of technologies is insufficiently correlated
to their development (especially when standards bodies are
in the way ;-)).
63. Protecting customer data from government snooping | Orit Levin
64. Privacy Aware Internet Development Initiative 2014 | Achim Klabunde
A point of view from the data protection authorities.
65. The Internet is Broken: Idealistic Ideas for Building a NEWGNU Network |
Christian Grothoff, Bartlomiej Polot, Carlo von Loesch
Here we are. Daring to say that BGP can be replaced by a
DHT technology called GNS. DNS and X.509, also, by the way.
And I few more drastic things.
66. Opportunistic Keying as a Countermeasure to Pervasive Monitoring | Stephen
Kent
////
Feel invited to fill in the gaps by reading the other papers.. :)
-- [email protected]
https://lists.tgbit.net/mailman/listinfo.cgi/secu-share
