From nobody Sun Mar 2 22:30:11 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 358961A0B21 for ; Sun, 2 Mar 2014 22:30:09 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.465 X-Spam-Level: * X-Spam-Status: No, score=1.465 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id chHWGd5iJydH for ; Sun, 2 Mar 2014 22:30:07 -0800 (PST) Received: from atl4mhob03.myregisteredsite.com (atl4mhob03.myregisteredsite.com [209.17.115.41]) by ietfa.amsl.com (Postfix) with ESMTP id A10E31A0B7A for ; Sun, 2 Mar 2014 22:30:07 -0800 (PST) Received: from mailpod.hostingplatform.com ([10.30.71.207]) by atl4mhob03.myregisteredsite.com (8.14.4/8.14.4) with ESMTP id s236U3kU027823 for ; Mon, 3 Mar 2014 01:30:03 -0500 Received: (qmail 4168 invoked by uid 0); 3 Mar 2014 06:30:03 -0000 X-TCPREMOTEIP: 174.34.166.172 X-Authenticated-UID: avri@ella.com Received: from unknown (HELO ?127.0.0.1?) (avri@ella.com@174.34.166.172) by 0 with ESMTPA; 3 Mar 2014 06:30:02 -0000 Message-ID: <53142168.2000103@acm.org> Date: Mon, 03 Mar 2014 06:30:00 +0000 From: Avri Doria User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: perpass@ietf.org References: <530229FF.80206@gmail.com> In-Reply-To: <530229FF.80206@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Antivirus: avast! (VPS 140302-1, 03/02/2014), Outbound message X-Antivirus-Status: Not-Tested Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/32HUYpTJO16W9ptpZHDUyloBHG8 Subject: Re: [perpass] Updated info for perpass lunch mtg X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Mar 2014 06:30:09 -0000 perpass lunch meeting agenda and reading list Assigned Room: Hilton Meeting Room 5-6 Assigned Date: 03/03/201 Desired Start Time: 11:30:00 Desired End Time: 13:00:00 Draft Agenda * Assorted things required by an IETF mtg (5 min) * notetaker? * - Discuss goals and scope (10 min) * of meeting * of reviews * Privacy including PM * Just PM * Which effort (10 min) * Existing RFC * What would that involve? * what about when a protocol corresponds to a set of RFCs * Where would we start? * IDs at IETF last call * Brief look at existing examples of such reviews (20 min) * A look at possible criteria for Privacy or PM reviews (15 min) * with examples taken from the readings * with examples taken from the perpass list * How to organize the draft review process for maximum benefit. Eg. (15 min) * Keeping records, * establishing a way for a WG to request a Privacy or PM review, * making the reviews timely, * other issues? * where to go from here. (10 min) * Volunteers for organization and reviews? * List, wiki etc? * Case studies? Volunteers? 2. Reading and Research list * RFC 6973 * draft-farrell-perpass-attack * draft-trammell-perpass-ppa * http://www.ietf.org/proceedings/88/perpass.html * others ... 3. Possible drafts for Interest * http://tools.ietf.org/html/draft-hzhwm-start-tls-for-dns-00 * https://datatracker.ietf.org/doc/draft-farinacci-lisp-crypto/ * https://datatracker.ietf.org/doc/draft-seitz-ace-design-considerations/ 4. Sample Reviews * http://huitema.net/papers/draft-huitema-perpass-dhcp-identifiers-00.txt * http://www.iab.org/activities/programs/privacy-program/privacy-reviews/ * http://tools.ietf.org/html/draft-bortzmeyer-dnsop-dns-privacy-01 From nobody Sun Mar 2 23:15:47 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67DBE1A0CA5 for ; Sun, 2 Mar 2014 23:15:45 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.465 X-Spam-Level: * X-Spam-Status: No, score=1.465 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cMKXyDyRHPs1 for ; Sun, 2 Mar 2014 23:15:43 -0800 (PST) Received: from atl4mhob09.myregisteredsite.com (atl4mhob09.myregisteredsite.com [209.17.115.47]) by ietfa.amsl.com (Postfix) with ESMTP id BB55F1A0BC7 for ; Sun, 2 Mar 2014 23:15:43 -0800 (PST) Received: from mailpod.hostingplatform.com ([10.30.71.205]) by atl4mhob09.myregisteredsite.com (8.14.4/8.14.4) with ESMTP id s237Fd87006518 for ; Mon, 3 Mar 2014 02:15:39 -0500 Received: (qmail 5749 invoked by uid 0); 3 Mar 2014 07:15:39 -0000 X-TCPREMOTEIP: 174.34.166.172 X-Authenticated-UID: avri@ella.com Received: from unknown (HELO ?127.0.0.1?) (avri@ella.com@174.34.166.172) by 0 with ESMTPA; 3 Mar 2014 07:15:39 -0000 Message-ID: <53142C19.6050508@acm.org> Date: Mon, 03 Mar 2014 07:15:37 +0000 From: Avri Doria User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: perpass@ietf.org References: <530229FF.80206@gmail.com> In-Reply-To: <530229FF.80206@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Antivirus: avast! (VPS 140302-1, 03/02/2014), Outbound message X-Antivirus-Status: Not-Tested Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/44rOg9pZbY78hzoLYeFsaMMybPg Subject: Re: [perpass] Updated info for perpass lunch mtg X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Mar 2014 07:15:45 -0000 BTW, the meeting is conceived as more of a discussion than a set of presentations. but anyone who wants to talk about about a review they already did or are working on, please let me know and we can adapt the schedule. avri On 17-Feb-14 15:25, Avri Doria wrote: > perpass lunch meeting agenda and reading list > > > 1. Tentative Draft Agenda > > > * Assorted things required by an IETF mtg > (If any for an informal meeting) > > > * - Discuss goals and scope > * of meeting > * of reviews > * Privacy including PM > * Just PM > > > * A look at possible criteria for Privacy or PM reviews > * with examples taken from the readings > * with examples taken from the perpass list > > > (some of this can be scoped out before the meeting) > > > * How to organize the draft review process for maximum benefit. Eg. > * Keeping records, > * establishing a way for a WG to request a Privacy or PM review, > * making the reviews timely, > * other issues? > > > * is there a need to do reviews of past RFCs. > * What would that involve? > > > * where to go from here. > * Volunteers for organization and reviews? > * List, wiki etc? > * Case studies? Volunteers? > > > 2. Reading and Research list > > > * RFC 6973 > * draft-farrell-perpass-attack > * draft-trammell-perpass-ppa > * http://www.ietf.org/proceedings/88/perpass.html > * others ... > > > 3. Possible drafts for Interest > > > * http://tools.ietf.org/html/draft-hzhwm-start-tls-for-dns-00 > * https://datatracker.ietf.org/doc/draft-farinacci-lisp-crypto/ > * https://datatracker.ietf.org/doc/draft-seitz-ace-design-considerations/ > > > 4. Sample Reviews > > > * http://huitema.net/papers/draft-huitema-perpass-dhcp-identifiers-00.txt > * http://www.iab.org/activities/programs/privacy-program/privacy-reviews/ > * > > > This is avaialbe as google drive document that is open for comment. I > will process comments from either the list of drive. dont' wnat to > force anyone to use a tool they are not cmfortable with, but since I can > export text to send to this list, I figure it is not all that bad. > > https://docs.google.com/document/d/1dZnpifcto4M70MAeLkfWPWPHvujmkEl9ac_VrsrciTQ/edit?usp=sharing > > > > > _______________________________________________ > perpass mailing list > perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass > From nobody Wed Mar 12 03:22:29 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B52821A0673 for ; Wed, 12 Mar 2014 03:22:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.664 X-Spam-Level: X-Spam-Status: No, score=0.664 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CkDwDwjLgg_B for ; Wed, 12 Mar 2014 03:22:25 -0700 (PDT) Received: from atl4mhob12.myregisteredsite.com (atl4mhob12.myregisteredsite.com [209.17.115.50]) by ietfa.amsl.com (Postfix) with ESMTP id A4F891A094C for ; Wed, 12 Mar 2014 03:22:25 -0700 (PDT) Received: from mailpod.hostingplatform.com ([10.30.71.203]) by atl4mhob12.myregisteredsite.com (8.14.4/8.14.4) with ESMTP id s2CAMHiv023851 for ; Wed, 12 Mar 2014 06:22:17 -0400 Received: (qmail 27980 invoked by uid 0); 12 Mar 2014 10:22:17 -0000 X-TCPREMOTEIP: 68.15.42.104 X-Authenticated-UID: avri@ella.com Received: from unknown (HELO ?127.0.0.1?) (avri@ella.com@68.15.42.104) by 0 with ESMTPA; 12 Mar 2014 10:22:17 -0000 Message-ID: <53203558.5000609@acm.org> Date: Wed, 12 Mar 2014 06:22:16 -0400 From: Avri Doria User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: perpass@ietf.org References: <532034C7.5080502@acm.org> In-Reply-To: <532034C7.5080502@acm.org> X-Forwarded-Message-Id: <532034C7.5080502@acm.org> Content-Type: multipart/mixed; boundary="------------050008020006010301050603" X-Antivirus: avast! (VPS 140311-3, 03/11/2014), Outbound message X-Antivirus-Status: Not-Tested Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/cDsTeOSzTu-GH5ha0xXHwvchpvw Subject: [perpass] Fwd: [] Draft report on IETF89 PM review lunch meeting report X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Mar 2014 10:22:28 -0000 This is a multi-part message in MIME format. --------------050008020006010301050603 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit There was a decision to use the ietf-privacy email list for the PM review work work instead of the perpass list. This was sent to ietf-privacy list and then forwarded to perpass, but we should probably try to limit discussion to the ietf-privacy list if at all possible. avri -------- Original Message -------- Subject: [ietf-privacy] Draft report on IETF89 PM review lunch meeting report Date: Wed, 12 Mar 2014 06:19:51 -0400 From: Avri Doria To: ietf-privacy@ietf.org Draft Meeting report. A set of notes created by Scott Brim (thanks!) can be found at: https://docs.google.com/document/d/1GwD5m09p42fS3OWucYwPZ0lWcVN8Y_HIN0yp2BzYYYI/edit?usp=sharing Those who were at the meeting should feel free to add their comments. A text view of their current state is attached to this message. In terms of the meeting, we discussed several issues and I believe we came up with the following: - Volunteers will be begin to work on reviews of existing standards track RFCs - While the reviews will be primarily for Pervasive Monitoring (PM) risks and issues, privacy issues will also be in scope for the reviews. - Several Protocols were given as first examples including; -- DNS (there are already some reviews in circulation) -- DHCP (There is already an review i this area) -- URI usage -- yet to be selected from the INT area There is a long list of things to be reviewed. Stephen Farrell agreed to check with other ADs on any particular recommendations they might have on docs to be reviewed. - There are several volunteers for this work listed in the meeting notes. Several volunteers came forward later. This will be tracked on the wiki once it is set up. - An initial milestone of 15 May was set for some of the reviews. - We had a discussion of some of the review work that had been done. It was the feeling of the group that while we should be collecting a set of bases for PM reviews, we would build on the work done for privacy including RFC6973 Questionnaire. Creating a criteria set for PM reviewing would be an ongoing project. There was discussion on the utility of prioritizing or categorizing the PM and Privacy concerns. - While the group did not decide to work on reviews of current drafts, there was a spirit of cooperation on the work being done by Gen Art. This needs follow-up. - There was a decision to use the ietf-privacy email list for this work instead of the perpass list. This is being sent to ietf-privacy and then forwarded to perpass, but we should probably try to limit discussion to the ietf-privacy list if at all possible. - I will work to coordinate activities Using an IETF WIki. this Wiki has been setup, but I have not done anything with it yet. Still learning this flavor of wiki, but will have some first pages soon. Eg. will put thse notes and the meeting notes on the wiki. 26 People signed the not quite blue sheets. --------------050008020006010301050603 Content-Type: text/plain; charset=UTF-8; name="MondayLunchNotes.txt" Content-Transfer-Encoding: 8bit Content-Disposition: attachment; filename="MondayLunchNotes.txt" There are two ways to review existing work: * Issue areas * http://huitema.net/papers/draft-huitema-perpass-dhcp-identifiers * http://tools.ietf.org/html/draft-bortzmeyer-dnsop-dns-privacy * https://datatracker.ietf.org/doc/draft-seitz-ace-design-considerations/ * Some STRINT contributions * Specific RFCs (or drafts) * http://tools.ietf.org/html/rfc6740 - ILNP architecture * http://tools.ietf.org/html/draft-montemurro-gsma-imei-urn * http://tools.ietf.org/html/draft-allen-dispatch-imei-urn-as-instanceid * http://tools.ietf.org/html/draft-imadali-its-vinipv6-viid * http://tools.ietf.org/html/rfc6740 Anyone want to talk about their own work or planned work? Christine Runnegar: how to coordinate work across organizations eg W3C. Robin Wilton: bridge the gap between technical people and social/policy people. Alex Mayrhoftsh: Privacy in DNS. Make privacy comfortable for users. Stephan Bortzmeyer: DNS and privacy. Steve Olshansky representing ISOC. Existing vs new documents? -> Let gen-art and SAAG look for privacy issues as part of their current review process, and this is a new activity. * Scott Brim: But consolidate results. * Steve Kent: continue work on the threat document, and have a list of goals dealing with pervasive monitoring eg data minimization, and for new documents require someone with a standards track document refer to _prioritized_ list and say which ones they believe they have addressed. * Brian Carpenter: adds to gen-art “please be sure this gets a security review” - Stephen says it’s about an 80% rate - * Brian says if something smells like privacy, flag it as needing a privacy review. * Steve Kent: prioritization should be detailed, a total ordering - if you don’t do the first tier, the rest is irrelevant. If I’m not encrypting the traffic, minimizing identifier use is not so important. * Allison: we tried to do SIP privacy and thinks of data minimization as related to persistent object security … missed it … Steve: in the context of the workshop, thinking of doing it on a per-layer basis. * Alissa: analysis of the threats in surveillance draft could be complementary to the 6973 questionnaire which is mostly about minimization. * Steve: for existing docs get people who wrote them to tell you what they thought. * Wendy Seltzer: pieces that look like risks in one context are not in another, so might characterize the priorities. * Christine Runnegar: Do it early. Need volunteers with cross expertise. Learn by doing. * Robin Wilton: going back to review old documents is good practice. * Hannes: Collision with business model. Brian Carpenter: We could refuse to publish docs with significant insecurities. * Doug Otis: Assumptions about layers handling things. * Linus: one person’s security conflicts with another person’s security i.e. bank transaction monitoring to avoid fraud. Stefan Bortzmeyer: a privacy review doesn’t need to make choices like that, just to make people aware of consequences. * Steve Kent: early reviews can be requested. * Alissa: for reviews of new protocols, need sector reviews, and the goal is to get things changed. Reviews: * Hannes: Host identity work. IntArea. A TCP option. * Doug Otis: synthetic domains that identify you but are not part of the transfer. The protocol doesn’t change but the deployment changes to make it more invasive. * Wendy Seltzer: the function of the reviews could be both changes of protocols and deployment guidelines. Wiki: Avri will gather from the list and will talk to Henrik about a wiki. Which list? ietf-privacy. Doug Otis: marine tracking. Allison: if you want to make it broader, ISOC 360 can help. If you mail to an author and CC the list, need a manager for the list, for non-member mailings. Allison volunteers to manage the list. Including the wider privacy concept? * We already have 6973, there will be overlap with pervasive monitoring. * Allison: separate perpass from other privacy, but if you see perpass issues, flag them. * Alissa: how much of an additional review will a pervasive monitoring review be? If not bad, do it. * Stephen thinks the task is more tractable if focus just on pervasive monitoring. * Brian but we have 6973 for privacy and no guidelines for pervasive monitoring yet. * Elwyn: there’s quite a lot of inter-layer interactions with these things, and need to understand the _context_ (lower layers) in which a protocol is used to understand its issues. So maybe start reviewing at the bottom of the stack. Karen O’Donoghue: need prioritization. * Alissa: to take best advantage of the current situation, for existing RFCs could focus on pervasive monitoring, but could do privacy in sector reviews. General nods. How to approach existing reviews? * Most “popular” base protocols that get used in new protocols. Stephen: but what are the base protocols? * Christine: … missed it. * Ask each AD which are the most important 5. -> Stephen will do that. * Scott and Avri will talk to Christian about more on DHCP. * Joe Hall and Aruna will do reviews for _something_. * Scott volunteers for IntArea. * Scott: URI use always needs careful scrutiny. * Linus: use Tor as a resource? Can’t block it. … missed it. * How to build up a list of willing privacy experts, so reviewers can bring them in for help? * Robin: waiting for it to creep up the stack. * Karen: general volunteer. * Steve Kent: avian carriers. * Say so when you start a review. * Stephen: have deadlines, mid-May something should be sent as reviews. * Allison: SDP, RTCP, Radius, Diameter ... all need reviews. * Avri will keep track of it all on the wiki. --------------050008020006010301050603 Content-Type: text/plain; charset=windows-1252; name="Attached Message Part" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="Attached Message Part" _______________________________________________ ietf-privacy mailing list ietf-privacy@ietf.org https://www.ietf.org/mailman/listinfo/ietf-privacy --------------050008020006010301050603-- From nobody Wed Mar 12 04:50:03 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A9301A0948 for ; Wed, 12 Mar 2014 04:50:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.447 X-Spam-Level: X-Spam-Status: No, score=-2.447 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.547] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YjrIobD5_UkQ for ; Wed, 12 Mar 2014 04:49:59 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 6BEBA1A094D for ; Wed, 12 Mar 2014 04:49:59 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 2BF05BE54; Wed, 12 Mar 2014 11:49:53 +0000 (GMT) Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EJ-evTFK8dOq; Wed, 12 Mar 2014 11:49:53 +0000 (GMT) Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id D1480BE3F; Wed, 12 Mar 2014 11:49:52 +0000 (GMT) Message-ID: <532049E2.2050504@cs.tcd.ie> Date: Wed, 12 Mar 2014 11:49:54 +0000 From: Stephen Farrell User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Avri Doria , perpass@ietf.org References: <532034C7.5080502@acm.org> <53203558.5000609@acm.org> In-Reply-To: <53203558.5000609@acm.org> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/V_r6H18Z6nJhpy3qnxm1TAkRVdo Subject: Re: [perpass] Fwd: [] Draft report on IETF89 PM review lunch meeting report X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Mar 2014 11:50:01 -0000 On 03/12/2014 10:22 AM, Avri Doria wrote: > There was a decision to use the ietf-privacy email list for the PM > review work work instead of the perpass list. > > This was sent to ietf-privacy list and then forwarded to perpass, but we > should probably try to limit discussion to the ietf-privacy list if at > all possible. Except for this: I'd like to really thank Avri and also Scott for getting this together and for being willing to try help us organise these reviews. And everyone else who has or will contribute as well of course:-) Cheers, S. > > avri > > -------- Original Message -------- > Subject: [ietf-privacy] Draft report on IETF89 PM review lunch meeting > report > Date: Wed, 12 Mar 2014 06:19:51 -0400 > From: Avri Doria > To: ietf-privacy@ietf.org > > > Draft Meeting report. > > A set of notes created by Scott Brim (thanks!) can be found at: > https://docs.google.com/document/d/1GwD5m09p42fS3OWucYwPZ0lWcVN8Y_HIN0yp2BzYYYI/edit?usp=sharing > > > Those who were at the meeting should feel free to add their comments. A > text view of their current state is attached to this message. > > In terms of the meeting, we discussed several issues and I believe we > came up with the following: > > - Volunteers will be begin to work on reviews of existing standards > track RFCs > > - While the reviews will be primarily for Pervasive Monitoring (PM) > risks and issues, privacy issues will also be in scope for the reviews. > > - Several Protocols were given as first examples including; > -- DNS (there are already some reviews in circulation) > -- DHCP (There is already an review i this area) > -- URI usage > -- yet to be selected from the INT area > > There is a long list of things to be reviewed. Stephen Farrell agreed > to check with other ADs on any particular recommendations they might > have on docs to be reviewed. > > - There are several volunteers for this work listed in the meeting > notes. Several volunteers came forward later. This will be tracked on > the wiki once it is set up. > > - An initial milestone of 15 May was set for some of the reviews. > > - We had a discussion of some of the review work that had been done. It > was the feeling of the group that while we should be collecting a set of > bases for PM reviews, we would build on the work done for privacy > including RFC6973 Questionnaire. Creating a criteria set for PM > reviewing would be an ongoing project. There was discussion on the > utility of prioritizing or categorizing the PM and Privacy concerns. > > - While the group did not decide to work on reviews of current drafts, > there was a spirit of cooperation on the work being done by Gen Art. > This needs follow-up. > > - There was a decision to use the ietf-privacy email list for this work > instead of the perpass list. This is being sent to ietf-privacy and > then forwarded to perpass, but we should probably try to limit > discussion to the ietf-privacy list if at all possible. > > - I will work to coordinate activities Using an IETF WIki. this Wiki > has been setup, > but I have not done anything with it yet. Still learning this flavor of > wiki, but will have some first pages soon. Eg. will put thse notes and > the meeting notes on the wiki. > > > 26 People signed the not quite blue sheets. > > > > > > > _______________________________________________ > perpass mailing list > perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass > From nobody Sat Mar 15 12:20:45 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 492301A01BC; Sat, 15 Mar 2014 12:20:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.743 X-Spam-Level: X-Spam-Status: No, score=-0.743 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FU_ENDS_2_WRDS=0.255, RCVD_IN_BRBL_LASTEXT=1.449, RP_MATCHES_RCVD=-0.547] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H7iL3l0gxEv3; Sat, 15 Mar 2014 12:20:41 -0700 (PDT) Received: from mail.cis-india.org (mail.cis-india.org [202.190.125.68]) by ietfa.amsl.com (Postfix) with ESMTP id 9FF8A1A0199; Sat, 15 Mar 2014 12:20:41 -0700 (PDT) Received: from [172.29.96.118] (nat-130-132-173-237.central.yale.edu [130.132.173.237]) by mail.cis-india.org (Postfix) with ESMTPSA id BF7F7A7C980; Sat, 15 Mar 2014 19:19:59 +0000 (UTC) Message-ID: <5324A7FC.2030805@cis-india.org> Date: Sat, 15 Mar 2014 15:20:28 -0400 From: Pranesh Prakash Organization: Centre for Internet and Society User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: perpass@ietf.org X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="aCWFAfEMIiBIDuEaPSdcfcKcf4Cej3AMm" Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/U0nhxG8J_9XifRRdlFijmLzOZnc Cc: ietf-action@ietf.org Subject: [perpass] Security Dogfood: IETF's Jabber Servers X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Mar 2014 19:20:44 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --aCWFAfEMIiBIDuEaPSdcfcKcf4Cej3AMm Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable Dear all, As Peter Saint-Andre announced on this list in October 2013, the XMPP=20 community has charted out an ambitious plan to encrypt all=20 server-to-server communications by May 19, 2014.[1] Currently=20 jabber.ietf.org is using a certificate that expired seven months ago,=20 does not support TLSv1.2, allows known-weak ciphers to be used and does=20 not support forward secrecy: https://xmpp.net/result.php?domain=3Djabber.ietf.org&type=3Dserver Could the admins please renew the cert, support TLS 1.2, limit the=20 ciphersuite to keep out known-weak ciphers, and ensure that=20 server-to-server traffic is encrypted? http://wiki.xmpp.org/web/Securing_XMPP#ejabberd Thanks. Cheers, Pranesh [1]: https://github.com/stpeter/manifesto/blob/master/manifesto.txt --=20 Pranesh Prakash Policy Director, Centre for Internet and Society T: +91 80 40926283 | W: http://cis-india.org ------------------- Access to Knowledge Fellow, Information Society Project, Yale Law School M: +1 520 314 7147 | W: http://yaleisp.org PGP ID: 0x1D5C5F07 | Twitter: https://twitter.com/pranesh_prakash --aCWFAfEMIiBIDuEaPSdcfcKcf4Cej3AMm Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTJKf8AAoJEFUPonS5l6CpF00P/2svtjAZPo2Xq14glg49V7z6 /boHtCfvCUX3muRpox9R6wCwZCAfmB5lPxpPhOjzC1NPtwwLRA89R3XzdpLysBUB d+LueefB7OdnPACs+FgvHhIK9hPOjy35+8SC4oH1m+uS0KjqSrIuOESQdyWmFBov GbggekSg+KsMMkrmt5oG0dAZXijsKazhf85BulXb9EzXwTc19I3BmZqUhgK5oRkM nYNdRIKNZzK+qSfCnjKEtlXf3jqXtpvf9fprZv3ZPb5SJ4mzQKpziEuzldLbyrHy ilUvB+HN1GuwBFm+J1THwCnqkkIn8yo6whYQMCeEt5J90huwLzxF5emiSnaTNZhM lEMsLfXYJNJwWbVNpNR5QolgGyaI8os6rorHOBcR8akzFUprKdW0TcVrj9nEUIKY ei8JOvVzibm3gYHSdnUdfYZn5+Zxj261ay0AsNCKkC9QF3z7wi0Nh3JnbGoW8vmt 2eUZO+TKFulS5jf5/+ucE7GjCRWP4Jq6c6Ne3Jwrgy5uXCaeJF5UWQp1sBuEHSWi uTBBBQIJycgF4W+xKcqFVyk0p8zXEKpcykG3wlFtmn7l9zyyIszN0p2HMbl1ZUyD XA9LTmrH63WhoJntnupZmqE55Cc+mMLj8qhA9FwMwn8+Mv8gGlHrUpIImFUTVuUc Zk15xWYNNM/T2tm7O1i3 =1Iuy -----END PGP SIGNATURE----- --aCWFAfEMIiBIDuEaPSdcfcKcf4Cej3AMm-- From nobody Tue Mar 18 03:03:58 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE1AB1A06A8; Tue, 18 Mar 2014 03:03:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2UBYsFMnXIYE; Tue, 18 Mar 2014 03:03:50 -0700 (PDT) Received: from mail-wi0-x22e.google.com (mail-wi0-x22e.google.com [IPv6:2a00:1450:400c:c05::22e]) by ietfa.amsl.com (Postfix) with ESMTP id 9B06C1A00A3; Tue, 18 Mar 2014 03:03:49 -0700 (PDT) Received: by mail-wi0-f174.google.com with SMTP id d1so3403766wiv.13 for ; Tue, 18 Mar 2014 03:03:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=jt9lGVlqIBHqWrNALYUq2jOM+7UxyWYa7nF1aSa2jRY=; b=TDx+8j5MkmmibjvTd9zHDzhmdhJFP7OpJCeB5LevBE45uqp7IlToTRYiEu72QS91m4 5Gj5URangkDPb3e6Pzn7Y0SpIZrFGNayci9gOaLflYgAL3/gnNl6+iK9P3fUESyY6xRv xQ4+6xcK/plorAiR7+64PjxU9RwSPgXDBSxGFUB3to8YVvuRONBbxRDOtaAalAIPjm/R ALXEjrhR3+xR71ACnkuDjJ4QNDMlyI7QVu7yMM6g3whJo9TqIaqpLLXuvm59ixXe8JOj FL5rWHUGbThErWWjFfBXcixXBRoPBZd2gOrstyDZjnaIoRlIZ8zqAI3R2gRcoh8i6L/P Mp+g== MIME-Version: 1.0 X-Received: by 10.180.12.14 with SMTP id u14mr14129149wib.0.1395137020535; Tue, 18 Mar 2014 03:03:40 -0700 (PDT) Received: by 10.217.120.132 with HTTP; Tue, 18 Mar 2014 03:03:40 -0700 (PDT) In-Reply-To: <20140317181046.3237.82092.idtracker@ietfa.amsl.com> References: <20140317181046.3237.82092.idtracker@ietfa.amsl.com> Date: Tue, 18 Mar 2014 11:03:40 +0100 Message-ID: From: Jean-Michel Combes To: perpass@ietf.org, saag@ietf.org Content-Type: multipart/alternative; boundary=001a11c23ed285a7b904f4dea684 Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/5tgkdRVfqutlXgHR4_r966M6xuk Subject: [perpass] Fwd: New Non-WG Mailing List: dns-privacy X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Mar 2014 10:03:52 -0000 --001a11c23ed285a7b904f4dea684 Content-Type: text/plain; charset=ISO-8859-1 FYI: as decided during dnse BOF in London, creation of a new mailing list to discuss about DNS privacy. Best regards, JMC. ---------- Forwarded message ---------- From: IETF Secretariat Date: 2014-03-17 19:10 GMT+01:00 Subject: New Non-WG Mailing List: dns-privacy To: IETF Announcement List Cc: pk@denic.de, dns-privacy@ietf.org A new IETF non-working group email list has been created. List address: dns-privacy@ietf.org Archive: http://www.ietf.org/mail-archive/web/dns-privacy/ To subscribe: https://www.ietf.org/mailman/listinfo/dns-privacy Purpose: This list is for the discussion of the problem statement surrounding the addition of privacy to the DNS protocol. For additional information, please contact the list administrators. --001a11c23ed285a7b904f4dea684 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
FYI: as decided during dnse BOF in London, creat= ion of a new mailing list to discuss about DNS privacy.

Best r= egards,

JMC.

= ---------- Forwarded message ----------
From: IETF Secretariat = <ietf-sec= retariat@ietf.org>
Date: 2014-03-17 19:10 GMT+01:00
Subject: New Non-WG Mailing List: dns-p= rivacy
To: IETF Announcement List <ietf-announce@ietf.org>
Cc: pk@denic.de, dns-privacy@ietf.org


A new IETF non-working group email list has been created.

List address: dns= -privacy@ietf.org
Archive: http://www.ietf.org/mail-archive/web/dns-privacy/
To subscribe: https://www.ietf.org/mailman/listinfo/dns-privacy
Purpose: This list is for the discussion of the problem statement surroundi= ng the addition of privacy to the DNS protocol.

For additional information, please contact the list administrators.


--001a11c23ed285a7b904f4dea684-- From nobody Tue Mar 18 04:34:16 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E54251A03CB; Tue, 18 Mar 2014 04:29:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bSu15J5mA814; Tue, 18 Mar 2014 04:29:29 -0700 (PDT) Received: from mail-qc0-x22d.google.com (mail-qc0-x22d.google.com [IPv6:2607:f8b0:400d:c01::22d]) by ietfa.amsl.com (Postfix) with ESMTP id 5FAEA1A03C9; Tue, 18 Mar 2014 04:29:29 -0700 (PDT) Received: by mail-qc0-f173.google.com with SMTP id r5so7491111qcx.18 for ; Tue, 18 Mar 2014 04:29:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type; bh=6RZo1xEMJF30GSz5QGCI/QquxyOUS50gRzLYP/oU3nY=; b=fiARenJxyup2WD82KW38/IOrcTAHUMfqVj6hTfFkpVMq3wfFhto7A/Ixg/4GzdDERu 2PoZxfYgQDX8w62oUH1CAbmdnSbukXIMDAdlO0nKKq2M9B71HlWx6gfKtjW/53N2ukUL VvVzIMk2HAVXXuiRmPRhkPokreF+ZONZ5Ny8QiTkro+wPldfWAioLEtT0pZlxOfSej56 Z01Nos5Sed+XW1DVvDQF0GGLFocHxMOlNZGm36nGs/75Ss/UWT2e/X9idlh7FjCk/u1r zGVlA6knXBuvdWBN+Kqw663vkC9dO1zAATRwlVy2nlcH/xQlpNXtSVkq7gj54oCGCFxZ zCpg== X-Received: by 10.140.23.52 with SMTP id 49mr33161291qgo.17.1395142160949; Tue, 18 Mar 2014 04:29:20 -0700 (PDT) Received: from feather.local ([207.87.41.70]) by mx.google.com with ESMTPSA id b30sm25532895qge.21.2014.03.18.04.29.19 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 18 Mar 2014 04:29:20 -0700 (PDT) Message-ID: <53282E0F.8010602@gmail.com> Date: Tue, 18 Mar 2014 07:29:19 -0400 From: Tim Wicinski User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:29.0) Gecko/20100101 Thunderbird/29.0a2 MIME-Version: 1.0 To: dnsop , perpass@ietf.org References: <20140317181046.3237.82092.idtracker@ietfa.amsl.com> In-Reply-To: <20140317181046.3237.82092.idtracker@ietfa.amsl.com> X-Forwarded-Message-Id: <20140317181046.3237.82092.idtracker@ietfa.amsl.com> Content-Type: multipart/mixed; boundary="------------070200050405000800040601" Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/A0a88X4mB-eIl8aitz2gAe4QmuM X-Mailman-Approved-At: Tue, 18 Mar 2014 04:34:15 -0700 Subject: [perpass] Fwd: New Non-WG Mailing List: dns-privacy X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Mar 2014 11:29:32 -0000 This is a multi-part message in MIME format. --------------070200050405000800040601 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit We've finally pulled it together and set up a seperate mailing list to discuss DNS Privacy. Thanks to Brian, Stephane, Peter and Suzanne for wordsmithing this mission statement. tim ------ The 'dns-privacy' mailing list was set up after discussions on the PERPASS and DNSOP mailing lists, and during the London IETF. It's intended specifically to focus work on a problem statement for confidentiality and privacy aspects of the Domain Name System, and subsequently on a requirements list for enhancing either or both. This non-wg IETF list operates under all applicable IETF rules, including "Note Well" (http://www.ietf.org/about/note-well.html). Tim Wicinski (tjw.ietf@gmail.com) and Peter Koch (pk@denic.de) will act as list maintainers. --------------070200050405000800040601 Content-Type: message/rfc822; name="New Non-WG Mailing List: dns-privacy.eml" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="New Non-WG Mailing List: dns-privacy.eml" Delivered-To: tjw.ietf@gmail.com Received: by 10.64.225.195 with SMTP id rm3csp144782iec; Mon, 17 Mar 2014 11:10:41 -0700 (PDT) X-Received: by 10.68.194.97 with SMTP id hv1mr4857659pbc.162.1395079841100; Mon, 17 Mar 2014 11:10:41 -0700 (PDT) Return-Path: Received: from mail.ietf.org (mail.ietf.org. [2001:1900:3001:11::2c]) by mx.google.com with ESMTP id vu10si15298987pbc.279.2014.03.17.11.10.40 for ; Mon, 17 Mar 2014 11:10:41 -0700 (PDT) Received-SPF: pass (google.com: domain of ietf-secretariat@ietf.org designates 2001:1900:3001:11::2c as permitted sender) client-ip=2001:1900:3001:11::2c; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ietf-secretariat@ietf.org designates 2001:1900:3001:11::2c as permitted sender) smtp.mail=ietf-secretariat@ietf.org Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A9ED1A046B; Mon, 17 Mar 2014 11:10:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PBh8B8qfPRnp; Mon, 17 Mar 2014 11:10:46 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id B732A1A0444; Mon, 17 Mar 2014 11:10:46 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: IETF Secretariat To: IETF Announcement List Cc: pk@denic.de, tjw.ietf@gmail.com, dns-privacy@ietf.org Subject: New Non-WG Mailing List: dns-privacy X-Test-IDTracker: no X-IETF-IDTracker: 5.1.0p1 Auto-Submitted: auto-generated Precedence: bulk Reply-To: ietf@ietf.org Message-ID: <20140317181046.3237.82092.idtracker@ietfa.amsl.com> Date: Mon, 17 Mar 2014 11:10:46 -0700 A new IETF non-working group email list has been created. List address: dns-privacy@ietf.org Archive: http://www.ietf.org/mail-archive/web/dns-privacy/ To subscribe: https://www.ietf.org/mailman/listinfo/dns-privacy Purpose: This list is for the discussion of the problem statement surrounding the addition of privacy to the DNS protocol. For additional information, please contact the list administrators. --------------070200050405000800040601-- From nobody Tue Mar 18 04:34:18 2014 Return-Path: X-Original-To: perpass@ietf.org Delivered-To: perpass@ietfa.amsl.com Received: by ietfa.amsl.com (Postfix, from userid 30) id DB6F41A03E9; Tue, 18 Mar 2014 04:32:36 -0700 (PDT) From: "Matt Larson via RT" In-Reply-To: <5324A7FC.2030805@cis-india.org> References: <5324A7FC.2030805@cis-india.org> Message-ID: Precedence: bulk X-RT-Loop-Prevention: www.ietf.org/rt RT-Ticket: www.ietf.org/rt #64325 Managed-BY: RT 4.0.8 (http://www.bestpractical.com/rt/) RT-Originator: mlarson@amsl.com CC: perpass@ietf.org To: "OtherRecipients of www.ietf.org/rt Ticket #64325":; MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="utf-8" X-RT-Original-Encoding: utf-8 Date: Tue, 18 Mar 2014 04:32:36 -0700 Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/m3pFI60yG1431dnQcBQGY539nhw X-Mailman-Approved-At: Tue, 18 Mar 2014 04:34:15 -0700 Subject: [perpass] [www.ietf.org/rt #64325] Security Dogfood: IETF's Jabber Servers X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Reply-To: ietf-action@ietf.org List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Mar 2014 11:32:37 -0000 Greetings. We are currently planning a major renovation to the IETF Jabber server infrastructure, working in conjunction with Peter Saint-Andre. The requested items will be included in the upgrades and changes. Thanks, Matt On Sat Mar 15 12:20:45 2014, pranesh@cis-india.org wrote: > Dear all, > As Peter Saint-Andre announced on this list in October 2013, the XMPP > community has charted out an ambitious plan to encrypt all > server-to-server communications by May 19, 2014.[1] Currently > jabber.ietf.org is using a certificate that expired seven months ago, > does not support TLSv1.2, allows known-weak ciphers to be used and does > not support forward secrecy: > > https://xmpp.net/result.php?domain=jabber.ietf.org&type=server > > Could the admins please renew the cert, support TLS 1.2, limit the > ciphersuite to keep out known-weak ciphers, and ensure that > server-to-server traffic is encrypted? > > http://wiki.xmpp.org/web/Securing_XMPP#ejabberd > > Thanks. > > Cheers, > Pranesh > > [1]: https://github.com/stpeter/manifesto/blob/master/manifesto.txt > -- -------------------------------------- Matthew Larson, Asst. IT Director Association Management Solutions Forum Management, Meeting and Event Planning 48377 Fremont Blvd., Suite 117, Fremont, CA 94538 http://www.amsl.com From nobody Tue Mar 18 04:54:03 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF1891A06D9; Tue, 18 Mar 2014 04:46:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.999 X-Spam-Level: X-Spam-Status: No, score=-0.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0WkU16X262pl; Tue, 18 Mar 2014 04:46:37 -0700 (PDT) Received: from mail-qc0-x231.google.com (mail-qc0-x231.google.com [IPv6:2607:f8b0:400d:c01::231]) by ietfa.amsl.com (Postfix) with ESMTP id DA7351A06CC; Tue, 18 Mar 2014 04:46:36 -0700 (PDT) Received: by mail-qc0-f177.google.com with SMTP id w7so7439960qcr.22 for ; Tue, 18 Mar 2014 04:46:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=Pijr5Xl9LdaX08jCdK0wnXokQ+053xhpWiZjNncjX60=; b=Dxp8iWjlE4AayD/fyuou9n/BVHvxt/dJZL4HzaX2OqSO+/o0elwDBx698D9b723IiE vSHddF6IuLupIxRIgq1fuIgY2lWQPPVVJEDchFrX9wbjdqkFIJwSb3yNjibvG6QJyM8n N8fRpuIvSBUYMBAadF9w0kvaluqOUmr3DibV9k+E6qT3MzhgYDP211Rm9hOQOh8Xy1D6 k7oOtqVXPvVN4QSMW02I3Suh/XEEALvdlpccN7IcP4AGIFzf/yZvk3bjBa3qUlOdIdqa gU51ZGbuB4lc0Qj+g1peeMdXUtrxzo93KVHmFwJ5zCXhyRNA25AI6pCMWkw1P//TkHhm JyCQ== X-Received: by 10.140.101.74 with SMTP id t68mr1269026qge.106.1395143188485; Tue, 18 Mar 2014 04:46:28 -0700 (PDT) MIME-Version: 1.0 Received: by 10.229.116.80 with HTTP; Tue, 18 Mar 2014 04:45:58 -0700 (PDT) In-Reply-To: <53282E0F.8010602@gmail.com> References: <20140317181046.3237.82092.idtracker@ietfa.amsl.com> <53282E0F.8010602@gmail.com> From: Seun Ojedeji Date: Tue, 18 Mar 2014 12:45:58 +0100 Message-ID: To: Tim Wicinski Content-Type: multipart/alternative; boundary=001a11c16daa29376104f4e0168b Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/ymC6MWOexCPS56SDHmgRGR4Ve2s X-Mailman-Approved-At: Tue, 18 Mar 2014 04:53:54 -0700 Cc: dnsop , perpass@ietf.org Subject: Re: [perpass] [DNSOP] Fwd: New Non-WG Mailing List: dns-privacy X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Mar 2014 11:46:38 -0000 --001a11c16daa29376104f4e0168b Content-Type: text/plain; charset=ISO-8859-1 Hello Tim, Thanks, however you did not provide the details to subscribing to the list. Regards On Tue, Mar 18, 2014 at 12:29 PM, Tim Wicinski wrote: > We've finally pulled it together and set up a seperate mailing list to > discuss DNS Privacy. Thanks to Brian, Stephane, Peter and Suzanne for > wordsmithing this mission statement. > > tim > ------ > > The 'dns-privacy' mailing list was set up after discussions on the PERPASS > and DNSOP mailing lists, and during the London IETF. It's intended > specifically to focus work on a problem statement for confidentiality and > privacy aspects of the Domain Name System, and subsequently on a > requirements list for enhancing either or both. > > This non-wg IETF list operates under all applicable IETF rules, including > "Note Well" (http://www.ietf.org/about/note-well.html). > > Tim Wicinski (tjw.ietf@gmail.com) and Peter Koch (pk@denic.de) will act > as list maintainers. > > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > > -- ------------------------------------------------------------------------ *Seun Ojedeji,Federal University Oye-Ekitiweb: http://www.fuoye.edu.ng Mobile: +2348035233535**alt email: seun.ojedeji@fuoye.edu.ng * --001a11c16daa29376104f4e0168b Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Hello Tim,

Thanks, however you did = not provide the details to subscribing to the list.

Regards


On Tue= , Mar 18, 2014 at 12:29 PM, Tim Wicinski <tjw.ietf@gmail.com> wrote:
We've finally pulled it together and set= up a seperate mailing list to discuss DNS Privacy. =A0Thanks to Brian, Ste= phane, Peter and Suzanne for wordsmithing this mission statement.

tim
------

The 'dns-privacy' mailing list was set up after discussions on the = PERPASS and DNSOP mailing lists, and during the London IETF. =A0It's in= tended specifically to focus work on a problem statement for confidentialit= y and privacy aspects of the Domain Name System, and subsequently on a requ= irements list for enhancing either or both.

This non-wg IETF list operates under all applicable IETF rules, including &= quot;Note Well" (http://www.ietf.org/about/note-well.html).

Tim Wicinski (tjw.i= etf@gmail.com) and Peter Koch (pk@denic.de) will act as list maintainers.



_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
h= ttps://www.ietf.org/mailman/listinfo/dnsop




--
-------------------= -----------------------------------------------------
Seun Ojedeji,
Federal University Oye-E= kiti
web:=A0 =A0 =A0 http://www.fuoye.edu.ng
Mobile: +2348035233535
alt email: seun.ojedeji@fuoy= e.edu.ng

--001a11c16daa29376104f4e0168b-- From nobody Tue Mar 18 04:54:04 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA6191A01BC; Tue, 18 Mar 2014 04:51:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.999 X-Spam-Level: X-Spam-Status: No, score=-0.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cfWnuwwAhtOg; Tue, 18 Mar 2014 04:51:03 -0700 (PDT) Received: from mail-qa0-x22e.google.com (mail-qa0-x22e.google.com [IPv6:2607:f8b0:400d:c00::22e]) by ietfa.amsl.com (Postfix) with ESMTP id E9E4E1A0264; Tue, 18 Mar 2014 04:51:02 -0700 (PDT) Received: by mail-qa0-f46.google.com with SMTP id i13so6578864qae.5 for ; Tue, 18 Mar 2014 04:50:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=/SVHyo+l67azmV1wcV/gjWVNy8dwKrqTakGqXy7dsH0=; b=srrRJ2Yqu+D1ndNaTzgBK2uS2B4pMOXcOo7e0CIHCgvDrHARWW5y4VcGv/azhnW9Xd HQgCK7Zq0QHXhjSnZe9BP1diKVWNSRv5wcoaOEF3Tpsk+p4GWUi4TZWcWVMBH3DZiPBg R2pbw0qagugY/5a17k02xDp6tiKPpRgjg1Q21eS6bqale+7HK1w/ilcV/2TLq1kK5VTb qN+U59VHHP16sJ5aFZg2dhBtrTpsLptkLExPPvdWedwb7mqTCqa1lx1t0EdMKdD90l/L Vgb06T8c14R6CoknFy2NM4a4V/nLln4NAnPhnYePOsiJixrkwmeKfR6xFPafZujx0I64 QReA== X-Received: by 10.224.163.139 with SMTP id a11mr34863015qay.1.1395143454543; Tue, 18 Mar 2014 04:50:54 -0700 (PDT) MIME-Version: 1.0 Received: by 10.229.116.80 with HTTP; Tue, 18 Mar 2014 04:50:24 -0700 (PDT) In-Reply-To: References: <20140317181046.3237.82092.idtracker@ietfa.amsl.com> <53282E0F.8010602@gmail.com> From: Seun Ojedeji Date: Tue, 18 Mar 2014 12:50:24 +0100 Message-ID: To: Tim Wicinski Content-Type: multipart/alternative; boundary=089e0158a8e604e7fa04f4e02627 Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/OsbV5btOGhvGz-xxStHBNICNoms X-Mailman-Approved-At: Tue, 18 Mar 2014 04:53:55 -0700 Cc: dnsop , perpass Subject: Re: [perpass] [DNSOP] Fwd: New Non-WG Mailing List: dns-privacy X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Mar 2014 11:51:05 -0000 --089e0158a8e604e7fa04f4e02627 Content-Type: text/plain; charset=ISO-8859-1 Hello again, On Tue, Mar 18, 2014 at 12:45 PM, Seun Ojedeji wrote: > Hello Tim, > > Thanks, however you did not provide the details to subscribing to the list. > > Can i assume its at the url below: (although its description does not indicate its non-WG) https://www.ietf.org/mailman/listinfo/dns-privacy Thanks > Regards > > > On Tue, Mar 18, 2014 at 12:29 PM, Tim Wicinski wrote: > >> We've finally pulled it together and set up a seperate mailing list to >> discuss DNS Privacy. Thanks to Brian, Stephane, Peter and Suzanne for >> wordsmithing this mission statement. >> >> tim >> ------ >> >> The 'dns-privacy' mailing list was set up after discussions on the >> PERPASS and DNSOP mailing lists, and during the London IETF. It's intended >> specifically to focus work on a problem statement for confidentiality and >> privacy aspects of the Domain Name System, and subsequently on a >> requirements list for enhancing either or both. >> >> This non-wg IETF list operates under all applicable IETF rules, including >> "Note Well" (http://www.ietf.org/about/note-well.html). >> >> Tim Wicinski (tjw.ietf@gmail.com) and Peter Koch (pk@denic.de) will act >> as list maintainers. >> >> >> >> _______________________________________________ >> DNSOP mailing list >> DNSOP@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsop >> >> > > > -- > ------------------------------------------------------------------------ > > > > > > *Seun Ojedeji,Federal University Oye-Ekitiweb: > http://www.fuoye.edu.ng Mobile: +2348035233535**alt > email: seun.ojedeji@fuoye.edu.ng > * > > > -- ------------------------------------------------------------------------ *Seun Ojedeji,Federal University Oye-Ekitiweb: http://www.fuoye.edu.ng Mobile: +2348035233535**alt email: seun.ojedeji@fuoye.edu.ng * --089e0158a8e604e7fa04f4e02627 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Hello again,

On Tue, Mar 18, 2014 at 12= :45 PM, Seun Ojedeji <seun.ojedeji@gmail.com> wrote:
Hello Tim,

Thanks, however you did not provide the details t= o subscribing to the list.

Can i assume its at the url below: (altho= ugh its description does not indicate its non-WG)

https://www.ietf.org/mailman/li= stinfo/dns-privacy

Thanks
Regards


On Tue, Mar 18, 2= 014 at 12:29 PM, Tim Wicinski <tjw.ietf@gmail.com> wrote:
We've finally pulled it together and set up a seperate mailin= g list to discuss DNS Privacy. =A0Thanks to Brian, Stephane, Peter and Suza= nne for wordsmithing this mission statement.

tim
------

The 'dns-privacy' mailing list was set up after discussions on the = PERPASS and DNSOP mailing lists, and during the London IETF. =A0It's in= tended specifically to focus work on a problem statement for confidentialit= y and privacy aspects of the Domain Name System, and subsequently on a requ= irements list for enhancing either or both.

This non-wg IETF list operates under all applicable IETF rules, including &= quot;Note Well" (http://www.ietf.org/about/note-well.html).

Tim Wicinski (tjw.i= etf@gmail.com) and Peter Koch (pk@denic.de) will act as list maintainers.



_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
h= ttps://www.ietf.org/mailman/listinfo/dnsop




--
-----------------------------------------------------= -------------------
Seun Ojedeji,
Federal University Oye-E= kiti
web:=A0 =A0 =A0 http://www.fuoye.edu.ng
Mobile: +2348035233535
alt email: seun.ojedeji@fuoy= e.edu.ng




--
-----------------------= -------------------------------------------------
Seun Ojedeji,
Federal University Oye-E= kiti
web:=A0 =A0 =A0 http://www.fuoye.edu.ng
Mobile: +2348035233535
alt email: seun.ojedeji@fuoy= e.edu.ng

--089e0158a8e604e7fa04f4e02627-- From nobody Tue Mar 18 05:07:24 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0C751A0430; Tue, 18 Mar 2014 05:07:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LC93XhWt2gl0; Tue, 18 Mar 2014 05:07:19 -0700 (PDT) Received: from mail-qa0-x22f.google.com (mail-qa0-x22f.google.com [IPv6:2607:f8b0:400d:c00::22f]) by ietfa.amsl.com (Postfix) with ESMTP id D62301A03F5; Tue, 18 Mar 2014 05:07:18 -0700 (PDT) Received: by mail-qa0-f47.google.com with SMTP id w5so6641219qac.6 for ; Tue, 18 Mar 2014 05:07:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type; bh=WXL0FudMRlpOpGRjN6jQ2qYUO+0cwT2Ie/+Au3G35wc=; b=DtTl+CJyiy80du6Hna3Kh64CLbyy7v8mta/+9LCv+h9CFnTGnJkDUJ+phZqRHZ7WlF Nu8XitqviDzAnB+Ybatp7tCspPFkM4doqG9PPHqqj6Y/iIX5v4qBsh68mGGrqEKZIVmI HsLDnii0N6Sz1f9FJLWXHProrF0G228gspLFYNxHKeCI2VURHvbY0vXXG7T1W6Bz4CdK BdE3olbmwpiofSBP3m/hw7xjvOiMLgk3AGxwVFy6TM9TJioB1Zn1yP/6zCcYg5xCYuCB 0cRBxRxCOLyyphpnpvlJ6y7FyzImUuNLv4g2fzRgwDjY76wXDczKQDa8gbK7bZGU1NBw KTqg== X-Received: by 10.140.49.207 with SMTP id q73mr1813247qga.103.1395144430290; Tue, 18 Mar 2014 05:07:10 -0700 (PDT) Received: from feather.local ([207.87.41.70]) by mx.google.com with ESMTPSA id z8sm52780592qaw.17.2014.03.18.05.07.09 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 18 Mar 2014 05:07:09 -0700 (PDT) Message-ID: <532836EC.6090402@gmail.com> Date: Tue, 18 Mar 2014 08:07:08 -0400 From: Tim Wicinski User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:29.0) Gecko/20100101 Thunderbird/29.0a2 MIME-Version: 1.0 To: Seun Ojedeji References: <20140317181046.3237.82092.idtracker@ietfa.amsl.com> <53282E0F.8010602@gmail.com> In-Reply-To: Content-Type: multipart/alternative; boundary="------------000402050702030908030205" Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/OOi_JgKqZZeIA1fimomx9lrSk2c Cc: dnsop , perpass Subject: Re: [perpass] [DNSOP] Fwd: New Non-WG Mailing List: dns-privacy X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Mar 2014 12:07:22 -0000 This is a multi-part message in MIME format. --------------000402050702030908030205 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Of course, in my early morning fog, I forgot to include the original message. Thanks Seun -------- A new IETF non-working group email list has been created. List address:dns-privacy@ietf.org Archive:http://www.ietf.org/mail-archive/web/dns-privacy/ To subscribe:https://www.ietf.org/mailman/listinfo/dns-privacy Purpose: This list is for the discussion of the problem statement surrounding the addition of privacy to the DNS protocol. For additional information, please contact the list administrators. ------- On 3/18/14, 7:50 AM, Seun Ojedeji wrote: > Hello again, > > On Tue, Mar 18, 2014 at 12:45 PM, Seun Ojedeji > wrote: > > Hello Tim, > > Thanks, however you did not provide the details to subscribing to > the list. > > Can i assume its at the url below: (although its description does not > indicate its non-WG) > > https://www.ietf.org/mailman/listinfo/dns-privacy > > Thanks > > Regards > > > On Tue, Mar 18, 2014 at 12:29 PM, Tim Wicinski > wrote: > > We've finally pulled it together and set up a seperate mailing > list to discuss DNS Privacy. Thanks to Brian, Stephane, Peter > and Suzanne for wordsmithing this mission statement. > > tim > ------ > > The 'dns-privacy' mailing list was set up after discussions on > the PERPASS and DNSOP mailing lists, and during the London > IETF. It's intended specifically to focus work on a problem > statement for confidentiality and privacy aspects of the > Domain Name System, and subsequently on a requirements list > for enhancing either or both. > > This non-wg IETF list operates under all applicable IETF > rules, including "Note Well" > (http://www.ietf.org/about/note-well.html). > > Tim Wicinski (tjw.ietf@gmail.com ) > and Peter Koch (pk@denic.de ) will act as > list maintainers. > > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > > > > > -- > ------------------------------------------------------------------------ > > /Seun Ojedeji, > Federal University Oye-Ekiti > web: http://www.fuoye.edu.ng > Mobile: +2348035233535 > //alt email:seun.ojedeji@fuoye.edu.ng > / > > > > > > -- > ------------------------------------------------------------------------ > > /Seun Ojedeji, > Federal University Oye-Ekiti > web: http://www.fuoye.edu.ng > Mobile: +2348035233535 > //alt email:seun.ojedeji@fuoye.edu.ng > / > > --------------000402050702030908030205 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit
Of course, in my early morning fog, I forgot to include the original message. Thanks Seun

--------
A new IETF non-working group email list has been created.

List address: dns-privacy@ietf.org
Archive: http://www.ietf.org/mail-archive/web/dns-privacy/
To subscribe: https://www.ietf.org/mailman/listinfo/dns-privacy

Purpose: This list is for the discussion of the problem statement surrounding the addition of privacy to the DNS protocol.

For additional information, please contact the list administrators.


-------
On 3/18/14, 7:50 AM, Seun Ojedeji wrote:
Hello again,

On Tue, Mar 18, 2014 at 12:45 PM, Seun Ojedeji <seun.ojedeji@gmail.com> wrote:
Hello Tim,

Thanks, however you did not provide the details to subscribing to the list.

Can i assume its at the url below: (although its description does not indicate its non-WG)

https://www.ietf.org/mailman/listinfo/dns-privacy

Thanks
Regards


On Tue, Mar 18, 2014 at 12:29 PM, Tim Wicinski <tjw.ietf@gmail.com> wrote:
We've finally pulled it together and set up a seperate mailing list to discuss DNS Privacy. Thanks to Brian, Stephane, Peter and Suzanne for wordsmithing this mission statement.

tim
------

The 'dns-privacy' mailing list was set up after discussions on the PERPASS and DNSOP mailing lists, and during the London IETF. It's intended specifically to focus work on a problem statement for confidentiality and privacy aspects of the Domain Name System, and subsequently on a requirements list for enhancing either or both.

This non-wg IETF list operates under all applicable IETF rules, including "Note Well" (http://www.ietf.org/about/note-well.html).

Tim Wicinski (tjw.ietf@gmail.com) and Peter Koch (pk@denic.de) will act as list maintainers.



_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop




--
------------------------------------------------------------------------
Seun Ojedeji,
Federal University Oye-Ekiti
web: http://www.fuoye.edu.ng
Mobile: +2348035233535
alt email: seun.ojedeji@fuoye.edu.ng




--
------------------------------------------------------------------------
Seun Ojedeji,
Federal University Oye-Ekiti
web: http://www.fuoye.edu.ng
Mobile: +2348035233535
alt email: seun.ojedeji@fuoye.edu.ng


--------------000402050702030908030205-- From nobody Tue Mar 18 16:47:07 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 003381A0463; Tue, 18 Mar 2014 16:47:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.566 X-Spam-Level: X-Spam-Status: No, score=-1.566 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, IP_NOT_FRIENDLY=0.334, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SbtRk40v8z-F; Tue, 18 Mar 2014 16:46:59 -0700 (PDT) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by ietfa.amsl.com (Postfix) with ESMTP id 055CD1A0434; Tue, 18 Mar 2014 16:46:58 -0700 (PDT) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.14.5/8.14.5) with SMTP id s2INknHN032097; Tue, 18 Mar 2014 16:46:49 -0700 Received: from sc-owa04.marvell.com ([199.233.58.150]) by mx0b-0016f401.pphosted.com with ESMTP id 1jpnsdb3f9-1 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Tue, 18 Mar 2014 16:46:48 -0700 Received: from SC-vEXCH2.marvell.com ([10.93.76.134]) by SC-OWA04.marvell.com ([fe80::e56e:83a7:9eef:b5a1%16]) with mapi; Tue, 18 Mar 2014 16:46:48 -0700 From: Paul Lambert To: "perpass@ietf.org" , "cfrg@irtf.org" Date: Tue, 18 Mar 2014 16:46:47 -0700 Thread-Topic: AES-SIV Thread-Index: Ac9DBFORf4LPmfdkT7W4Rq1pZD0wSQ== Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.3.9.131030 acceptlanguage: en-US Content-Type: multipart/alternative; boundary="_000_CF4E28F735FA1paulmarvellcom_" MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.11.87, 1.0.14, 0.0.0000 definitions=2014-03-18_08:2014-03-19,2014-03-18,1970-01-01 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1305240000 definitions=main-1403180139 Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/1Px0n-EoYfrb9mb_JGMrSwL-z7U Subject: [perpass] AES-SIV X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Mar 2014 23:47:01 -0000 --_000_CF4E28F735FA1paulmarvellcom_ Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable There=92s been a debate going on in IEEE 802.11 on using AES-CCM with a fix= ed nonce for a key wrap versus using AES-SIV: https://mentor.ieee.org/802.11/documents?is_dcn=3DDCN%2C%20Title%2C%20Autho= r%20or%20Affiliation&is_group=3D00ai In the voting, I see a very strong reaction from Government representatives= to any inclusion of AES-SIV in this activity (IMHO). It=92s an interestin= g AEAD mode that has not been broadly adopted =96 largely because it=92s be= en impossible to get NIST interested in adding it to their list of approved= algorithms(also IMO). It=92s a chicken and egg problem, only algorithms t= hat are being used get put on the list =85 it=92s hard to use something not= on the list in standards. AES-SIV is clearly a better =91key wrap=92 algorithm, but there is no liter= ature or recommendations that are adequately prescriptive. This is an IETF list =85 so IEEE is not too relevant for activities here, b= ut it might be an interesting exercise to compare the relative merits of SI= V versus CCM modes of operation. Also, online or off, I could really use a =91famous cryptographers=92 quote= that AES-CCM is less desirable for key wrap than AES-SIV. The spec was al= so using a fixed nonce for CCM since it was only sending two key exchange m= essages (two fixed values), but this may get changed to a sequence number. = AES-SIV would be a safer choice and much easier to document and implement = than a new sequence number. Thanks, Paul PS =96 IEEE documents are openly available, mailing list is closed (only fo= r voters), voting requires F2F attendance, group is meeting this week in Be= ijing. --_000_CF4E28F735FA1paulmarvellcom_ Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable

There=92s been a = debate going on in IEEE 802.11 on using AES-CCM with a fixed nonce for a ke= y wrap versus using AES-SIV:
In the voting, I see a very strong reaction from Government rep= resentatives to any inclusion of AES-SIV in this activity (IMHO).  It= =92s an interesting AEAD mode that has not been broadly adopted =96 largely= because it=92s been impossible to get NIST interested in adding it to thei= r list of approved algorithms(also IMO).  It=92s a chicken and egg pro= blem, only algorithms that are being used get put on the list =85 it=92s ha= rd to use something not on the list in standards.

= AES-SIV is clearly a better =91key wrap=92 algorithm, but there is no liter= ature or recommendations that are adequately prescriptive.

This is an IETF list =85 so IEEE is not too relevant for activitie= s here, but it might be an interesting exercise to compare the relative mer= its of SIV versus CCM modes of operation. 

Al= so, online or off, I could really use a =91famous cryptographers=92 quote t= hat AES-CCM is less desirable for key wrap than AES-SIV.  The spec was= also using a fixed nonce for CCM since it was only sending two key exchang= e messages (two fixed values), but this may get changed to a sequence numbe= r.  AES-SIV would be a safer choice and much easier to document and im= plement than a new sequence number.

Thanks,
<= div>
Paul

PS =96 IEEE documents are = openly available, mailing list is closed (only for voters), voting requires= F2F attendance, group is meeting this week in Beijing.




--_000_CF4E28F735FA1paulmarvellcom_-- From nobody Thu Mar 20 11:05:40 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A3161A08D0 for ; Thu, 20 Mar 2014 11:05:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.8 X-Spam-Level: X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8JBE6YmNIbEK for ; Thu, 20 Mar 2014 11:05:34 -0700 (PDT) Received: from palinka.tinho.net (palinka.tinho.net [166.84.6.13]) by ietfa.amsl.com (Postfix) with ESMTP id 774A21A08D3 for ; Thu, 20 Mar 2014 11:05:31 -0700 (PDT) Received: by palinka.tinho.net (Postfix, from userid 126) id 2AF8C228099; Thu, 20 Mar 2014 14:05:21 -0400 (EDT) Received: from palinka.tinho.net (localhost [127.0.0.1]) by palinka.tinho.net (Postfix) with ESMTP id 27664228078; Thu, 20 Mar 2014 14:05:21 -0400 (EDT) From: dan@geer.org To: heinerhummel@aol.com In-Reply-To: Your message of "Wed, 26 Feb 2014 08:35:44 EST." <8D1010EC87BA5BF-2648-B48@webmail-m166.sysops.aol.com> Date: Thu, 20 Mar 2014 14:05:21 -0400 Message-Id: <20140320180521.2AF8C228099@palinka.tinho.net> Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/AROpw_FvU_VXuVMy11yh7l372wU Cc: perpass@ietf.org Subject: Re: [perpass] In case you haven't seen it yet... X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Mar 2014 18:05:37 -0000 | Among other interesting infos, the article is in favor of cloud | computing and its security. | | Question: In case some crime happens with data in the cloud which | country is in charge to prosecute? | | Heiner There is an active collaboration between MIT and U Washington Law on this topic. I am not involved, I just heard about it at [1]. In any case, the effort is to entirely sidestep the impedance mismatches between the data rules of Country X and the data rules of Country Y by crafting a boilerplate contract on data handling such that the person in Country X providing data and the entity in Country Y receiving data have a contractual agreement in place to govern their data transmission and do not, therefore, have to have a "choice of law" with respect to data handling, only with respect to contract adjudication. --dan [1] http://kit.mit.edu/conference-program (Scott David) From nobody Thu Mar 20 14:23:04 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9BBD1A091C for ; Thu, 20 Mar 2014 14:23:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0os-4m6-6YQE for ; Thu, 20 Mar 2014 14:22:59 -0700 (PDT) Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0203.outbound.protection.outlook.com [207.46.163.203]) by ietfa.amsl.com (Postfix) with ESMTP id CB0751A0910 for ; Thu, 20 Mar 2014 14:22:58 -0700 (PDT) Received: from BN1PR06MB119.namprd06.prod.outlook.com (10.255.204.25) by BN1PR06MB119.namprd06.prod.outlook.com (10.255.204.25) with Microsoft SMTP Server (TLS) id 15.0.898.11; Thu, 20 Mar 2014 21:22:41 +0000 Received: from BN1PR06MB119.namprd06.prod.outlook.com ([169.254.14.218]) by BN1PR06MB119.namprd06.prod.outlook.com ([169.254.14.218]) with mapi id 15.00.0898.005; Thu, 20 Mar 2014 21:22:41 +0000 From: Robin Wilton To: " " Thread-Topic: [perpass] In case you haven't seen it yet... Thread-Index: AQHPRGb+UClk0BbetEiQddcuVG+GOZrqfCeA Date: Thu, 20 Mar 2014 21:22:41 +0000 Message-ID: <79118F82-0EFF-4CB8-80C6-F7CB03C072F4@isoc.org> References: <20140320180521.2AF8C228099@palinka.tinho.net> In-Reply-To: <20140320180521.2AF8C228099@palinka.tinho.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [62.161.106.251] x-forefront-prvs: 01565FED4C x-forefront-antispam-report: SFV:NSPM; SFS:(10019001)(428001)(199002)(189002)(24454002)(252514010)(94946001)(94316002)(33656001)(77982001)(19580405001)(81686001)(83322001)(80976001)(95416001)(90146001)(82746002)(16236675002)(86362001)(63696002)(80022001)(66066001)(20776003)(65816001)(92726001)(81816001)(19580395003)(93136001)(59766001)(79102001)(56816005)(83716003)(307094003)(83072002)(85306002)(85852003)(92566001)(46102001)(95666003)(51856001)(87266001)(2656002)(87936001)(4396001)(50986001)(49866001)(74502001)(15202345003)(74366001)(76482001)(54316002)(53806001)(74876001)(54356001)(74706001)(77096001)(76796001)(76786001)(36756003)(31966008)(47446002)(47976001)(47736001)(93516002)(74662001)(15975445006)(97336001)(81342001)(69226001)(97186001)(81542001)(56776001)(266003); DIR:OUT; SFP:1102; SCL:1; SRVR:BN1PR06MB119; H:BN1PR06MB119.namprd06.prod.outlook.com; FPR:BCC4F11C.AE2657D1.F1E4BFB3.48E9D1F1.2036F; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (: isoc.org does not designate permitted sender hosts) Content-Type: multipart/signed; boundary="Apple-Mail=_2DAABE37-17F9-4195-ACDC-78B6D2FE228A"; protocol="application/pkcs7-signature"; micalg=sha1 MIME-Version: 1.0 X-OriginatorOrg: isoc.org Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/JDhI8s-FGkCnJ8TDsr-CU1n5CB8 Cc: "" , "" Subject: Re: [perpass] In case you haven't seen it yet... X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Mar 2014 21:23:03 -0000 --Apple-Mail=_2DAABE37-17F9-4195-ACDC-78B6D2FE228A Content-Type: multipart/alternative; boundary="Apple-Mail=_D0214E66-EFB4-4D95-B631-B33920EF0CE0" --Apple-Mail=_D0214E66-EFB4-4D95-B631-B33920EF0CE0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii A couple of other relevant considerations: - EU law makes the "data controller" responsible for data protetcion, = regardless of the location of the data... so, if I register with a = European service provider and they happen to outsource their data = storage to some cloud service outside the EU, that makes no difference = in regulatory terms. - another EU instrument, the "Binding Corporate Rule", provides a = mechanism for a multinational corporation (whether EU or not) to get its = privacy policy approved by one EU regulator on behalf of all the others = (rather than having to shop it around all of them). The BCR represents = the corporation's statement of how it intends to comply with data = protection regulations, in whatever countries it operates in. It's a = voluntary mechanism, but it greatly reduces the time it takes for a = multi-national to get a statement of regulatory compliance. HTH, Robin Robin Wilton Technical Outreach Director - Identity and Privacy Internet Society email: wilton@isoc.org Phone: +44 705 005 2931 Twitter: @futureidentity On 20 Mar 2014, at 18:05, wrote: >=20 > | Among other interesting infos, the article is in favor of cloud > | computing and its security. > | > | Question: In case some crime happens with data in the cloud which > | country is in charge to prosecute? > | > | Heiner >=20 >=20 > There is an active collaboration between MIT and U Washington Law > on this topic. I am not involved, I just heard about it at [1]. > In any case, the effort is to entirely sidestep the impedance > mismatches between the data rules of Country X and the data rules > of Country Y by crafting a boilerplate contract on data handling > such that the person in Country X providing data and the entity in > Country Y receiving data have a contractual agreement in place to > govern their data transmission and do not, therefore, have to have > a "choice of law" with respect to data handling, only with respect > to contract adjudication. >=20 > --dan >=20 >=20 > [1] http://kit.mit.edu/conference-program (Scott David) >=20 > _______________________________________________ > perpass mailing list > perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass --Apple-Mail=_D0214E66-EFB4-4D95-B631-B33920EF0CE0 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii A = couple of other relevant considerations:

- EU law = makes the "data controller" responsible for data protetcion, regardless = of the location of the data... so, if I register with a European service = provider and they happen to outsource their data storage to some cloud = service outside the EU, that makes no difference in regulatory = terms.

-  another EU instrument, the = "Binding Corporate Rule", provides a mechanism for a multinational = corporation (whether EU or not) to get its privacy policy approved by = one EU regulator on behalf of all the others (rather than having to shop = it around all of them). The BCR represents the corporation's statement = of how it intends to comply with data protection regulations, in = whatever countries it operates in. It's a voluntary mechanism, but it = greatly reduces the time it takes for a multi-national to get a = statement of regulatory = compliance.

HTH,
Robin


Robin = Wilton
Technical Outreach Director - Identity = and Privacy
Internet Society

email: wilton@isoc.org
Phone: +44 705 = 005 2931
Twitter: @futureidentity

On 20 Mar 2014, at 18:05, <dan@geer.org>
 wrote:

| Among other interesting infos, the article is = in favor of cloud
| computing and its security.
|
| = Question: In case some crime happens with data in the cloud which
| = country is in charge to prosecute?
|
| Heiner


There = is an active collaboration between MIT and U Washington Law
on this = topic.  I am not involved, I just heard about it at [1].
In any = case, the effort is to entirely sidestep the impedance
mismatches = between the data rules of Country X and the data rules
of Country Y = by crafting a boilerplate contract on data handling
such that the = person in Country X providing data and the entity in
Country Y = receiving data have a contractual agreement in place to
govern their = data transmission and do not, therefore, have to have
a "choice of = law" with respect to data handling, only with respect
to contract = adjudication.

--dan


[1] http://kit.mit.edu/conferen= ce-program  (Scott = David)

_______________________________________________
perpass = mailing list
perpass@ietf.org
https://www.ietf.= org/mailman/listinfo/perpass

= = --Apple-Mail=_D0214E66-EFB4-4D95-B631-B33920EF0CE0-- --Apple-Mail=_2DAABE37-17F9-4195-ACDC-78B6D2FE228A Content-Disposition: attachment; filename="smime.p7s" Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIIvDCCBBYw ggL+oAMCAQICCwQAAAAAAS9O4SzhMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJFMRkwFwYD VQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT aWduIFJvb3QgQ0EwHhcNMTEwNDEzMTAwMDAwWhcNMTkwNDEzMTAwMDAwWjBUMQswCQYDVQQGEwJC RTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEqMCgGA1UEAxMhR2xvYmFsU2lnbiBQZXJzb25h bFNpZ24gMSBDQSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8aUcr5BvPNGj x0+LH0uRqeZCHrYQ7KN3QuahfxY8fAzAbnvNDzGdEMyKn3+YX+k/QbAGNJOSFRxrAfhviF7WGcqD lin3HracDqMRgwrknWuFeqxhN2J7uXs3Y0zluJEkEittRXv+ZdXOG/Gp3gtoz5P9noc5jBbfWQpQ BhcaJA2ucABbUVTHDTxi7dBY8mTWq6kRAkGWBybHwq0YX+jaHudtQw0oBEmxjpJFP9qIXu0ckU/+ OhtnAhrgzrsd4oAyqgc6u4dBYERcjDJFohihjbzPozgKDSSbdr44uO3p9Bg6ibjCxn2besLrIE7u poxvV09Fsf7hDeD/jcvs64z8pQIDAQABo4HlMIHiMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8E CDAGAQH/AgEAMB0GA1UdDgQWBBTsrJjMJ3KTz1YyzSPHnY1FhfQiAzBHBgNVHSAEQDA+MDwGBFUd IAAwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8w MwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5nbG9iYWxzaWduLm5ldC9yb290LmNybDAfBgNV HSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUFAAOCAQEAr7unyEtmt9Ia 7hmNpqP+xMd0t5hLM0QBY8G3Dlg70XI6F+ZeSZeeXgCtUT/JhdQ+HsJ8+c6HypDuvg/OZ0gILDFI a9LDfRWm+tHIgxKaJjtCy0izg838dLwwnt/O3kA9N/htEYev2lsmWYCV9cVUm5V1tW3XuYNg6Sbt cDRH+Ki1RED9es3R0BgHSm012KPxsiAOOxuhm1D3Iqs1qe6ms5WTKXVgwb/j/kplOa13nshhc8zU LVO+oAlD4+7czNK2RJiTvhJiDJDRTZy3DJ3BCQ8rXOGdWzDEI5uiB8TZ0s327g44Ylc6dgKgYelN n9RLYjNETX8OIJZlr0tFYpcYrDCCBJ4wggOGoAMCAQICEGZgT+TGYtW+XJFC/uaWLhwwDQYJKoZI hvcNAQEFBQAwVDELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExKjAoBgNV BAMTIUdsb2JhbFNpZ24gUGVyc29uYWxTaWduIDEgQ0EgLSBHMjAeFw0xMzA3MDIxMzA4NTBaFw0x NjA3MDIxMzA4NTBaMDoxGDAWBgNVBAMMD3dpbHRvbkBpc29jLm9yZzEeMBwGCSqGSIb3DQEJARYP d2lsdG9uQGlzb2Mub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXFv/b3D0Hgt yFZ0fwd7y1X2zNMap0xTZn4a5nonOFedmZA626x88a0jv9GRNWpzjAu2AycDSdLH1qlWPurMLIiX 5JsEKlByX879TizmNbHlUnIpDQwXq4ODfsrPstSNyh88Cov4WXAqr1T3CREjN5We7L7h/hfTc2rC iCPXqbSnob6OhOAi46PWoed2SGqorNQYlETt6h2KU+U+iY4jyRqHIgPG82ylCXoWJC3zl2+e48PS Qy62a/4dUGIoMLLPztIIgzJS6Hq58ZgO8tkNwoED5OdtbbY1MYzAifb3bQQjOjZyM31kapseEeiy DYqHel5Gpoz1GfW2Qv0NMZ0ANwIDAQABo4IBhDCCAYAwDgYDVR0PAQH/BAQDAgWgMEwGA1UdIARF MEMwQQYJKwYBBAGgMgEoMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29t L3JlcG9zaXRvcnkvMBoGA1UdEQQTMBGBD3dpbHRvbkBpc29jLm9yZzAJBgNVHRMEAjAAMB0GA1Ud JQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLmds b2JhbHNpZ24uY29tL2dzL2dzcGVyc29uYWxzaWduMWcyLmNybDBVBggrBgEFBQcBAQRJMEcwRQYI KwYBBQUHMAKGOWh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzcGVyc29uYWxz aWduMWcyLmNydDAdBgNVHQ4EFgQUQjRxfdqFc6xPpajaSzuD2wzsV4owHwYDVR0jBBgwFoAU7KyY zCdyk89WMs0jx52NRYX0IgMwDQYJKoZIhvcNAQEFBQADggEBAFmkOj2M8636zFdLGl30Hc/njsvX 8mlA76DAUuV/d3EtbtyVrURAvugN+Q6yfl5pSSvqjr2vQzREdJZcw+eEGsqw0BMNvN3BOs9WiK9a m/BKsQr22W/k006T8aJIluvEPj0wIoJ6jM/1O4ll6vpYmeGFzZ//5OnZmgRbfwD6u4lblbFzb1rW bMkO7wyMgzwcnmDpENlIoqL0poqDz0TfagKG2/0UKS2OYmZW7WfmkKxq3ODoRp4XLTyrSycDUsB1 7VIjQG9Wx7FNZREfYf/OLOFHatoMLIiGCvLTMc/f3ijGadNGSTTZ5SE3Y7vXM7KmSsraGRhV2BQI iapDLC2ImnkxggLkMIIC4AIBATBoMFQxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWdu IG52LXNhMSowKAYDVQQDEyFHbG9iYWxTaWduIFBlcnNvbmFsU2lnbiAxIENBIC0gRzICEGZgT+TG YtW+XJFC/uaWLhwwCQYFKw4DAhoFAKCCAVEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkq hkiG9w0BCQUxDxcNMTQwMzIwMjEyMjIxWjAjBgkqhkiG9w0BCQQxFgQURfzNBETyVvoDcxRkGZoI jFv00aEwdwYJKwYBBAGCNxAEMWowaDBUMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2ln biBudi1zYTEqMCgGA1UEAxMhR2xvYmFsU2lnbiBQZXJzb25hbFNpZ24gMSBDQSAtIEcyAhBmYE/k xmLVvlyRQv7mli4cMHkGCyqGSIb3DQEJEAILMWqgaDBUMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQ R2xvYmFsU2lnbiBudi1zYTEqMCgGA1UEAxMhR2xvYmFsU2lnbiBQZXJzb25hbFNpZ24gMSBDQSAt IEcyAhBmYE/kxmLVvlyRQv7mli4cMA0GCSqGSIb3DQEBAQUABIIBAB3MgFKuOeLYOg94ZjFVWhAq ODGFRIOsZAKVAau8TPSPc9eLH1PiSkh4gcg5rvq/6ECw8aviH4rzMlRITJPCoy5sd4ZzQ3fmPGxa l6t0AA7DyDHn1OBNdCYs0OfB7Mnc4Dw+rx3E3SaasaGMFxWy9Pxi3vHonryYR5m5mph1qsSk2QS1 u4Ze3Vq8P91kIrEIOp59/mxX48aTL5jC5AoUjwpEe/m+TCKB9XqQRQc3eET2xcQoQl2fCUImWYhW PspD7ZG6/yXoLqLCRLNon2BG4UsYHn6qPh17QFCDTQLHKJa5+/eHZXFQ4SmbwYpjCtyvmV4qR/0k lhbNO4w0ACkD9bUAAAAAAAA= --Apple-Mail=_2DAABE37-17F9-4195-ACDC-78B6D2FE228A-- From nobody Thu Mar 20 22:22:02 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E29FC1A0908 for ; Thu, 20 Mar 2014 22:22:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.508 X-Spam-Level: X-Spam-Status: No, score=0.508 tagged_above=-999 required=5 tests=[BAYES_50=0.8, FU_ENDS_2_WRDS=0.255, RP_MATCHES_RCVD=-0.547] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pPo1PO-RXO3B for ; Thu, 20 Mar 2014 22:22:00 -0700 (PDT) Received: from mail.cis-india.org (mail.cis-india.org [202.190.125.68]) by ietfa.amsl.com (Postfix) with ESMTP id 0B67E1A092C for ; Thu, 20 Mar 2014 22:22:00 -0700 (PDT) Received: from [172.16.24.21] (unknown [162.243.72.125]) by mail.cis-india.org (Postfix) with ESMTPSA id D486DA7C759 for ; Fri, 21 Mar 2014 05:20:48 +0000 (UTC) Message-ID: <532BCC66.8070106@cis-india.org> Date: Fri, 21 Mar 2014 13:21:42 +0800 From: Pranesh Prakash Organization: Centre for Internet and Society User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 To: perpass@ietf.org X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="Bat7rnHx4I155Jk3qJBKvRRwdcVCdbnQg" Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/6d3F0qXbHi8WliD-FJM3OjVaa-s Subject: [perpass] Gmail is now HTTPS-only X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Mar 2014 05:22:02 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Bat7rnHx4I155Jk3qJBKvRRwdcVCdbnQg Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable Dear all, Since 2010 Gmail's web interface has been HTTPS by default, but today=20 Google announced that they will be disabling the option to make it HTTP: http://goo.gl/OqKveO And they also note: > In addition, every single email message you send or receive=E2=80=94100= % of them=E2=80=94is encrypted while moving internally. This ensures that= your messages are safe not only when they move between you and Gmail's s= ervers, but also as they move between Google's data centers=E2=80=94somet= hing we made a top priority after last summer=E2=80=99s revelations. Regards, Pranesh --=20 Pranesh Prakash Policy Director, Centre for Internet and Society T: +91 80 40926283 | W: http://cis-india.org ------------------- Access to Knowledge Fellow, Information Society Project, Yale Law School M: +1 520 314 7147 | W: http://yaleisp.org PGP ID: 0x1D5C5F07 | Twitter: https://twitter.com/pranesh_prakash --Bat7rnHx4I155Jk3qJBKvRRwdcVCdbnQg Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJTK8xmAAoJEFUPonS5l6Cp12IP/3xIjNoBHlTMSkBB411QiwQ1 MnUJvPFVFMswZNZg9sUeo5g3t1YqiBeGTP53rGReTEwi07JfSdLrPlkDg1hcHBZV 5XyVs8/leXZgkIS9xk9Z+YTSYyUhzdMI0CPG3EAhixAl8YQKS72sI0D4anFlWRp9 BXQ025tV3eXrfdrKICLie9HKGsfbExpPpN/xAzTSfCXg3IPq2T0Wy4NnsIYJ3R88 24OnWhLtKNIbCHjFRA0OuYMUh+i4mxzN38PF46WwHdJjCZucOv1HAduqQv3WQYCh 0qaTgV41/DOEwn8DWEHbhjxaxltrOdlCMZXqU+sUHEJLdEvcNrMztn3ufzNHLV6x T3xzUEwUqswKBphRFUspQGaeDYBf17WjDtCg9brVElm/o3DT69owUKFz20aZFbY8 YA9ULm5p7t0tyyUKC+IFMXrCxWXt3AhPGN6WMLGihE0B4L29UOMGsh71dviISQBr avdrF1RfZQ6CPCe8smvu1dyCD1YHBxy43s/vU9qXTRVV++xGWTIytH5GXLmeRb8q erADbhYUHU1Axy17rLrXkBmuJTw0see+X7GbhRwSfpKn1D05AnkZ3fAp/m4+eDVD H13kyzZaw8B8oMILhkmD2JBnd5UQZ2RuJRScAqxxw1Jp5Wn0zqE1tVqO0C1U0TyM nzwiRxq56V7KpmWDyqxB =44Ue -----END PGP SIGNATURE----- --Bat7rnHx4I155Jk3qJBKvRRwdcVCdbnQg-- From nobody Fri Mar 21 04:40:48 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52F2B1A095E for ; Fri, 21 Mar 2014 04:40:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.646 X-Spam-Level: X-Spam-Status: No, score=-1.646 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FU_ENDS_2_WRDS=0.255, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2qCqwT8w-NAf for ; Fri, 21 Mar 2014 04:40:43 -0700 (PDT) Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1blp0188.outbound.protection.outlook.com [207.46.163.188]) by ietfa.amsl.com (Postfix) with ESMTP id 4C3FB1A08B9 for ; Fri, 21 Mar 2014 04:40:43 -0700 (PDT) Received: from BN1PR06MB119.namprd06.prod.outlook.com (10.255.204.25) by BN1PR06MB118.namprd06.prod.outlook.com (10.255.204.20) with Microsoft SMTP Server (TLS) id 15.0.898.11; Fri, 21 Mar 2014 11:40:33 +0000 Received: from BN1PR06MB119.namprd06.prod.outlook.com ([169.254.14.218]) by BN1PR06MB119.namprd06.prod.outlook.com ([169.254.14.225]) with mapi id 15.00.0898.005; Fri, 21 Mar 2014 11:40:32 +0000 From: Robin Wilton To: Pranesh Prakash Thread-Topic: [perpass] Gmail is now HTTPS-only Thread-Index: AQHPRMV8PfFlKRP580inBqWVprUmkJrraxYA Date: Fri, 21 Mar 2014 11:40:32 +0000 Message-ID: <88D5C8D3-2863-412F-9B8D-7A72E1356F70@isoc.org> References: <532BCC66.8070106@cis-india.org> In-Reply-To: <532BCC66.8070106@cis-india.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [78.41.129.5] x-forefront-prvs: 0157DEB61B x-forefront-antispam-report: SFV:NSPM; SFS:(10019001)(428001)(24454002)(199002)(189002)(252514010)(92726001)(87266001)(92566001)(36756003)(90146001)(56816005)(81542001)(2656002)(83072002)(83716003)(81342001)(76796001)(77096001)(86362001)(15198665003)(93136001)(33656001)(94316002)(69226001)(85852003)(76786001)(85306002)(93516002)(74662001)(53806001)(31966008)(16236675002)(83322001)(95666003)(74502001)(15395725003)(95416001)(4396001)(47976001)(50986001)(47736001)(49866001)(74706001)(94946001)(15975445006)(82746002)(74876001)(81686001)(74366001)(19580395003)(46102001)(19580405001)(15202345003)(16601075003)(87936001)(81816001)(51856001)(47446002)(54356001)(80976001)(54316002)(56776001)(77982001)(59766001)(76482001)(79102001)(97336001)(97186001)(20776003)(80022001)(63696002)(66066001)(65816001)(9984715005)(4068875011); DIR:OUT; SFP:1102; SCL:1; SRVR:BN1PR06MB118; H:BN1PR06MB119.namprd06.prod.outlook.com; FPR:BC46F534.84169611.F1D08FBB.885AFC31.202A2; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (: isoc.org does not designate permitted sender hosts) Content-Type: multipart/signed; boundary="Apple-Mail=_CEF00810-A48D-4850-8E02-3DE03C1A20B3"; protocol="application/pkcs7-signature"; micalg=sha1 MIME-Version: 1.0 X-OriginatorOrg: isoc.org Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/4o35VWEuRpXr4NN3IYBuY7xIs2Q Cc: "" Subject: Re: [perpass] Gmail is now HTTPS-only X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Mar 2014 11:40:46 -0000 --Apple-Mail=_CEF00810-A48D-4850-8E02-3DE03C1A20B3 Content-Type: multipart/alternative; boundary="Apple-Mail=_A7CEEC3D-DFC5-4357-AE93-70CC160AE7D5" --Apple-Mail=_A7CEEC3D-DFC5-4357-AE93-70CC160AE7D5 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 To pick the obvious nit... Even if an email goes from my browser to Google's servers over https, = and goes between Google's servers over https, I did not see a commitment = to encryption of the email when it is at rest, rather than in motion... R Robin Wilton Technical Outreach Director - Identity and Privacy Internet Society email: wilton@isoc.org Phone: +44 705 005 2931 Twitter: @futureidentity On 21 Mar 2014, at 05:21, Pranesh Prakash wrote: > Dear all, > Since 2010 Gmail's web interface has been HTTPS by default, but today = Google announced that they will be disabling the option to make it HTTP: >=20 > http://goo.gl/OqKveO >=20 > And they also note: >=20 >> In addition, every single email message you send or receive=97100% of = them=97is encrypted while moving internally. This ensures that your = messages are safe not only when they move between you and Gmail's = servers, but also as they move between Google's data centers=97something = we made a top priority after last summer=92s revelations. >=20 > Regards, > Pranesh >=20 > --=20 > Pranesh Prakash > Policy Director, Centre for Internet and Society > T: +91 80 40926283 | W: http://cis-india.org > ------------------- > Access to Knowledge Fellow, Information Society Project, Yale Law = School > M: +1 520 314 7147 | W: http://yaleisp.org > PGP ID: 0x1D5C5F07 | Twitter: https://twitter.com/pranesh_prakash >=20 > _______________________________________________ > perpass mailing list > perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass --Apple-Mail=_A7CEEC3D-DFC5-4357-AE93-70CC160AE7D5 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=windows-1252 To = pick the obvious nit...

Even if an email goes from my = browser to Google's servers over https, and goes between Google's = servers over https, I did not see a commitment to encryption of the = email when it is at rest, rather than in = motion...

R

Robin = Wilton
Technical Outreach Director - Identity = and Privacy
Internet Society

email: wilton@isoc.org
Phone: +44 705 = 005 2931
Twitter: @futureidentity

On 21 Mar 2014, at 05:21, Pranesh Prakash wrote:

Dear = all,
Since 2010 Gmail's web interface has been HTTPS by default, but = today Google announced that they will be disabling the option to make it = HTTP:

http://goo.gl/OqKveO

And they = also note:

In addition, every single = email message you send or receive=97100% of them=97is encrypted while = moving internally. This ensures that your messages are safe not only = when they move between you and Gmail's servers, but also as they move = between Google's data centers=97something we made a top priority after = last summer=92s = revelations.

Regards,
Pranesh

-- =
Pranesh Prakash
Policy Director, Centre for Internet and = Society
T: +91 80 40926283 | W: = http://cis-india.org
-------------------
Access to Knowledge = Fellow, Information Society Project, Yale Law School
M: +1 520 314 = 7147 | W: http://yaleisp.org
PGP ID: 0x1D5C5F07 | Twitter: = https://twitter.com/pranesh_prakash

_______________________________= ________________
perpass mailing = list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass<= br>

= --Apple-Mail=_A7CEEC3D-DFC5-4357-AE93-70CC160AE7D5-- --Apple-Mail=_CEF00810-A48D-4850-8E02-3DE03C1A20B3 Content-Disposition: attachment; filename="smime.p7s" Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIIvDCCBBYw ggL+oAMCAQICCwQAAAAAAS9O4SzhMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJFMRkwFwYD VQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT aWduIFJvb3QgQ0EwHhcNMTEwNDEzMTAwMDAwWhcNMTkwNDEzMTAwMDAwWjBUMQswCQYDVQQGEwJC RTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEqMCgGA1UEAxMhR2xvYmFsU2lnbiBQZXJzb25h bFNpZ24gMSBDQSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8aUcr5BvPNGj x0+LH0uRqeZCHrYQ7KN3QuahfxY8fAzAbnvNDzGdEMyKn3+YX+k/QbAGNJOSFRxrAfhviF7WGcqD lin3HracDqMRgwrknWuFeqxhN2J7uXs3Y0zluJEkEittRXv+ZdXOG/Gp3gtoz5P9noc5jBbfWQpQ BhcaJA2ucABbUVTHDTxi7dBY8mTWq6kRAkGWBybHwq0YX+jaHudtQw0oBEmxjpJFP9qIXu0ckU/+ OhtnAhrgzrsd4oAyqgc6u4dBYERcjDJFohihjbzPozgKDSSbdr44uO3p9Bg6ibjCxn2besLrIE7u poxvV09Fsf7hDeD/jcvs64z8pQIDAQABo4HlMIHiMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8E CDAGAQH/AgEAMB0GA1UdDgQWBBTsrJjMJ3KTz1YyzSPHnY1FhfQiAzBHBgNVHSAEQDA+MDwGBFUd IAAwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8w MwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5nbG9iYWxzaWduLm5ldC9yb290LmNybDAfBgNV HSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUFAAOCAQEAr7unyEtmt9Ia 7hmNpqP+xMd0t5hLM0QBY8G3Dlg70XI6F+ZeSZeeXgCtUT/JhdQ+HsJ8+c6HypDuvg/OZ0gILDFI a9LDfRWm+tHIgxKaJjtCy0izg838dLwwnt/O3kA9N/htEYev2lsmWYCV9cVUm5V1tW3XuYNg6Sbt cDRH+Ki1RED9es3R0BgHSm012KPxsiAOOxuhm1D3Iqs1qe6ms5WTKXVgwb/j/kplOa13nshhc8zU LVO+oAlD4+7czNK2RJiTvhJiDJDRTZy3DJ3BCQ8rXOGdWzDEI5uiB8TZ0s327g44Ylc6dgKgYelN n9RLYjNETX8OIJZlr0tFYpcYrDCCBJ4wggOGoAMCAQICEGZgT+TGYtW+XJFC/uaWLhwwDQYJKoZI hvcNAQEFBQAwVDELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExKjAoBgNV BAMTIUdsb2JhbFNpZ24gUGVyc29uYWxTaWduIDEgQ0EgLSBHMjAeFw0xMzA3MDIxMzA4NTBaFw0x NjA3MDIxMzA4NTBaMDoxGDAWBgNVBAMMD3dpbHRvbkBpc29jLm9yZzEeMBwGCSqGSIb3DQEJARYP d2lsdG9uQGlzb2Mub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXFv/b3D0Hgt yFZ0fwd7y1X2zNMap0xTZn4a5nonOFedmZA626x88a0jv9GRNWpzjAu2AycDSdLH1qlWPurMLIiX 5JsEKlByX879TizmNbHlUnIpDQwXq4ODfsrPstSNyh88Cov4WXAqr1T3CREjN5We7L7h/hfTc2rC iCPXqbSnob6OhOAi46PWoed2SGqorNQYlETt6h2KU+U+iY4jyRqHIgPG82ylCXoWJC3zl2+e48PS Qy62a/4dUGIoMLLPztIIgzJS6Hq58ZgO8tkNwoED5OdtbbY1MYzAifb3bQQjOjZyM31kapseEeiy DYqHel5Gpoz1GfW2Qv0NMZ0ANwIDAQABo4IBhDCCAYAwDgYDVR0PAQH/BAQDAgWgMEwGA1UdIARF MEMwQQYJKwYBBAGgMgEoMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29t L3JlcG9zaXRvcnkvMBoGA1UdEQQTMBGBD3dpbHRvbkBpc29jLm9yZzAJBgNVHRMEAjAAMB0GA1Ud JQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLmds b2JhbHNpZ24uY29tL2dzL2dzcGVyc29uYWxzaWduMWcyLmNybDBVBggrBgEFBQcBAQRJMEcwRQYI KwYBBQUHMAKGOWh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzcGVyc29uYWxz aWduMWcyLmNydDAdBgNVHQ4EFgQUQjRxfdqFc6xPpajaSzuD2wzsV4owHwYDVR0jBBgwFoAU7KyY zCdyk89WMs0jx52NRYX0IgMwDQYJKoZIhvcNAQEFBQADggEBAFmkOj2M8636zFdLGl30Hc/njsvX 8mlA76DAUuV/d3EtbtyVrURAvugN+Q6yfl5pSSvqjr2vQzREdJZcw+eEGsqw0BMNvN3BOs9WiK9a m/BKsQr22W/k006T8aJIluvEPj0wIoJ6jM/1O4ll6vpYmeGFzZ//5OnZmgRbfwD6u4lblbFzb1rW bMkO7wyMgzwcnmDpENlIoqL0poqDz0TfagKG2/0UKS2OYmZW7WfmkKxq3ODoRp4XLTyrSycDUsB1 7VIjQG9Wx7FNZREfYf/OLOFHatoMLIiGCvLTMc/f3ijGadNGSTTZ5SE3Y7vXM7KmSsraGRhV2BQI iapDLC2ImnkxggLkMIIC4AIBATBoMFQxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWdu IG52LXNhMSowKAYDVQQDEyFHbG9iYWxTaWduIFBlcnNvbmFsU2lnbiAxIENBIC0gRzICEGZgT+TG YtW+XJFC/uaWLhwwCQYFKw4DAhoFAKCCAVEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkq hkiG9w0BCQUxDxcNMTQwMzIxMTE0MDEwWjAjBgkqhkiG9w0BCQQxFgQUxTrXipv0r+1xxWEQmcs/ cGckbe4wdwYJKwYBBAGCNxAEMWowaDBUMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2ln biBudi1zYTEqMCgGA1UEAxMhR2xvYmFsU2lnbiBQZXJzb25hbFNpZ24gMSBDQSAtIEcyAhBmYE/k xmLVvlyRQv7mli4cMHkGCyqGSIb3DQEJEAILMWqgaDBUMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQ R2xvYmFsU2lnbiBudi1zYTEqMCgGA1UEAxMhR2xvYmFsU2lnbiBQZXJzb25hbFNpZ24gMSBDQSAt IEcyAhBmYE/kxmLVvlyRQv7mli4cMA0GCSqGSIb3DQEBAQUABIIBAIWpLQe7TcTC1Azbk25r8rhK ZfUvmGuAeDNU48G8Mz+ImDr7LUAZ1NAgkWEIs7Y8bz82VWpuhblbsNEeXxujNYuW9X/lxNYJ1oLb /E0g873hd9NgWW0wL9m/oABh53wyf72POOuQofpShJNQRYha3HyIB+If5UytGMsNufGeYCTsO8vF b6QTnGzXnKOkssw1EW9q5wCj2hVd/LEdD7bHoQIwdj+cwHi9jsTY15iRnOASJqGTDOgDdpHYFacY P+13fhPttORM2/AkeMNMpbZCHb5lIHs7aT+d5IzCtIGz1YuCC/xB093qpspo22gJc9aPRESLAWX2 7evhmT9GVh8Q+KMAAAAAAAA= --Apple-Mail=_CEF00810-A48D-4850-8E02-3DE03C1A20B3-- From nobody Fri Mar 21 05:27:41 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 045F51A0977 for ; Fri, 21 Mar 2014 05:27:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.448 X-Spam-Level: X-Spam-Status: No, score=-2.448 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JRC5aRm3MzEg for ; Fri, 21 Mar 2014 05:27:38 -0700 (PDT) Received: from toccata.fugue.com (toccata.fugue.com [204.152.186.142]) by ietfa.amsl.com (Postfix) with ESMTP id A22DB1A097A for ; Fri, 21 Mar 2014 05:27:38 -0700 (PDT) Received: from [IPv6:2001:470:88a3::2021:8070:ae9a:8a74] (unknown [IPv6:2001:470:88a3:0:2021:8070:ae9a:8a74]) by toccata.fugue.com (Postfix) with ESMTPSA id 5C87423807EE; Fri, 21 Mar 2014 08:27:28 -0400 (EDT) Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\)) From: Ted Lemon In-Reply-To: <88D5C8D3-2863-412F-9B8D-7A72E1356F70@isoc.org> Date: Fri, 21 Mar 2014 08:27:28 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: <4EBDCBE9-F8F1-415A-B8D5-DBA881B7ED17@fugue.com> References: <532BCC66.8070106@cis-india.org> <88D5C8D3-2863-412F-9B8D-7A72E1356F70@isoc.org> To: Robin Wilton X-Mailer: Apple Mail (2.1874) Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/iei2xqVEEdmfzYt8TSf3wmA6_30 Cc: "" , Pranesh Prakash Subject: Re: [perpass] Gmail is now HTTPS-only X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Mar 2014 12:27:41 -0000 On Mar 21, 2014, at 7:40 AM, Robin Wilton wrote: > Even if an email goes from my browser to Google's servers over https, = and goes between Google's servers over https, I did not see a commitment = to encryption of the email when it is at rest, rather than in motion... Best is the enemy of good enough. To compromise your mail on the = server, they have to compromise the server. To compromise it in = flight, they just have to tap the network. From nobody Fri Mar 21 06:00:26 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 574781A04FA for ; Fri, 21 Mar 2014 06:00:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.448 X-Spam-Level: X-Spam-Status: No, score=-2.448 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vaEiZUpTAHhl for ; Fri, 21 Mar 2014 06:00:21 -0700 (PDT) Received: from rock.ICSI.Berkeley.EDU (rock.ICSI.Berkeley.EDU [192.150.186.19]) by ietfa.amsl.com (Postfix) with ESMTP id CCFCE1A03D2 for ; Fri, 21 Mar 2014 06:00:20 -0700 (PDT) Received: from localhost (localhost.localdomain [127.0.0.1]) by rock.ICSI.Berkeley.EDU (Postfix) with ESMTP id 29E372C4038; Fri, 21 Mar 2014 06:00:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at ICSI.Berkeley.EDU Received: from rock.ICSI.Berkeley.EDU ([127.0.0.1]) by localhost (maihub.ICSI.Berkeley.EDU [127.0.0.1]) (amavisd-new, port 10024) with LMTP id BIHadwLOpUxX; Fri, 21 Mar 2014 06:00:09 -0700 (PDT) Received: from [10.0.1.22] (c-76-103-162-14.hsd1.ca.comcast.net [76.103.162.14]) (Authenticated sender: nweaver) by rock.ICSI.Berkeley.EDU (Postfix) with ESMTP id 9A3592C4023; Fri, 21 Mar 2014 06:00:07 -0700 (PDT) Content-Type: multipart/signed; boundary="Apple-Mail=_D558FD04-542E-4DF3-A063-7D1AE49A2D6A"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\)) From: Nicholas Weaver In-Reply-To: <88D5C8D3-2863-412F-9B8D-7A72E1356F70@isoc.org> Date: Fri, 21 Mar 2014 06:00:04 -0700 Message-Id: <52D70C79-2156-4C8C-848E-CAA2C71A10C2@icsi.berkeley.edu> References: <532BCC66.8070106@cis-india.org> <88D5C8D3-2863-412F-9B8D-7A72E1356F70@isoc.org> To: Robin Wilton X-Mailer: Apple Mail (2.1874) Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/5-ZXA9L2cKFieOBHLITAREpkidE Cc: "" , Nicholas Weaver , Pranesh Prakash Subject: Re: [perpass] Gmail is now HTTPS-only X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Mar 2014 13:00:23 -0000 --Apple-Mail=_D558FD04-542E-4DF3-A063-7D1AE49A2D6A Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 On Mar 21, 2014, at 4:40 AM, Robin Wilton wrote: > To pick the obvious nit... >=20 > Even if an email goes from my browser to Google's servers over https, = and goes between Google's servers over https, I did not see a commitment = to encryption of the email when it is at rest, rather than in motion... To reply with the obvious: It is IMPOSSIBLE to secure data at rest in = the context of a webmail system: server control can always enable = accessing of all documents when the user logs in to check their webmail. -- Nicholas Weaver it is a tale, told by an idiot, nweaver@icsi.berkeley.edu full of sound and fury, 510-666-2903 .signifying nothing PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc --Apple-Mail=_D558FD04-542E-4DF3-A063-7D1AE49A2D6A Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJTLDfUAAoJEG2B1w+SDi/uf0EP/1ee4NlOXU7V4R+vjzGPQkca mce024SSb0vbS9REq9/RZscV0Vyd1Gb7e9e7n/aWi8uzwytrM68QvG2/vagRQG// m64K8Pzz+tV327MotI99B3wCY9k9hmHUCDXdqybuEeiBHhqMJmD8T16r9hdKs0VU C1Q8J11X+doI1YAZmnrFw8YfDycak/AyTdcq7yzHNfRUoNqsMKm5HWyuAosikJYB ZoM/8Z/E6xRQWm0beQe/yJ85MP2cdD9tIut2IBVTJDEAextQU6jdrjZDi+188CPZ 40JsrQC0t6QMJr0yhu2FVii4rSXqeVyKs+uDuNiibd4a+/LZ9RBl1+9zpWbr9k9q PyENp63/OYgRRvC6StxcwKqD9ZcDEP7yWQhh+hfaMNhmR6xgrF8IhP99A5suyrka bUpGQjgjFpq7enXX7Y8AqnkZnINSpUxm3j3haX9Ri2w3mIjYL7gHU0In4P4wk15H y4FO6gMeJfmsln/UCG44xb2JVyHQLC0giNF8n3wIWbg/4spL+lCj7Nb07rIfQt8s Nov4CUS68W+ox5ovn0XdVx8NVfjRpa6k83tafy5/Yd4CIGFS2S5R2+4uShkFY5OU A0kMSIG+5evIlBGlzhXn15mwl1CGZERADfSLAwKhLMcnqSLV6FEbCubddCgwf3aQ gaU9vztoawUu0PUFpZDT =6lX3 -----END PGP SIGNATURE----- --Apple-Mail=_D558FD04-542E-4DF3-A063-7D1AE49A2D6A-- From nobody Fri Mar 21 06:11:07 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCCDD1A0744 for ; Fri, 21 Mar 2014 06:11:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.448 X-Spam-Level: X-Spam-Status: No, score=-2.448 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Efv32dU1zC_v for ; Fri, 21 Mar 2014 06:11:03 -0700 (PDT) Received: from walnut.tislabs.com (walnut.tislabs.com [192.94.214.200]) by ietfa.amsl.com (Postfix) with ESMTP id 50B971A03E2 for ; Fri, 21 Mar 2014 06:11:02 -0700 (PDT) Received: from nova.tislabs.com (unknown [10.66.1.77]) by walnut.tislabs.com (Postfix) with ESMTP id 0553028B0041; Fri, 21 Mar 2014 09:10:53 -0400 (EDT) Received: from ispx.vb.futz.org (localhost.localdomain [127.0.0.1]) by nova.tislabs.com (Postfix) with ESMTP id B1CCC1F8036; Fri, 21 Mar 2014 09:10:52 -0400 (EDT) Date: Fri, 21 Mar 2014 09:10:49 -0400 From: Robert Story To: Nicholas Weaver Message-ID: <20140321091049.4ec772d0@ispx.vb.futz.org> In-Reply-To: <52D70C79-2156-4C8C-848E-CAA2C71A10C2@icsi.berkeley.edu> References: <532BCC66.8070106@cis-india.org> <88D5C8D3-2863-412F-9B8D-7A72E1356F70@isoc.org> <52D70C79-2156-4C8C-848E-CAA2C71A10C2@icsi.berkeley.edu> Organization: Parsons X-Mailer: Claws Mail 3.9.3 (GTK+ 2.24.22; x86_64-redhat-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; boundary="Sig_/GfbT_5qhyic.h_4G3cGpA5J"; protocol="application/pgp-signature" Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/Fyw6wPMw-4R7OVmGHSyM3b7C7sM Cc: Robin Wilton , "" , Pranesh Prakash Subject: Re: [perpass] Gmail is now HTTPS-only X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Mar 2014 13:11:05 -0000 --Sig_/GfbT_5qhyic.h_4G3cGpA5J Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Fri, 21 Mar 2014 06:00:04 -0700 Nicholas wrote: NW> > Even if an email goes from my browser to Google's servers over https, NW> > and goes between Google's servers over https, I did not see a NW> > commitment to encryption of the email when it is at rest, rather than NW> > in motion... NW>=20 NW> To reply with the obvious: It is IMPOSSIBLE to secure data at rest in NW> the context of a webmail system: server control can always enable NW> accessing of all documents when the user logs in to check their webmail. Unless the client does the decryption locally... If gmail offered this option, I'm sure browser plugin writers would meet the challenge quickly.. Robert -- Senior Software Engineer @ Parsons --Sig_/GfbT_5qhyic.h_4G3cGpA5J Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlMsOlwACgkQ7/fVLLY1mngnLwCdG0iHY2oMWguOxRosov29UGeY YdEAnjF4sFCzupUZPtkTSKJSOCaZAjEB =omHr -----END PGP SIGNATURE----- --Sig_/GfbT_5qhyic.h_4G3cGpA5J-- From nobody Fri Mar 21 06:13:09 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93A7B1A098E for ; Fri, 21 Mar 2014 06:13:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.448 X-Spam-Level: X-Spam-Status: No, score=-2.448 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1AD3MU3bko1J for ; Fri, 21 Mar 2014 06:13:06 -0700 (PDT) Received: from rock.ICSI.Berkeley.EDU (rock.ICSI.Berkeley.EDU [192.150.186.19]) by ietfa.amsl.com (Postfix) with ESMTP id A83DF1A03E2 for ; Fri, 21 Mar 2014 06:13:04 -0700 (PDT) Received: from localhost (localhost.localdomain [127.0.0.1]) by rock.ICSI.Berkeley.EDU (Postfix) with ESMTP id AC7FE2C4025; Fri, 21 Mar 2014 06:12:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at ICSI.Berkeley.EDU Received: from rock.ICSI.Berkeley.EDU ([127.0.0.1]) by localhost (maihub.ICSI.Berkeley.EDU [127.0.0.1]) (amavisd-new, port 10024) with LMTP id WvZ237TJrKsL; Fri, 21 Mar 2014 06:12:55 -0700 (PDT) Received: from [10.0.1.22] (c-76-103-162-14.hsd1.ca.comcast.net [76.103.162.14]) (Authenticated sender: nweaver) by rock.ICSI.Berkeley.EDU (Postfix) with ESMTP id C4E6D2C4023; Fri, 21 Mar 2014 06:12:54 -0700 (PDT) Content-Type: multipart/signed; boundary="Apple-Mail=_54B810FA-9218-45B9-9FC8-E5268B68A712"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\)) From: Nicholas Weaver In-Reply-To: <20140321091049.4ec772d0@ispx.vb.futz.org> Date: Fri, 21 Mar 2014 06:12:53 -0700 Message-Id: References: <532BCC66.8070106@cis-india.org> <88D5C8D3-2863-412F-9B8D-7A72E1356F70@isoc.org> <52D70C79-2156-4C8C-848E-CAA2C71A10C2@icsi.berkeley.edu> <20140321091049.4ec772d0@ispx.vb.futz.org> To: Robert Story X-Mailer: Apple Mail (2.1874) Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/-EXQ6PQ55v3UFr2R-NcGiv5OaMo Cc: Robin Wilton , "" , Nicholas Weaver , Pranesh Prakash Subject: Re: [perpass] Gmail is now HTTPS-only X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Mar 2014 13:13:07 -0000 --Apple-Mail=_54B810FA-9218-45B9-9FC8-E5268B68A712 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On Mar 21, 2014, at 6:10 AM, Robert Story wrote: > Unless the client does the decryption locally... If gmail offered this > option, I'm sure browser plugin writers would meet the challenge = quickly.. That is no longer webmail. It would have serious usability problems. = And to further put the obvious, even that provides no protection for = incoming messages. -- Nicholas Weaver it is a tale, told by an idiot, nweaver@icsi.berkeley.edu full of sound and fury, 510-666-2903 .signifying nothing PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc --Apple-Mail=_54B810FA-9218-45B9-9FC8-E5268B68A712 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJTLDrVAAoJEG2B1w+SDi/uA5sP/1Oj4+yqc1mQRlO/uipGpzh3 9VT5NYiGV4WkVV24NrC7kWVP+dPq70RxNxZ6xHRxlYFeZLwqItGAUZxkREupMmZk nmrT54n/w+2YTkUrZy89WQ8/XW2jWKMByhs3JlXgn9t0ZkG5y0NxpXdjy+obAvwN wueg1CWkWnHSR6Mus9rrmEAc9KSecoqx3bgfkib1d2dCdR3rdfFS04AmrCxGVV5/ PxNorDh6d7qzBWzU51Bnv5gw2QOQsp+Yeaq67jstfd9D/IAWVK+0aW2939ruvcD2 SxlDPvYHNoLGBMWW0gm6Aa135pF2/I/4noem0gzzSqhC+OuRrQZkNxC8Z/c7ZFcX D7ZvCE7o6xyC7R7YjQol1AKQYx8vWzJ/s0ee4o65oXLxHwsOJh+pCs2zIXK35G/Z gmP8IzTiklOr96lbAQ5YrDwkQkP7hPOswcOASIOEzQje6DSkv0s+JqWQ3lOLpo0Q Q8s3jD+O9p88swouRnWkiRFNIdtiwXPYT/iWKyW3tm/QVs2u5D4Sdi0/Rvca/IAZ uvGh0a1k/HMEKi0i8zxm3j8b4jWnQTUl7Vn3k9RDMFwjwv4JSVLxe+hjLcNA1OYE UF53zxwn/QklbQo6lhrmZDlcpIxoYSjLraVSWXyKOcLT/rLtvsJWEgntRLdjEdv7 F78a4K8e0y0bEiNvMux4 =lSgP -----END PGP SIGNATURE----- --Apple-Mail=_54B810FA-9218-45B9-9FC8-E5268B68A712-- From nobody Fri Mar 21 07:30:05 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50D621A09A0 for ; Fri, 21 Mar 2014 07:29:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.447 X-Spam-Level: X-Spam-Status: No, score=-7.447 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.547] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X0ISzgyBfI-0 for ; Fri, 21 Mar 2014 07:29:55 -0700 (PDT) Received: from SMTP15.europarl.europa.eu (smtp15.europarl.europa.eu [136.173.62.228]) by ietfa.amsl.com (Postfix) with ESMTP id 98B291A08DD for ; Fri, 21 Mar 2014 07:29:53 -0700 (PDT) Received: from EMAILLUXSV32.ep.parl.union.eu (unverified) by SMTP15.europarl.europa.eu (European Parliament) with ESMTP id ; Fri, 21 Mar 2014 15:29:43 +0100 Received: from eicibwp078.ep.parl.union.eu ([136.173.96.208]) by EMAILLUXSV32.ep.parl.union.eu with Microsoft SMTPSVC(6.0.3790.4675); Fri, 21 Mar 2014 15:29:43 +0100 Received: from UCEXBWP023.ep.parl.union.eu ([10.127.249.57]) by eicibwp078.ep.parl.union.eu with Microsoft SMTPSVC(6.0.3790.4675); Fri, 21 Mar 2014 15:29:42 +0100 Received: from UCEXBWP015.ep.parl.union.eu (10.127.249.49) by UCEXBWP023.ep.parl.union.eu (10.127.249.57) with Microsoft SMTP Server (TLS) id 14.3.174.1; Fri, 21 Mar 2014 15:29:42 +0100 Received: from UCEXBWP009.ep.parl.union.eu ([169.254.7.229]) by UCEXBWP015.ep.parl.union.eu ([169.254.2.227]) with mapi id 14.03.0174.001; Fri, 21 Mar 2014 15:29:41 +0100 From: JOSEFSSON Erik To: 'Nicholas Weaver' , Robert Story Thread-Topic: [perpass] Gmail is now HTTPS-only Thread-Index: AQHPRMV+zJ2GJuHar06pLOO1in1R2JrrWmwAgAAWOQCAAAMBgIAAAJSAgAAk1VA= Date: Fri, 21 Mar 2014 14:29:40 +0000 Message-ID: <4B654B63C9A4614EA1F088B2490E8F3A0227EA4A@UCEXBWP009.ep.parl.union.eu> References: <532BCC66.8070106@cis-india.org> <88D5C8D3-2863-412F-9B8D-7A72E1356F70@isoc.org> <52D70C79-2156-4C8C-848E-CAA2C71A10C2@icsi.berkeley.edu> <20140321091049.4ec772d0@ispx.vb.futz.org> In-Reply-To: Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.127.249.9] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginalArrivalTime: 21 Mar 2014 14:29:42.0882 (UTC) FILETIME=[0000E420:01CF4512] Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/iYnsfCgr8Ds4u4JzVGrXgRntXLA Cc: Robin Wilton , "" , Pranesh Prakash Subject: Re: [perpass] Gmail is now HTTPS-only X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Mar 2014 14:30:00 -0000 I would very much like to have Mailpile in the next version of DebianParl: https://mailpile.is/ https://wiki.debian.org/DebianParl/ Someone just needs to package it and take it to stable. //Erik -----Original Message----- From: perpass [mailto:perpass-bounces@ietf.org] On Behalf Of Nicholas Weave= r Sent: 21 March 2014 14:13 To: Robert Story Cc: Robin Wilton; ; Nicholas Weaver; Pranesh Prakash Subject: Re: [perpass] Gmail is now HTTPS-only On Mar 21, 2014, at 6:10 AM, Robert Story wrote: > Unless the client does the decryption locally... If gmail offered this > option, I'm sure browser plugin writers would meet the challenge quickly.= . That is no longer webmail. It would have serious usability problems. And = to further put the obvious, even that provides no protection for incoming m= essages. -- Nicholas Weaver it is a tale, told by an idiot, nweaver@icsi.berkeley.edu full of sound and fury, 510-666-2903 .signifying nothing PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc From nobody Fri Mar 21 07:47:51 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D0331A0755 for ; Fri, 21 Mar 2014 07:47:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2bC1gedmjo0h for ; Fri, 21 Mar 2014 07:47:46 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 2BB6D1A0738 for ; Fri, 21 Mar 2014 07:47:46 -0700 (PDT) Received: from [10.70.10.55] (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 90279F984; Fri, 21 Mar 2014 10:47:32 -0400 (EDT) Message-ID: <532C5105.1040704@fifthhorseman.net> Date: Fri, 21 Mar 2014 10:47:33 -0400 From: Daniel Kahn Gillmor User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.3.0 MIME-Version: 1.0 To: JOSEFSSON Erik , 'Nicholas Weaver' , Robert Story References: <532BCC66.8070106@cis-india.org> <88D5C8D3-2863-412F-9B8D-7A72E1356F70@isoc.org> <52D70C79-2156-4C8C-848E-CAA2C71A10C2@icsi.berkeley.edu> <20140321091049.4ec772d0@ispx.vb.futz.org> <4B654B63C9A4614EA1F088B2490E8F3A0227EA4A@UCEXBWP009.ep.parl.union.eu> In-Reply-To: <4B654B63C9A4614EA1F088B2490E8F3A0227EA4A@UCEXBWP009.ep.parl.union.eu> X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="A6WIcpIC7DJsIw74kssLGdAGOWFHPwBXe" Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/0OtfM9wCzwJa17f16_rDUEr2Yws Cc: Robin Wilton , "" , Pranesh Prakash Subject: Re: [perpass] Gmail is now HTTPS-only X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Mar 2014 14:47:48 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --A6WIcpIC7DJsIw74kssLGdAGOWFHPwBXe Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 03/21/2014 10:29 AM, JOSEFSSON Erik wrote: > I would very much like to have Mailpile in the next version of DebianPa= rl: >=20 > https://mailpile.is/ >=20 > https://wiki.debian.org/DebianParl/ >=20 > Someone just needs to package it and take it to stable. The best way to start this process is to file a "request for packaging" (RFP) bug in debian. If you're already running some flavor of debian, and you have the reportbug package installed, you can just do: reportbug wnpp select "RFP" from the set of choices, and fill in the report. the actual packaging work will take time (whether you want to undertake it yourself or not), but knowing that users actively want the package is a nice incentive for packagers to work on it. Regards, --dkg --A6WIcpIC7DJsIw74kssLGdAGOWFHPwBXe Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iQJ8BAEBCgBmBQJTLFEFXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpcDy4P/RY64z42OL2qNyRp334dad2H zMFKVDAMw5ZdVF5Q6klSjHmd+pDYNNTwJ0e3F+N5IUJceOMU1kgNBHn1uJXyh+zx 8YaZe4XfwYsOTDwGiqed0apQh9mmtTNzvVrZ/h5e67K4wVfUI0hG46QbuQMBvnUa 5jIdhP6068EKDNaUc3/UbuCzodUhPlZ6Sf80V7G7SmMYGILOEIqJwt1zJBhe42Ke A0Q8YG6Nv+TvQgP/vGakyZVDfckqNeaHOT1mozs3SD30z/1dg6AO+kYfRz0Foa4L cMw4XIsY+ogSYxcH4gy90c8N7XhoiDTrZtfwBUMie0/H10/quTYYy1SCKqqOpZ9B T4/bSJ9iVxXyoWhXVDG90u99KiO9T3NcthvVjAC0XtV1opLTFjqtL1OVRxtWuZ2B vHivyTSRNOsjEdL7QwyhcxI3jbhh2UUwRhQ2n8ctzK3zoqCt+3euHmJYD4R0ZLLe 38+vcHztmtIyK3leg6lV6M7RLe/qk7niusV2nGjBw0oygXH6EMB1XOPunwDfSSte LPkuNegzItbziaKRTrgqJCqUtSYz8LCZpgFq/HgMVkKU/+GAKR20/AdyebJYQ4iU M4hN3c3qJjHHrg6BJmi3iP8RLcvBNWZqfeAxV2wGSwzkFrxZKHs0YNFmYwsndIr3 f2SRgH4XloKRMxXcNfQu =kc/b -----END PGP SIGNATURE----- --A6WIcpIC7DJsIw74kssLGdAGOWFHPwBXe-- From nobody Fri Mar 21 07:53:26 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABF981A099C for ; Fri, 21 Mar 2014 07:53:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.977 X-Spam-Level: X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OCwDU4204RXR for ; Fri, 21 Mar 2014 07:53:13 -0700 (PDT) Received: from mail-oa0-f42.google.com (mail-oa0-f42.google.com [209.85.219.42]) by ietfa.amsl.com (Postfix) with ESMTP id A3BBC1A0989 for ; Fri, 21 Mar 2014 07:53:13 -0700 (PDT) Received: by mail-oa0-f42.google.com with SMTP id i4so2645354oah.1 for ; Fri, 21 Mar 2014 07:53:04 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=+8u+acMR6zY0axt3w+rsEFZg5JpXYuTDW6oz34ARZsU=; b=YCXYDwJIdtUBqO2MoedlhtgyphjAy02kYbSzjAaPUjC2S5Pi2DOp4d3ZY6GU+A2SrX je0dp4p55lX0LGG1PmCBGdDz0aNqROUcmtNvHOr4ErUeVVpuPzLMocb9lc6rLBne2YOL +8Z7cplVr0wTMWVIPMMblmBtmxtG05Yv9idzpEK0/ZiBKS0kd8b6I8O1iPpLyBlk9fEf UGaVBkgK/7T3QWXpiaUb+veSKlHTOAaIvQqrW1W5LqRc8hhjkPUNr1G5NIi71MSCK0N3 Ur0ESIvraMKBmEdlQUwBN9j05lN1i1HXBWjMq98wv1jzR3sk71Ko3u9DOns7NpAGQ99M +szw== X-Gm-Message-State: ALoCoQmxTD1qSkRgaYr4jxx/sQveMMiNiHIslYuLK5dOd8y4qN3IaX9Juz1yZ5+ksqxwlESlDnKP MIME-Version: 1.0 X-Received: by 10.60.73.164 with SMTP id m4mr43268310oev.8.1395413584089; Fri, 21 Mar 2014 07:53:04 -0700 (PDT) Received: by 10.60.69.102 with HTTP; Fri, 21 Mar 2014 07:53:04 -0700 (PDT) In-Reply-To: <4EBDCBE9-F8F1-415A-B8D5-DBA881B7ED17@fugue.com> References: <532BCC66.8070106@cis-india.org> <88D5C8D3-2863-412F-9B8D-7A72E1356F70@isoc.org> <4EBDCBE9-F8F1-415A-B8D5-DBA881B7ED17@fugue.com> Date: Fri, 21 Mar 2014 10:53:04 -0400 Message-ID: From: Richard Barnes To: Ted Lemon Content-Type: multipart/alternative; boundary=001a1135f1b0feaad904f51f0aa4 Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/ELVFagX8S9bVCz1B7Qebvs8hgio Cc: Robin Wilton , "" , Pranesh Prakash Subject: Re: [perpass] Gmail is now HTTPS-only X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Mar 2014 14:53:18 -0000 --001a1135f1b0feaad904f51f0aa4 Content-Type: text/plain; charset=ISO-8859-1 On Fri, Mar 21, 2014 at 8:27 AM, Ted Lemon wrote: > On Mar 21, 2014, at 7:40 AM, Robin Wilton wrote: > > Even if an email goes from my browser to Google's servers over https, > and goes between Google's servers over https, I did not see a commitment to > encryption of the email when it is at rest, rather than in motion... > > Best is the enemy of good enough. To compromise your mail on the server, > they have to compromise the server. To compromise it in flight, they just > have to tap the network. > Mail on the server is precisely what PRISM went after. Which would you rather do, dig up a sub-sea cable, or tap a server admin on the shoulder? --Richard > > _______________________________________________ > perpass mailing list > perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass > --001a1135f1b0feaad904f51f0aa4 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
On F= ri, Mar 21, 2014 at 8:27 AM, Ted Lemon <mellon@fugue.com> wro= te:
On Mar 21, 2014, at 7:40 AM, Robin Wilton <wilton@isoc.org> wrote:
> Even if an email goes from my browser to Google's servers over htt= ps, and goes between Google's servers over https, I did not see a commi= tment to encryption of the email when it is at rest, rather than in motion.= ..

Best is the enemy of good enough. =A0 To compromise your mail on the = server, they have to compromise the server. =A0 To compromise it in flight,= they just have to tap the network.

Mai= l on the server is precisely what PRISM went after.
=

Which would you rather do, dig up a sub-sea cable, or t= ap a server admin on the shoulder?

--Richard


=A0

_______________________________________________
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass

--001a1135f1b0feaad904f51f0aa4-- From nobody Fri Mar 21 08:02:13 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D0B31A0738 for ; Fri, 21 Mar 2014 08:02:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.602 X-Spam-Level: X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MMAgQO84VrBQ for ; Fri, 21 Mar 2014 08:02:06 -0700 (PDT) Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0207.outbound.protection.outlook.com [207.46.163.207]) by ietfa.amsl.com (Postfix) with ESMTP id 79F4B1A03FA for ; Fri, 21 Mar 2014 08:02:06 -0700 (PDT) Received: from BN1PR06MB119.namprd06.prod.outlook.com (10.255.204.25) by BN1PR06MB118.namprd06.prod.outlook.com (10.255.204.20) with Microsoft SMTP Server (TLS) id 15.0.898.11; Fri, 21 Mar 2014 15:01:49 +0000 Received: from BN1PR06MB119.namprd06.prod.outlook.com ([169.254.14.218]) by BN1PR06MB119.namprd06.prod.outlook.com ([169.254.14.225]) with mapi id 15.00.0898.005; Fri, 21 Mar 2014 15:01:48 +0000 From: Robin Wilton To: Ted Lemon Thread-Topic: [perpass] Gmail is now HTTPS-only Thread-Index: AQHPRMV8PfFlKRP580inBqWVprUmkJrraxYAgAANNwCAACr9AA== Date: Fri, 21 Mar 2014 15:01:47 +0000 Message-ID: <915CE41D-84BA-4C1A-A662-A61BA4EC23AA@isoc.org> References: <532BCC66.8070106@cis-india.org> <88D5C8D3-2863-412F-9B8D-7A72E1356F70@isoc.org> <4EBDCBE9-F8F1-415A-B8D5-DBA881B7ED17@fugue.com> In-Reply-To: <4EBDCBE9-F8F1-415A-B8D5-DBA881B7ED17@fugue.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [78.41.129.5] x-forefront-prvs: 0157DEB61B x-forefront-antispam-report: SFV:NSPM; SFS:(10019001)(6009001)(428001)(377454003)(189002)(51704005)(252514010)(199002)(24454002)(95416001)(4396001)(47976001)(50986001)(74876001)(82746002)(81686001)(59766001)(74366001)(74706001)(94946001)(47736001)(49866001)(53806001)(31966008)(74662001)(74502001)(95666003)(83322001)(77982001)(76482001)(56776001)(54316002)(63696002)(80022001)(20776003)(65816001)(66066001)(79102001)(97186001)(87936001)(19580405001)(19580395003)(46102001)(80976001)(81816001)(51856001)(54356001)(47446002)(81342001)(76796001)(2656002)(83716003)(83072002)(69226001)(77096001)(86362001)(87266001)(36756003)(92566001)(92726001)(81542001)(90146001)(56816005)(93516002)(76786001)(85306002)(85852003)(94316002)(93136001)(33656001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN1PR06MB118; H:BN1PR06MB119.namprd06.prod.outlook.com; FPR:1856FE67.A4C65E08.F9E09FAF.44929930.201D6; MLV:sfv; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (: isoc.org does not designate permitted sender hosts) Content-Type: multipart/signed; boundary="Apple-Mail=_A9B46F07-AFCA-4701-9098-0EEC7C77F1A8"; protocol="application/pkcs7-signature"; micalg=sha1 MIME-Version: 1.0 X-OriginatorOrg: isoc.org Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/QfXjDsZQjPPmUIWdYZ5-hKKjjdM Cc: "" , Pranesh Prakash Subject: Re: [perpass] Gmail is now HTTPS-only X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Mar 2014 15:02:11 -0000 --Apple-Mail=_A9B46F07-AFCA-4701-9098-0EEC7C77F1A8 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 On 21 Mar 2014, at 12:27, Ted Lemon wrote: > On Mar 21, 2014, at 7:40 AM, Robin Wilton wrote: >> Even if an email goes from my browser to Google's servers over https, = and goes between Google's servers over https, I did not see a commitment = to encryption of the email when it is at rest, rather than in motion... >=20 > Best is the enemy of good enough. To compromise your mail on the = server, they have to compromise the server. To compromise it in = flight, they just have to tap the network. >=20 Oh, I'm not suggesting that deployment of https should be deferred until = there's end-to-end encryption. I'll certainly take https if it's = offered. I was just pointing out that this announcement doesn't = represent a change in Google's business model of monetizing the contents = of Gmail correspondence. R=20 Robin Wilton Technical Outreach Director - Identity and Privacy Internet Society email: wilton@isoc.org Phone: +44 705 005 2931 Twitter: @futureidentity= --Apple-Mail=_A9B46F07-AFCA-4701-9098-0EEC7C77F1A8 Content-Disposition: attachment; filename="smime.p7s" Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIIvDCCBBYw ggL+oAMCAQICCwQAAAAAAS9O4SzhMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJFMRkwFwYD VQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT aWduIFJvb3QgQ0EwHhcNMTEwNDEzMTAwMDAwWhcNMTkwNDEzMTAwMDAwWjBUMQswCQYDVQQGEwJC RTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEqMCgGA1UEAxMhR2xvYmFsU2lnbiBQZXJzb25h bFNpZ24gMSBDQSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8aUcr5BvPNGj x0+LH0uRqeZCHrYQ7KN3QuahfxY8fAzAbnvNDzGdEMyKn3+YX+k/QbAGNJOSFRxrAfhviF7WGcqD lin3HracDqMRgwrknWuFeqxhN2J7uXs3Y0zluJEkEittRXv+ZdXOG/Gp3gtoz5P9noc5jBbfWQpQ BhcaJA2ucABbUVTHDTxi7dBY8mTWq6kRAkGWBybHwq0YX+jaHudtQw0oBEmxjpJFP9qIXu0ckU/+ OhtnAhrgzrsd4oAyqgc6u4dBYERcjDJFohihjbzPozgKDSSbdr44uO3p9Bg6ibjCxn2besLrIE7u poxvV09Fsf7hDeD/jcvs64z8pQIDAQABo4HlMIHiMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8E CDAGAQH/AgEAMB0GA1UdDgQWBBTsrJjMJ3KTz1YyzSPHnY1FhfQiAzBHBgNVHSAEQDA+MDwGBFUd IAAwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8w MwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5nbG9iYWxzaWduLm5ldC9yb290LmNybDAfBgNV HSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUFAAOCAQEAr7unyEtmt9Ia 7hmNpqP+xMd0t5hLM0QBY8G3Dlg70XI6F+ZeSZeeXgCtUT/JhdQ+HsJ8+c6HypDuvg/OZ0gILDFI a9LDfRWm+tHIgxKaJjtCy0izg838dLwwnt/O3kA9N/htEYev2lsmWYCV9cVUm5V1tW3XuYNg6Sbt cDRH+Ki1RED9es3R0BgHSm012KPxsiAOOxuhm1D3Iqs1qe6ms5WTKXVgwb/j/kplOa13nshhc8zU LVO+oAlD4+7czNK2RJiTvhJiDJDRTZy3DJ3BCQ8rXOGdWzDEI5uiB8TZ0s327g44Ylc6dgKgYelN n9RLYjNETX8OIJZlr0tFYpcYrDCCBJ4wggOGoAMCAQICEGZgT+TGYtW+XJFC/uaWLhwwDQYJKoZI hvcNAQEFBQAwVDELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExKjAoBgNV BAMTIUdsb2JhbFNpZ24gUGVyc29uYWxTaWduIDEgQ0EgLSBHMjAeFw0xMzA3MDIxMzA4NTBaFw0x NjA3MDIxMzA4NTBaMDoxGDAWBgNVBAMMD3dpbHRvbkBpc29jLm9yZzEeMBwGCSqGSIb3DQEJARYP d2lsdG9uQGlzb2Mub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXFv/b3D0Hgt yFZ0fwd7y1X2zNMap0xTZn4a5nonOFedmZA626x88a0jv9GRNWpzjAu2AycDSdLH1qlWPurMLIiX 5JsEKlByX879TizmNbHlUnIpDQwXq4ODfsrPstSNyh88Cov4WXAqr1T3CREjN5We7L7h/hfTc2rC iCPXqbSnob6OhOAi46PWoed2SGqorNQYlETt6h2KU+U+iY4jyRqHIgPG82ylCXoWJC3zl2+e48PS Qy62a/4dUGIoMLLPztIIgzJS6Hq58ZgO8tkNwoED5OdtbbY1MYzAifb3bQQjOjZyM31kapseEeiy DYqHel5Gpoz1GfW2Qv0NMZ0ANwIDAQABo4IBhDCCAYAwDgYDVR0PAQH/BAQDAgWgMEwGA1UdIARF MEMwQQYJKwYBBAGgMgEoMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29t L3JlcG9zaXRvcnkvMBoGA1UdEQQTMBGBD3dpbHRvbkBpc29jLm9yZzAJBgNVHRMEAjAAMB0GA1Ud JQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLmds b2JhbHNpZ24uY29tL2dzL2dzcGVyc29uYWxzaWduMWcyLmNybDBVBggrBgEFBQcBAQRJMEcwRQYI KwYBBQUHMAKGOWh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzcGVyc29uYWxz aWduMWcyLmNydDAdBgNVHQ4EFgQUQjRxfdqFc6xPpajaSzuD2wzsV4owHwYDVR0jBBgwFoAU7KyY zCdyk89WMs0jx52NRYX0IgMwDQYJKoZIhvcNAQEFBQADggEBAFmkOj2M8636zFdLGl30Hc/njsvX 8mlA76DAUuV/d3EtbtyVrURAvugN+Q6yfl5pSSvqjr2vQzREdJZcw+eEGsqw0BMNvN3BOs9WiK9a m/BKsQr22W/k006T8aJIluvEPj0wIoJ6jM/1O4ll6vpYmeGFzZ//5OnZmgRbfwD6u4lblbFzb1rW bMkO7wyMgzwcnmDpENlIoqL0poqDz0TfagKG2/0UKS2OYmZW7WfmkKxq3ODoRp4XLTyrSycDUsB1 7VIjQG9Wx7FNZREfYf/OLOFHatoMLIiGCvLTMc/f3ijGadNGSTTZ5SE3Y7vXM7KmSsraGRhV2BQI iapDLC2ImnkxggLkMIIC4AIBATBoMFQxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWdu IG52LXNhMSowKAYDVQQDEyFHbG9iYWxTaWduIFBlcnNvbmFsU2lnbiAxIENBIC0gRzICEGZgT+TG YtW+XJFC/uaWLhwwCQYFKw4DAhoFAKCCAVEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkq hkiG9w0BCQUxDxcNMTQwMzIxMTUwMTIxWjAjBgkqhkiG9w0BCQQxFgQUdzmNLd8Qpi+bTg/Z0Ch7 HWJBB5MwdwYJKwYBBAGCNxAEMWowaDBUMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2ln biBudi1zYTEqMCgGA1UEAxMhR2xvYmFsU2lnbiBQZXJzb25hbFNpZ24gMSBDQSAtIEcyAhBmYE/k xmLVvlyRQv7mli4cMHkGCyqGSIb3DQEJEAILMWqgaDBUMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQ R2xvYmFsU2lnbiBudi1zYTEqMCgGA1UEAxMhR2xvYmFsU2lnbiBQZXJzb25hbFNpZ24gMSBDQSAt IEcyAhBmYE/kxmLVvlyRQv7mli4cMA0GCSqGSIb3DQEBAQUABIIBAIq1Zq1uJ5YsHLoztdFQYN/Q zdYlWAc3BiCXJsP3U1Ho/dGxg6Z8vpKOxN8wWS1iiFPBfOoxWHvRU/BwMBj/UKDXzY3bRrhMk+oF Igxxk1LrUzEZ7MNNMnwY+sWsUGx+dGxvNLbAJ5E9kvnthSedqiEKWUsYJvAW/f7gCnqoR8GhQT2F 5Bs7JN+LGxRbyDovbMaxJt20pXA12nCzOfjfWRTnDo1m5LFhnAeB8cClmNdu/+odYB24BrnGUJFn 0OIJUkC38+lhY4HH8y6OqdcmeN5Kwpg9kqJouuUmlCeue06YVA1sXVgc1J8gKC8B3GjENb7FGx7D LZEu3zgqltI4VAIAAAAAAAA= --Apple-Mail=_A9B46F07-AFCA-4701-9098-0EEC7C77F1A8-- From nobody Fri Mar 21 08:10:41 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62DA51A09B8 for ; Fri, 21 Mar 2014 08:10:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.602 X-Spam-Level: X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id agY2ybNBX2xj for ; Fri, 21 Mar 2014 08:10:35 -0700 (PDT) Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2lp0239.outbound.protection.outlook.com [207.46.163.239]) by ietfa.amsl.com (Postfix) with ESMTP id 467761A0989 for ; Fri, 21 Mar 2014 08:10:34 -0700 (PDT) Received: from BN1PR06MB119.namprd06.prod.outlook.com (10.255.204.25) by BN1PR06MB117.namprd06.prod.outlook.com (10.255.204.17) with Microsoft SMTP Server (TLS) id 15.0.898.11; Fri, 21 Mar 2014 15:10:23 +0000 Received: from BN1PR06MB119.namprd06.prod.outlook.com ([169.254.14.218]) by BN1PR06MB119.namprd06.prod.outlook.com ([169.254.14.225]) with mapi id 15.00.0898.005; Fri, 21 Mar 2014 15:10:22 +0000 From: Robin Wilton To: Nicholas Weaver Thread-Topic: [perpass] Gmail is now HTTPS-only Thread-Index: AQHPRMV8PfFlKRP580inBqWVprUmkJrraxYAgAAWUgCAACRIgA== Date: Fri, 21 Mar 2014 15:10:22 +0000 Message-ID: <07566854-ACE7-475F-AB1B-3EC239D1851E@isoc.org> References: <532BCC66.8070106@cis-india.org> <88D5C8D3-2863-412F-9B8D-7A72E1356F70@isoc.org> <52D70C79-2156-4C8C-848E-CAA2C71A10C2@icsi.berkeley.edu> In-Reply-To: <52D70C79-2156-4C8C-848E-CAA2C71A10C2@icsi.berkeley.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [78.41.129.5] x-forefront-prvs: 0157DEB61B x-forefront-antispam-report: SFV:NSPM; SFS:(10019001)(6009001)(428001)(377454003)(24454002)(199002)(189002)(51704005)(74876001)(81542001)(81342001)(83716003)(74706001)(74502001)(47446002)(31966008)(15975445006)(81686001)(74662001)(90146001)(566704002)(82746002)(74366001)(19580395003)(77982001)(93516002)(86362001)(76786001)(54356001)(85852003)(69226001)(83072002)(97186001)(15202345003)(94316002)(95666003)(94946001)(80976001)(95416001)(85306002)(2171001)(56816005)(51856001)(87936001)(92566001)(53806001)(76482001)(93136001)(92726001)(65816001)(59766001)(63696002)(76796001)(54316002)(77096001)(81816001)(33656001)(19580405001)(20776003)(79102001)(83322001)(47736001)(49866001)(47976001)(87266001)(2656002)(46102001)(56776001)(50986001)(80022001)(66066001)(36756003)(4396001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN1PR06MB117; H:BN1PR06MB119.namprd06.prod.outlook.com; FPR:EC5EF624.8F06D409.1DFBD3B.46DDDC79.20282; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (: isoc.org does not designate permitted sender hosts) Content-Type: multipart/signed; boundary="Apple-Mail=_C94923C8-3C1E-4282-831A-590B72228D25"; protocol="application/pkcs7-signature"; micalg=sha1 MIME-Version: 1.0 X-OriginatorOrg: isoc.org Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/gEDozyL7riuGVirP5J0KW7wshuQ Cc: "" , Pranesh Prakash Subject: Re: [perpass] Gmail is now HTTPS-only X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Mar 2014 15:10:38 -0000 --Apple-Mail=_C94923C8-3C1E-4282-831A-590B72228D25 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 On 21 Mar 2014, at 13:00, Nicholas Weaver wrote: >=20 > On Mar 21, 2014, at 4:40 AM, Robin Wilton wrote: >=20 >> To pick the obvious nit... >>=20 >> Even if an email goes from my browser to Google's servers over https, = and goes between Google's servers over https, I did not see a commitment = to encryption of the email when it is at rest, rather than in motion... >=20 > To reply with the obvious: It is IMPOSSIBLE to secure data at rest in = the context of a webmail system: server control can always enable = accessing of all documents when the user logs in to check their webmail. I'd dispute your use of the word "impossible". It might be tricky to = design something easy to use, and it would raise the usual end-to-end = encryption problems of key exchange and key management, but there's = nothing inherent in webmail as a transfer mechanism that means it can't = transfer encrypted content. For instance: last time I used the PGP = tools, they offered the ability to encrypt whatever's in the clipboard. = There's nothing to stop me pasting the result into a webmail and = inviting my corespondent to reverse the process. Sending an encrypted file as an attachment to a webmail would also work. R >=20 >=20 > -- > Nicholas Weaver it is a tale, told by an idiot, > nweaver@icsi.berkeley.edu full of sound and fury, > 510-666-2903 .signifying nothing > PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc >=20 --Apple-Mail=_C94923C8-3C1E-4282-831A-590B72228D25 Content-Disposition: attachment; filename="smime.p7s" Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIIvDCCBBYw ggL+oAMCAQICCwQAAAAAAS9O4SzhMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJFMRkwFwYD VQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT aWduIFJvb3QgQ0EwHhcNMTEwNDEzMTAwMDAwWhcNMTkwNDEzMTAwMDAwWjBUMQswCQYDVQQGEwJC RTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEqMCgGA1UEAxMhR2xvYmFsU2lnbiBQZXJzb25h bFNpZ24gMSBDQSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8aUcr5BvPNGj x0+LH0uRqeZCHrYQ7KN3QuahfxY8fAzAbnvNDzGdEMyKn3+YX+k/QbAGNJOSFRxrAfhviF7WGcqD lin3HracDqMRgwrknWuFeqxhN2J7uXs3Y0zluJEkEittRXv+ZdXOG/Gp3gtoz5P9noc5jBbfWQpQ BhcaJA2ucABbUVTHDTxi7dBY8mTWq6kRAkGWBybHwq0YX+jaHudtQw0oBEmxjpJFP9qIXu0ckU/+ OhtnAhrgzrsd4oAyqgc6u4dBYERcjDJFohihjbzPozgKDSSbdr44uO3p9Bg6ibjCxn2besLrIE7u poxvV09Fsf7hDeD/jcvs64z8pQIDAQABo4HlMIHiMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8E CDAGAQH/AgEAMB0GA1UdDgQWBBTsrJjMJ3KTz1YyzSPHnY1FhfQiAzBHBgNVHSAEQDA+MDwGBFUd IAAwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8w MwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5nbG9iYWxzaWduLm5ldC9yb290LmNybDAfBgNV HSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUFAAOCAQEAr7unyEtmt9Ia 7hmNpqP+xMd0t5hLM0QBY8G3Dlg70XI6F+ZeSZeeXgCtUT/JhdQ+HsJ8+c6HypDuvg/OZ0gILDFI a9LDfRWm+tHIgxKaJjtCy0izg838dLwwnt/O3kA9N/htEYev2lsmWYCV9cVUm5V1tW3XuYNg6Sbt cDRH+Ki1RED9es3R0BgHSm012KPxsiAOOxuhm1D3Iqs1qe6ms5WTKXVgwb/j/kplOa13nshhc8zU LVO+oAlD4+7czNK2RJiTvhJiDJDRTZy3DJ3BCQ8rXOGdWzDEI5uiB8TZ0s327g44Ylc6dgKgYelN n9RLYjNETX8OIJZlr0tFYpcYrDCCBJ4wggOGoAMCAQICEGZgT+TGYtW+XJFC/uaWLhwwDQYJKoZI hvcNAQEFBQAwVDELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExKjAoBgNV BAMTIUdsb2JhbFNpZ24gUGVyc29uYWxTaWduIDEgQ0EgLSBHMjAeFw0xMzA3MDIxMzA4NTBaFw0x NjA3MDIxMzA4NTBaMDoxGDAWBgNVBAMMD3dpbHRvbkBpc29jLm9yZzEeMBwGCSqGSIb3DQEJARYP d2lsdG9uQGlzb2Mub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXFv/b3D0Hgt yFZ0fwd7y1X2zNMap0xTZn4a5nonOFedmZA626x88a0jv9GRNWpzjAu2AycDSdLH1qlWPurMLIiX 5JsEKlByX879TizmNbHlUnIpDQwXq4ODfsrPstSNyh88Cov4WXAqr1T3CREjN5We7L7h/hfTc2rC iCPXqbSnob6OhOAi46PWoed2SGqorNQYlETt6h2KU+U+iY4jyRqHIgPG82ylCXoWJC3zl2+e48PS Qy62a/4dUGIoMLLPztIIgzJS6Hq58ZgO8tkNwoED5OdtbbY1MYzAifb3bQQjOjZyM31kapseEeiy DYqHel5Gpoz1GfW2Qv0NMZ0ANwIDAQABo4IBhDCCAYAwDgYDVR0PAQH/BAQDAgWgMEwGA1UdIARF MEMwQQYJKwYBBAGgMgEoMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29t L3JlcG9zaXRvcnkvMBoGA1UdEQQTMBGBD3dpbHRvbkBpc29jLm9yZzAJBgNVHRMEAjAAMB0GA1Ud JQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLmds b2JhbHNpZ24uY29tL2dzL2dzcGVyc29uYWxzaWduMWcyLmNybDBVBggrBgEFBQcBAQRJMEcwRQYI KwYBBQUHMAKGOWh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzcGVyc29uYWxz aWduMWcyLmNydDAdBgNVHQ4EFgQUQjRxfdqFc6xPpajaSzuD2wzsV4owHwYDVR0jBBgwFoAU7KyY zCdyk89WMs0jx52NRYX0IgMwDQYJKoZIhvcNAQEFBQADggEBAFmkOj2M8636zFdLGl30Hc/njsvX 8mlA76DAUuV/d3EtbtyVrURAvugN+Q6yfl5pSSvqjr2vQzREdJZcw+eEGsqw0BMNvN3BOs9WiK9a m/BKsQr22W/k006T8aJIluvEPj0wIoJ6jM/1O4ll6vpYmeGFzZ//5OnZmgRbfwD6u4lblbFzb1rW bMkO7wyMgzwcnmDpENlIoqL0poqDz0TfagKG2/0UKS2OYmZW7WfmkKxq3ODoRp4XLTyrSycDUsB1 7VIjQG9Wx7FNZREfYf/OLOFHatoMLIiGCvLTMc/f3ijGadNGSTTZ5SE3Y7vXM7KmSsraGRhV2BQI iapDLC2ImnkxggLkMIIC4AIBATBoMFQxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWdu IG52LXNhMSowKAYDVQQDEyFHbG9iYWxTaWduIFBlcnNvbmFsU2lnbiAxIENBIC0gRzICEGZgT+TG YtW+XJFC/uaWLhwwCQYFKw4DAhoFAKCCAVEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkq hkiG9w0BCQUxDxcNMTQwMzIxMTUwOTU2WjAjBgkqhkiG9w0BCQQxFgQUmXTLoWvEb3YXqFX9OdS4 DjOrGfcwdwYJKwYBBAGCNxAEMWowaDBUMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2ln biBudi1zYTEqMCgGA1UEAxMhR2xvYmFsU2lnbiBQZXJzb25hbFNpZ24gMSBDQSAtIEcyAhBmYE/k xmLVvlyRQv7mli4cMHkGCyqGSIb3DQEJEAILMWqgaDBUMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQ R2xvYmFsU2lnbiBudi1zYTEqMCgGA1UEAxMhR2xvYmFsU2lnbiBQZXJzb25hbFNpZ24gMSBDQSAt IEcyAhBmYE/kxmLVvlyRQv7mli4cMA0GCSqGSIb3DQEBAQUABIIBACD2c7RaM+uoxWp9GMvay/Ak zWYBSm7T5Xw50C1UHpBfHNokPtaJVGT9q/kM/kpzxbhMi5FEjdEGwALJMimf6tJzasj821/1VKPk S8h5h8+8U8O/RD625almj9Q9bBw5q9tnkFQpbgLLMRZL4s4oiKNVVE2el1WStmHMXLwKauzzhisa NTJymSNvjBk1bEwJY/ttOVF+qe812Po5IQabogITX3+z16GOM8hou9/dUqAra0y6SuM4pAEQx9Wt 8y22d1At3O6qYtVOcZQ6JOOlD+lvaIS2bb4uT1YI/lSPtg/PJf5OyEtE36TYRDj5xtmHJvrZO4Oa 4F0gqh4JWD6Gu/YAAAAAAAA= --Apple-Mail=_C94923C8-3C1E-4282-831A-590B72228D25-- From nobody Fri Mar 21 08:54:09 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D13321A09C0 for ; Fri, 21 Mar 2014 08:54:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.448 X-Spam-Level: X-Spam-Status: No, score=-2.448 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pQRXc2ZQ0BBv for ; Fri, 21 Mar 2014 08:54:05 -0700 (PDT) Received: from rock.ICSI.Berkeley.EDU (rock.ICSI.Berkeley.EDU [192.150.186.19]) by ietfa.amsl.com (Postfix) with ESMTP id 562061A098A for ; Fri, 21 Mar 2014 08:54:05 -0700 (PDT) Received: from localhost (localhost.localdomain [127.0.0.1]) by rock.ICSI.Berkeley.EDU (Postfix) with ESMTP id 4CE772C4029; Fri, 21 Mar 2014 08:53:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at ICSI.Berkeley.EDU Received: from rock.ICSI.Berkeley.EDU ([127.0.0.1]) by localhost (maihub.ICSI.Berkeley.EDU [127.0.0.1]) (amavisd-new, port 10024) with LMTP id vyrAZEyufg-b; Fri, 21 Mar 2014 08:53:55 -0700 (PDT) Received: from [10.0.1.22] (c-76-103-162-14.hsd1.ca.comcast.net [76.103.162.14]) (Authenticated sender: nweaver) by rock.ICSI.Berkeley.EDU (Postfix) with ESMTP id C03FE2C4023; Fri, 21 Mar 2014 08:53:54 -0700 (PDT) Content-Type: multipart/signed; boundary="Apple-Mail=_BABDB9FE-3014-4466-AF48-5CF7C9E5F9B9"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\)) From: Nicholas Weaver In-Reply-To: <07566854-ACE7-475F-AB1B-3EC239D1851E@isoc.org> Date: Fri, 21 Mar 2014 08:53:53 -0700 Message-Id: <241C289D-D8C8-4137-BDFF-72600FF9F265@icsi.berkeley.edu> References: <532BCC66.8070106@cis-india.org> <88D5C8D3-2863-412F-9B8D-7A72E1356F70@isoc.org> <52D70C79-2156-4C8C-848E-CAA2C71A10C2@icsi.berkeley.edu> <07566854-ACE7-475F-AB1B-3EC239D1851E@isoc.org> To: Robin Wilton X-Mailer: Apple Mail (2.1874) Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/ukJUJKJtFhsQ7YwlNyqJ_0o3S5k Cc: "" , Nicholas Weaver , Pranesh Prakash Subject: Re: [perpass] Gmail is now HTTPS-only X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Mar 2014 15:54:07 -0000 --Apple-Mail=_BABDB9FE-3014-4466-AF48-5CF7C9E5F9B9 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 On Mar 21, 2014, at 8:10 AM, Robin Wilton wrote: >=20 >=20 > On 21 Mar 2014, at 13:00, Nicholas Weaver wrote: >=20 >>=20 >> On Mar 21, 2014, at 4:40 AM, Robin Wilton wrote: >>=20 >>> To pick the obvious nit... >>>=20 >>> Even if an email goes from my browser to Google's servers over = https, and goes between Google's servers over https, I did not see a = commitment to encryption of the email when it is at rest, rather than in = motion... >>=20 >> To reply with the obvious: It is IMPOSSIBLE to secure data at rest = in the context of a webmail system: server control can always enable = accessing of all documents when the user logs in to check their webmail. >=20 > I'd dispute your use of the word "impossible". It might be tricky to = design something easy to use, and it would raise the usual end-to-end = encryption problems of key exchange and key management, but there's = nothing inherent in webmail as a transfer mechanism that means it can't = transfer encrypted content. For instance: last time I used the PGP = tools, they offered the ability to encrypt whatever's in the clipboard. = There's nothing to stop me pasting the result into a webmail and = inviting my corespondent to reverse the process. > Sending an encrypted file as an attachment to a webmail would also = work. That is NOT encrypting in webmail. That is using webmail to transport = encrypted content. Why you can NEVER do meaningful encryption to protect data at rest from = the server in actual Webmail is that the "client" software is = dynamically provided by the server you are trying to protect the data = from! This is the "hushmail" and "lavabit" problem. Neither service is = actually able to protect the data at rest from a warrant, because the = data can always be accessed when the user logs in. Hushmail choses to = snitch content to law enforcement, lavabit shut down. You can only do "at-rest" protection on the mail server with a client = program. -- Nicholas Weaver it is a tale, told by an idiot, nweaver@icsi.berkeley.edu full of sound and fury, 510-666-2903 .signifying nothing PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc --Apple-Mail=_BABDB9FE-3014-4466-AF48-5CF7C9E5F9B9 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJTLGCRAAoJEG2B1w+SDi/uU/AQAIJLD5ya6LO91s6WuY7u0cHC grFGorfcsOPKGtYoKGUy9eXvcKIyGMYOfAXxBfFiUy/weWrDYi7oMEWpvbhdwQSO slIopdxxHhWUIDMueqvH3YipGcIq+Oj1zSxO0YADgu29GbeDza93+LyuwYr6v+0+ qfIFnt5OEPS8ouMubhXQHBzrbtddk4Xrp/Pj2J6VD7aY+881MFX3IbxLUzK/kHMO s4lUUZYomMc7wfgJgdahsV9f8tlSgX0fAopiksmURgRA/8ebesKyzHRK/wCp7lr5 z//fKD2aPCbmOMrxAVGVOvnvsz+VNmSOX3tNHW2CrrRyOSirzHmN2YFyFvY2/ZdY uds4J5OlvhX7IHBDtt74RYsKhMfZ0O0d2akPSqu/dRJST+7+6q90hBOgH11w4xoJ T6uhHQrDF+Ese5xT1moTO+WeRARS17mESUbvpI4VMfN+UrQQAOgrWgbeUSx2hAhO eXrV/ZLbT+W0H2RqmOLuqa8Xc31ww5dxk/Rbq5kTXBkHi1EJe8joEJZkQtCSVhzE yFO07Qfr6CgY7PAPl6jwVZlE+qrUxnFOiuPt/BOMMtfgydXxrWu/RWQ7UuL39xyY mgoWRRUwY+7as9GBcmXqsNIMaQFtgoOcIscHUolWL4KdkEmMnmk3YtTSm8wxEeY3 I2WFKZ4Qx8yXkB+D3uGg =p+t3 -----END PGP SIGNATURE----- --Apple-Mail=_BABDB9FE-3014-4466-AF48-5CF7C9E5F9B9-- From nobody Fri Mar 21 09:04:43 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B322C1A09F5 for ; Fri, 21 Mar 2014 09:04:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.602 X-Spam-Level: X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rSbrLIk03mqO for ; Fri, 21 Mar 2014 09:04:17 -0700 (PDT) Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2lp0243.outbound.protection.outlook.com [207.46.163.243]) by ietfa.amsl.com (Postfix) with ESMTP id 18FD21A09F4 for ; Fri, 21 Mar 2014 09:04:17 -0700 (PDT) Received: from BN1PR06MB119.namprd06.prod.outlook.com (10.255.204.25) by BN1PR06MB120.namprd06.prod.outlook.com (10.255.204.27) with Microsoft SMTP Server (TLS) id 15.0.898.11; Fri, 21 Mar 2014 16:04:06 +0000 Received: from BN1PR06MB119.namprd06.prod.outlook.com ([169.254.14.218]) by BN1PR06MB119.namprd06.prod.outlook.com ([169.254.14.225]) with mapi id 15.00.0898.005; Fri, 21 Mar 2014 16:04:06 +0000 From: Robin Wilton To: Nicholas Weaver Thread-Topic: [perpass] Gmail is now HTTPS-only Thread-Index: AQHPRMV8PfFlKRP580inBqWVprUmkJrraxYAgAAWUgCAACRIgIAADEmAgAACuoA= Date: Fri, 21 Mar 2014 16:04:05 +0000 Message-ID: References: <532BCC66.8070106@cis-india.org> <88D5C8D3-2863-412F-9B8D-7A72E1356F70@isoc.org> <52D70C79-2156-4C8C-848E-CAA2C71A10C2@icsi.berkeley.edu> <07566854-ACE7-475F-AB1B-3EC239D1851E@isoc.org> <241C289D-D8C8-4137-BDFF-72600FF9F265@icsi.berkeley.edu> In-Reply-To: <241C289D-D8C8-4137-BDFF-72600FF9F265@icsi.berkeley.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [78.41.129.5] x-forefront-prvs: 0157DEB61B x-forefront-antispam-report: SFV:NSPM; SFS:(10019001)(6009001)(428001)(199002)(189002)(377454003)(51704005)(24454002)(80976001)(19580405001)(15202345003)(77096001)(19580395003)(56776001)(54316002)(69226001)(95666003)(83322001)(87266001)(74876001)(76786001)(15975445006)(2171001)(97186001)(59766001)(566704002)(76796001)(74366001)(2656002)(81542001)(81342001)(74706001)(56816005)(93136001)(90146001)(82746002)(94946001)(63696002)(77982001)(53806001)(76482001)(54356001)(94316002)(33656001)(93516002)(86362001)(51856001)(87936001)(4396001)(47976001)(49866001)(50986001)(31966008)(47736001)(20776003)(81686001)(66066001)(65816001)(47446002)(83072002)(46102001)(85852003)(79102001)(95416001)(85306002)(36756003)(81816001)(74502001)(74662001)(80022001)(92566001)(92726001)(83716003); DIR:OUT; SFP:1102; SCL:1; SRVR:BN1PR06MB120; H:BN1PR06MB119.namprd06.prod.outlook.com; FPR:EE5CF614.AF06D102.DDF9D3F.5ADDDE79.2035E; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (: isoc.org does not designate permitted sender hosts) Content-Type: multipart/signed; boundary="Apple-Mail=_C71AD829-FE3C-44E1-91A6-FBC644A5CF30"; protocol="application/pkcs7-signature"; micalg=sha1 MIME-Version: 1.0 X-OriginatorOrg: isoc.org Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/9FF96Cnxr406_HohuX_vAVGjjtE Cc: "" , Pranesh Prakash Subject: Re: [perpass] Gmail is now HTTPS-only X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Mar 2014 16:04:21 -0000 --Apple-Mail=_C71AD829-FE3C-44E1-91A6-FBC644A5CF30 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 On 21 Mar 2014, at 15:53, Nicholas Weaver wrote: >=20 > On Mar 21, 2014, at 8:10 AM, Robin Wilton wrote: >=20 >>=20 >>=20 >> On 21 Mar 2014, at 13:00, Nicholas Weaver wrote: >>=20 >>>=20 >>> On Mar 21, 2014, at 4:40 AM, Robin Wilton wrote: >>>=20 >>>> To pick the obvious nit... >>>>=20 >>>> Even if an email goes from my browser to Google's servers over = https, and goes between Google's servers over https, I did not see a = commitment to encryption of the email when it is at rest, rather than in = motion... >>>=20 >>> To reply with the obvious: It is IMPOSSIBLE to secure data at rest = in the context of a webmail system: server control can always enable = accessing of all documents when the user logs in to check their webmail. >>=20 >> I'd dispute your use of the word "impossible". It might be tricky to = design something easy to use, and it would raise the usual end-to-end = encryption problems of key exchange and key management, but there's = nothing inherent in webmail as a transfer mechanism that means it can't = transfer encrypted content. For instance: last time I used the PGP = tools, they offered the ability to encrypt whatever's in the clipboard. = There's nothing to stop me pasting the result into a webmail and = inviting my corespondent to reverse the process. >> Sending an encrypted file as an attachment to a webmail would also = work. >=20 > That is NOT encrypting in webmail. That is using webmail to transport = encrypted content. I was just exploiting the loophole you left me when you phrased it, = originally, as securing "data at rest in the context of a webmail = system", rather than "encrypting in webmail", as you phrase it now.=20 >=20 >=20 > Why you can NEVER do meaningful encryption to protect data at rest = from the server in actual Webmail is that the "client" software is = dynamically provided by the server you are trying to protect the data = from! >=20 > This is the "hushmail" and "lavabit" problem. Neither service is = actually able to protect the data at rest from a warrant, because the = data can always be accessed when the user logs in. Hushmail choses to = snitch content to law enforcement, lavabit shut down. >=20 > You can only do "at-rest" protection on the mail server with a client = program. >=20 > -- > Nicholas Weaver it is a tale, told by an idiot, > nweaver@icsi.berkeley.edu full of sound and fury, > 510-666-2903 .signifying nothing > PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc >=20 --Apple-Mail=_C71AD829-FE3C-44E1-91A6-FBC644A5CF30 Content-Disposition: attachment; filename="smime.p7s" Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIIvDCCBBYw ggL+oAMCAQICCwQAAAAAAS9O4SzhMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJFMRkwFwYD VQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT aWduIFJvb3QgQ0EwHhcNMTEwNDEzMTAwMDAwWhcNMTkwNDEzMTAwMDAwWjBUMQswCQYDVQQGEwJC RTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEqMCgGA1UEAxMhR2xvYmFsU2lnbiBQZXJzb25h bFNpZ24gMSBDQSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8aUcr5BvPNGj x0+LH0uRqeZCHrYQ7KN3QuahfxY8fAzAbnvNDzGdEMyKn3+YX+k/QbAGNJOSFRxrAfhviF7WGcqD lin3HracDqMRgwrknWuFeqxhN2J7uXs3Y0zluJEkEittRXv+ZdXOG/Gp3gtoz5P9noc5jBbfWQpQ BhcaJA2ucABbUVTHDTxi7dBY8mTWq6kRAkGWBybHwq0YX+jaHudtQw0oBEmxjpJFP9qIXu0ckU/+ OhtnAhrgzrsd4oAyqgc6u4dBYERcjDJFohihjbzPozgKDSSbdr44uO3p9Bg6ibjCxn2besLrIE7u poxvV09Fsf7hDeD/jcvs64z8pQIDAQABo4HlMIHiMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8E CDAGAQH/AgEAMB0GA1UdDgQWBBTsrJjMJ3KTz1YyzSPHnY1FhfQiAzBHBgNVHSAEQDA+MDwGBFUd IAAwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8w MwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5nbG9iYWxzaWduLm5ldC9yb290LmNybDAfBgNV HSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUFAAOCAQEAr7unyEtmt9Ia 7hmNpqP+xMd0t5hLM0QBY8G3Dlg70XI6F+ZeSZeeXgCtUT/JhdQ+HsJ8+c6HypDuvg/OZ0gILDFI a9LDfRWm+tHIgxKaJjtCy0izg838dLwwnt/O3kA9N/htEYev2lsmWYCV9cVUm5V1tW3XuYNg6Sbt cDRH+Ki1RED9es3R0BgHSm012KPxsiAOOxuhm1D3Iqs1qe6ms5WTKXVgwb/j/kplOa13nshhc8zU LVO+oAlD4+7czNK2RJiTvhJiDJDRTZy3DJ3BCQ8rXOGdWzDEI5uiB8TZ0s327g44Ylc6dgKgYelN n9RLYjNETX8OIJZlr0tFYpcYrDCCBJ4wggOGoAMCAQICEGZgT+TGYtW+XJFC/uaWLhwwDQYJKoZI hvcNAQEFBQAwVDELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExKjAoBgNV BAMTIUdsb2JhbFNpZ24gUGVyc29uYWxTaWduIDEgQ0EgLSBHMjAeFw0xMzA3MDIxMzA4NTBaFw0x NjA3MDIxMzA4NTBaMDoxGDAWBgNVBAMMD3dpbHRvbkBpc29jLm9yZzEeMBwGCSqGSIb3DQEJARYP d2lsdG9uQGlzb2Mub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXFv/b3D0Hgt yFZ0fwd7y1X2zNMap0xTZn4a5nonOFedmZA626x88a0jv9GRNWpzjAu2AycDSdLH1qlWPurMLIiX 5JsEKlByX879TizmNbHlUnIpDQwXq4ODfsrPstSNyh88Cov4WXAqr1T3CREjN5We7L7h/hfTc2rC iCPXqbSnob6OhOAi46PWoed2SGqorNQYlETt6h2KU+U+iY4jyRqHIgPG82ylCXoWJC3zl2+e48PS Qy62a/4dUGIoMLLPztIIgzJS6Hq58ZgO8tkNwoED5OdtbbY1MYzAifb3bQQjOjZyM31kapseEeiy DYqHel5Gpoz1GfW2Qv0NMZ0ANwIDAQABo4IBhDCCAYAwDgYDVR0PAQH/BAQDAgWgMEwGA1UdIARF MEMwQQYJKwYBBAGgMgEoMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29t L3JlcG9zaXRvcnkvMBoGA1UdEQQTMBGBD3dpbHRvbkBpc29jLm9yZzAJBgNVHRMEAjAAMB0GA1Ud JQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLmds b2JhbHNpZ24uY29tL2dzL2dzcGVyc29uYWxzaWduMWcyLmNybDBVBggrBgEFBQcBAQRJMEcwRQYI KwYBBQUHMAKGOWh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzcGVyc29uYWxz aWduMWcyLmNydDAdBgNVHQ4EFgQUQjRxfdqFc6xPpajaSzuD2wzsV4owHwYDVR0jBBgwFoAU7KyY zCdyk89WMs0jx52NRYX0IgMwDQYJKoZIhvcNAQEFBQADggEBAFmkOj2M8636zFdLGl30Hc/njsvX 8mlA76DAUuV/d3EtbtyVrURAvugN+Q6yfl5pSSvqjr2vQzREdJZcw+eEGsqw0BMNvN3BOs9WiK9a m/BKsQr22W/k006T8aJIluvEPj0wIoJ6jM/1O4ll6vpYmeGFzZ//5OnZmgRbfwD6u4lblbFzb1rW bMkO7wyMgzwcnmDpENlIoqL0poqDz0TfagKG2/0UKS2OYmZW7WfmkKxq3ODoRp4XLTyrSycDUsB1 7VIjQG9Wx7FNZREfYf/OLOFHatoMLIiGCvLTMc/f3ijGadNGSTTZ5SE3Y7vXM7KmSsraGRhV2BQI iapDLC2ImnkxggLkMIIC4AIBATBoMFQxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWdu IG52LXNhMSowKAYDVQQDEyFHbG9iYWxTaWduIFBlcnNvbmFsU2lnbiAxIENBIC0gRzICEGZgT+TG YtW+XJFC/uaWLhwwCQYFKw4DAhoFAKCCAVEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkq hkiG9w0BCQUxDxcNMTQwMzIxMTYwMzM5WjAjBgkqhkiG9w0BCQQxFgQU9szNNgDyt13p+L8TVq+w f+FbPaAwdwYJKwYBBAGCNxAEMWowaDBUMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2ln biBudi1zYTEqMCgGA1UEAxMhR2xvYmFsU2lnbiBQZXJzb25hbFNpZ24gMSBDQSAtIEcyAhBmYE/k xmLVvlyRQv7mli4cMHkGCyqGSIb3DQEJEAILMWqgaDBUMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQ R2xvYmFsU2lnbiBudi1zYTEqMCgGA1UEAxMhR2xvYmFsU2lnbiBQZXJzb25hbFNpZ24gMSBDQSAt IEcyAhBmYE/kxmLVvlyRQv7mli4cMA0GCSqGSIb3DQEBAQUABIIBAIyadCVN8uXC6saDH6l189U3 izGYNZ5XXCpNtVEJFXYDWL343fkSmsNUe5fcK6td+6wybayCXcCh0WTDKuKpsLFvZt3IcomsmqQ0 c3sI1ODFxI6uq+S4So+evVXROOD48v2JEU9JsPOQAhAf2+3JuOA9ITWWsmM4BXbVmpaleoqS8QMR CgvEUIxbFI2oQAsd1TXbUANUCNwHjMmcQtBpCeZmCo8ZGwWvhDrCEPgC38YNdCJIe4naA47EHKas DoJkVfpM7mnv3jW7ibmKVPAJ2T+ScjDp2hGMF8aUguBl+F2L202/6tYokG2T1QvAStEOw2XX6QMF DLSEZQ+VJk2SpOoAAAAAAAA= --Apple-Mail=_C71AD829-FE3C-44E1-91A6-FBC644A5CF30-- From nobody Fri Mar 21 09:39:56 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A5741A09ED for ; Fri, 21 Mar 2014 09:39:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.338 X-Spam-Level: X-Spam-Status: No, score=-2.338 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MP-amQej5aMb for ; Fri, 21 Mar 2014 09:39:52 -0700 (PDT) Received: from imap.thunk.org (imap.thunk.org [IPv6:2600:3c02::f03c:91ff:fe96:be03]) by ietfa.amsl.com (Postfix) with ESMTP id A7EE41A09EA for ; Fri, 21 Mar 2014 09:39:52 -0700 (PDT) Received: from root (helo=closure.thunk.org) by imap.thunk.org with local-esmtp (Exim 4.80) (envelope-from ) id 1WR2Ts-0006SA-AL; Fri, 21 Mar 2014 16:39:40 +0000 Received: by closure.thunk.org (Postfix, from userid 15806) id D1F9F580AA0; Fri, 21 Mar 2014 12:39:32 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=thunk.org; s=mail; t=1395419972; bh=5W2EjfMw/8B0FeK0wZgnYbrhg33wvQNkbxEUQmBbBCE=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=To2MyHIgIOL4jo3QO/ZM3R30N8QMya/veZPdjYnlBJDi/tF6BLIQ5L1LcNiIRPuDq ow0DO5MCVmvu4ZqsDlI3kUBdijMt60kd+zQbehcZYV/X95VKH0OJDomtRzlKB1M8Z1 94b6ouxhsntOtm80Dfzh3EACM2uD7KGk4JQ1Dcds= Date: Fri, 21 Mar 2014 12:39:32 -0400 From: tytso@mit.edu To: Nicholas Weaver Message-ID: <20140321163932.GA29889@thunk.org> References: <532BCC66.8070106@cis-india.org> <88D5C8D3-2863-412F-9B8D-7A72E1356F70@isoc.org> <52D70C79-2156-4C8C-848E-CAA2C71A10C2@icsi.berkeley.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <52D70C79-2156-4C8C-848E-CAA2C71A10C2@icsi.berkeley.edu> User-Agent: Mutt/1.5.22 (2013-10-16) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: tytso@thunk.org X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/NeRO2wHh5GDShkZ0u9q8uwb7ZW0 Cc: Robin Wilton , "" , Pranesh Prakash Subject: Re: [perpass] Gmail is now HTTPS-only X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Mar 2014 16:39:54 -0000 On Fri, Mar 21, 2014 at 06:00:04AM -0700, Nicholas Weaver wrote: > > To reply with the obvious: It is IMPOSSIBLE to secure data at rest > in the context of a webmail system: server control can always enable > accessing of all documents when the user logs in to check their > webmail. It all depends on what you mean by "encrypting data at rest". It begs the question of who has access to the keys. For example, many hard drives can do full disk encryption, and so it's relatively easy to set up so the disk is encrypted when it is on the platter. I do that for the SSD in my laptop, for example. I do have enter enter my password when I power up my laptop, so if someone breaks into my machine while I'm logged in, it won't provide any protection. On the other hand, if someone steals my laptop while it is powered off, it _does_ provide protection. You can also encrypt at the cluster/cloud file system level, so if someone breaks into an individual GFS or Hadoopfs server (or more importantly, the system administrators of the cloud file system), they won't have access to the encrypted data. But if the mail backend server has the the encryption keys, then someone who breaks into the webmail server, it won't necessarily help. So in some sense, encrypting data at rest is actually pretty easy, adding encryption to hard drive access generally doesn't introduce a new bottleneck (where as adding encryption to web front ends or for intra-data center communications can actually be more difficult on that front). If you are worried about NSA doing bulk surveillance, protecting the web connections and and intra-data center communication is actually far more difficult. Regards, - Ted From nobody Fri Mar 21 11:10:55 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC6B21A09EF for ; Fri, 21 Mar 2014 11:10:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.448 X-Spam-Level: X-Spam-Status: No, score=-2.448 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O1AdpWHP6J85 for ; Fri, 21 Mar 2014 11:10:50 -0700 (PDT) Received: from toccata.fugue.com (toccata.fugue.com [204.152.186.142]) by ietfa.amsl.com (Postfix) with ESMTP id CFF021A0790 for ; Fri, 21 Mar 2014 11:10:50 -0700 (PDT) Received: from [IPv6:2001:470:88a3::2021:8070:ae9a:8a74] (unknown [IPv6:2001:470:88a3:0:2021:8070:ae9a:8a74]) by toccata.fugue.com (Postfix) with ESMTPSA id EDF4D23807EE; Fri, 21 Mar 2014 14:10:39 -0400 (EDT) Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\)) From: Ted Lemon In-Reply-To: Date: Fri, 21 Mar 2014 14:10:40 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: <20FCA714-E429-4F7F-94EF-1DBFF7E7F855@fugue.com> References: <532BCC66.8070106@cis-india.org> <88D5C8D3-2863-412F-9B8D-7A72E1356F70@isoc.org> <4EBDCBE9-F8F1-415A-B8D5-DBA881B7ED17@fugue.com> To: Richard Barnes X-Mailer: Apple Mail (2.1874) Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/1_-50seATNWowdK0zK706fA-j4U Cc: Robin Wilton , "" , Pranesh Prakash Subject: Re: [perpass] Gmail is now HTTPS-only X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Mar 2014 18:10:53 -0000 On Mar 21, 2014, at 10:53 AM, Richard Barnes wrote: > Which would you rather do, dig up a sub-sea cable, or tap a server = admin on the shoulder? Actually, they just put taps in Googles and Facebook's data centers. = No need to tap an undersea cable. They even did it on the far side of = SSL concentrators, where the traffic was flying unencrypted. So = encrypting traffic as Google is now doing certainly does address a = meaningful threat model. There are a lot of things you'd like your mail to do that can't be done = if you don't trust the machine where the mail is stored. If you want = both security and features, you probably need to run your own server, or = else you need some trust relationship with the service provider that = likely isn't practical in a lot of cases, and isn't even _possible_ if = your threat model is something on the level of not being victimized by = NSLs. From nobody Fri Mar 21 14:57:53 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF5E91A0048 for ; Fri, 21 Mar 2014 14:57:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EVgpd9Y1T2Xd for ; Fri, 21 Mar 2014 14:57:50 -0700 (PDT) Received: from palinka.tinho.net (palinka.tinho.net [166.84.6.13]) by ietfa.amsl.com (Postfix) with ESMTP id 995DE1A076D for ; Fri, 21 Mar 2014 14:57:50 -0700 (PDT) Received: by palinka.tinho.net (Postfix, from userid 126) id BF1F82280A4; Fri, 21 Mar 2014 17:57:39 -0400 (EDT) Received: from palinka.tinho.net (localhost [127.0.0.1]) by palinka.tinho.net (Postfix) with ESMTP id BCD6622809A for ; Fri, 21 Mar 2014 17:57:39 -0400 (EDT) From: dan@geer.org To: "" In-Reply-To: Your message of "Fri, 21 Mar 2014 14:10:40 EDT." <20FCA714-E429-4F7F-94EF-1DBFF7E7F855@fugue.com> Date: Fri, 21 Mar 2014 17:57:39 -0400 Message-Id: <20140321215739.BF1F82280A4@palinka.tinho.net> Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/b7Gd2tA0j63n0mxZqhvhP6tQeDo Subject: Re: [perpass] Gmail is now HTTPS-only X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Mar 2014 21:57:52 -0000 TL writes: > There are a lot of things you'd like your mail to do that can't > be done if you don't trust the machine where the mail is stored. > If you want both security and features, you probably need to run > your own server, or else you need some trust relationship with the > service provider that likely isn't practical in a lot of cases, > and isn't even _possible_ if your threat model is something on the > level of not being victimized by NSLs. One might suggest never sending the same message twice. Why? Because sending it twice, even if encrypted, allows a kind of analysis by correlation that cannot otherwise happen. Maybe that's too paranoid, so let's back off a little. One might suggest that the individual or the enterprise that outsources its e-mail to a third party thereby creates by itself and for itself the risk of silent subpoenas delivered to their outsourcer. If, instead, the individual or the enterprise insources its e-mail then at the very least it knows when its data assets are being sought because the subpoena comes to them. Maybe insourcing your e-mail is too much work, but need I remind you that plaintext e-mail cannot be web-bugged, so why would anyone ever render HTML e-mail at all? The above is an excerpted paragraph from my speech to the RSA Conf on 28 Feb, meaning nothing more than that I'm on the record. We Are All Intelligence Officers Now http://geer.tinho.net/geer.rsa.28ii14.txt --dan From nobody Fri Mar 21 15:22:14 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34C191A07F9 for ; Fri, 21 Mar 2014 15:22:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -110.048 X-Spam-Level: X-Spam-Status: No, score=-110.048 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_WHITELIST=-100] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5DuhWaz8dEB4 for ; Fri, 21 Mar 2014 15:22:10 -0700 (PDT) Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) by ietfa.amsl.com (Postfix) with ESMTP id 012981A0783 for ; Fri, 21 Mar 2014 15:22:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2505; q=dns/txt; s=iport; t=1395440520; x=1396650120; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=bscwBOwCjsI7u0+q1VMYA1dpiHgVAUrYFKKtO0j60s0=; b=mWX0sv+Hr3klY7hO5qKwJ5eg0gIKqXNlZqjTgUoZOjCUJw76awERDMLu l1+dhrN2+ebSuMniXW5emEtGKbg0snOl9to0FgMmFQYPBA1Rx8HcUwZYn 7OhmcwI1mZvU8jRR1FAvnDNHcr/tvKskqKd9GqtKTD+303oS7AusBV9in k=; X-Files: signature.asc : 195 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AisFAKK6LFOtJXG9/2dsb2JhbABZgwY7V8JjgRkWdIIlAQEBAwF5BQsCAQgOCi4yJQIEDgUOh2MIz14XjX4KEAIBTweDJIEUBJBTgTSGQpIxgy2Bcjk X-IronPort-AV: E=Sophos;i="4.97,706,1389744000"; d="asc'?scan'208";a="29449852" Received: from rcdn-core2-2.cisco.com ([173.37.113.189]) by alln-iport-5.cisco.com with ESMTP; 21 Mar 2014 22:22:00 +0000 Received: from xhc-aln-x01.cisco.com (xhc-aln-x01.cisco.com [173.36.12.75]) by rcdn-core2-2.cisco.com (8.14.5/8.14.5) with ESMTP id s2LMM0xL029486 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 21 Mar 2014 22:22:00 GMT Received: from xmb-rcd-x09.cisco.com ([169.254.9.247]) by xhc-aln-x01.cisco.com ([173.36.12.75]) with mapi id 14.03.0123.003; Fri, 21 Mar 2014 17:21:59 -0500 From: "Fred Baker (fred)" To: Ted Lemon Thread-Topic: [perpass] Gmail is now HTTPS-only Thread-Index: AQHPRMWPXfJLH3O9PkCl7xS7CUC8g5rrvwEAgAANHQCAAKYYAA== Date: Fri, 21 Mar 2014 22:21:59 +0000 Message-ID: References: <532BCC66.8070106@cis-india.org> <88D5C8D3-2863-412F-9B8D-7A72E1356F70@isoc.org> <4EBDCBE9-F8F1-415A-B8D5-DBA881B7ED17@fugue.com> In-Reply-To: <4EBDCBE9-F8F1-415A-B8D5-DBA881B7ED17@fugue.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [10.19.64.125] Content-Type: multipart/signed; boundary="Apple-Mail=_B20C5191-42C7-49B9-9CE5-2DE64B71B313"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/aDsuMA6S3cCR0uvtCaGESLCdvQA Cc: Robin Wilton , "" , Pranesh Prakash Subject: Re: [perpass] Gmail is now HTTPS-only X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Mar 2014 22:22:12 -0000 --Apple-Mail=_B20C5191-42C7-49B9-9CE5-2DE64B71B313 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 On Mar 21, 2014, at 5:27 AM, Ted Lemon wrote: > On Mar 21, 2014, at 7:40 AM, Robin Wilton wrote: >> Even if an email goes from my browser to Google's servers over https, = and goes between Google's servers over https, I did not see a commitment = to encryption of the email when it is at rest, rather than in motion... >=20 > Best is the enemy of good enough. To compromise your mail on the = server, they have to compromise the server. To compromise it in = flight, they just have to tap the network. But what we know of access to email and other information is that = =93they=94, whether identified as NSA or random other governments, hack = the server. This sounds like a matter of looking where one is thinking about. = There=92s an old story that exemplifies it well. A passerby tries to = help a drunk find his keys. The drunk is looking near a street lamp. = Asked where he was when he lost them, he points down a dark alley. =93Why = are you looking here?=94 =93The light is so much better=94=85 Encrypting data in flight is a good thing. Encrypting data in flight end = to end is a better thing. If you=92re trying to encrypt it where =93they=94= look at it, you need to think about encryption at rest. Reason? Per = reports, that=92s where they look at it. China broke into various = companies=92 computers, as did the NSA. I find this whole discussion minorly inane. Yes, encryption is a good = thing, and yes, after however-many-years of talking about it, I=92d like = to see it done. The problem that brought this up, the Snowden reports, = was that the NSA (and the EU) were accessing *metadata*.=20 Wouldn=92t it be interesting to solve the problem at hand rather than = the one we think we might already know how to solve? --Apple-Mail=_B20C5191-42C7-49B9-9CE5-2DE64B71B313 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="signature.asc" Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iD8DBQFTLLuEbjEdbHIsm0MRApQ4AKDma2SttKE1CTe5e76OwbIpSpS7YACgvpZX tBw7jDassGARu7YcaJFmEwI= =NURl -----END PGP SIGNATURE----- --Apple-Mail=_B20C5191-42C7-49B9-9CE5-2DE64B71B313-- From nobody Fri Mar 21 15:39:47 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5A681A0783 for ; Fri, 21 Mar 2014 15:39:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.338 X-Spam-Level: X-Spam-Status: No, score=-2.338 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dSXZ76g2ESOt for ; Fri, 21 Mar 2014 15:39:43 -0700 (PDT) Received: from imap.thunk.org (imap.thunk.org [IPv6:2600:3c02::f03c:91ff:fe96:be03]) by ietfa.amsl.com (Postfix) with ESMTP id 6A30E1A0751 for ; Fri, 21 Mar 2014 15:39:43 -0700 (PDT) Received: from root (helo=closure.thunk.org) by imap.thunk.org with local-esmtp (Exim 4.80) (envelope-from ) id 1WR861-0008Cu-Ha; Fri, 21 Mar 2014 22:39:25 +0000 Received: by closure.thunk.org (Postfix, from userid 15806) id 816F3580B86; Fri, 21 Mar 2014 18:39:24 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=thunk.org; s=mail; t=1395441564; bh=soaxlK85zZr4S/yQtE3P0C3hbRsO2F+CytmCByZo1Ts=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=LD5eAuplevp5pk0I2WoMbtA0tbWbOqZQ0iUWAdTsSV8Mp2zKQlkXdX0hpBDc/rWM9 tjQyoC1ayn5P7JEqnRCQd8lobtehhE9Jc3nZ5tZTLQy5OzOvK1dwrIkY6wpb7JgI4D +DN27nRkuOsdUqRwFh7Tybty/5K9DLE2LEmtBCvo= Date: Fri, 21 Mar 2014 18:39:24 -0400 From: tytso@mit.edu To: "Fred Baker (fred)" Message-ID: <20140321223924.GB22730@thunk.org> References: <532BCC66.8070106@cis-india.org> <88D5C8D3-2863-412F-9B8D-7A72E1356F70@isoc.org> <4EBDCBE9-F8F1-415A-B8D5-DBA881B7ED17@fugue.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.22 (2013-10-16) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: tytso@thunk.org X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/XRT72SASZp7xk4L6V08GoZQlvc8 Cc: Robin Wilton , "" , Ted Lemon , Pranesh Prakash Subject: Re: [perpass] Gmail is now HTTPS-only X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Mar 2014 22:39:46 -0000 On Fri, Mar 21, 2014 at 10:21:59PM +0000, Fred Baker (fred) wrote: > > Encrypting data in flight is a good thing. Encrypting data in flight > end to end is a better thing. If you’re trying to encrypt it where > “they” look at it, you need to think about encryption at > rest. Reason? Per reports, that’s where they look at it. China broke > into various companies’ computers, as did the NSA. China has broken into systems to steal trade secrets, including allgedly, fairly detailed copies of the F-35 Joint Strike Fighter. But I'm not aware of any reports where China has broken into webmail servers. They have hacked the login username/passwords of various activsts and used to to steal their e-mail, but that's a somewhat different thing. Similarly, I'm not aware of any published reports, including coming from the Snowden revelations, which detailed NSA breaking into servers. They are spying on unencrypted communication data servers, and they have been impersonating servers at Facebook and Google, thanks to the deplorable nature of our CA architecture and the security of CA issuers, but that's a somewhat different thing. Yes, some of these problems can be solved if the users do end-to-end encryption using tools like GPG or S/MIME. However, the usability of such systems is pretty horrible. Fixing this is fundamentally much more of an implementation issue than a protocol issue, so it's not clear to me how much the IETF can do to improve things in terms of user controlled end-point encryption. > I find this whole discussion minorly inane. Yes, encryption is a > good thing, and yes, after however-many-years of talking about it, > I’d like to see it done. The problem that brought this up, the > Snowden reports, was that the NSA (and the EU) were accessing > *metadata*. When the NSA was impersonating Yahoo servers, to capture video from web chats and impersonating Facebook and Google servers, the NSA was capturing *data*, not just *metadata*. It's important to remember than when the NSA says, "we're only capturing metadata under the authorities ", remember that that says absolutely nothing about what they might be doing under some other authority that they might have. They are as slippery as a crooked lawyer.... - Ted From nobody Fri Mar 21 16:09:26 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C2491A078A for ; Fri, 21 Mar 2014 16:09:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.5 X-Spam-Level: * X-Spam-Status: No, score=1.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FH_RELAY_NODNS=1.451, HELO_IS_SMALL6=0.556, J_CHICKENPOX_61=0.6, RDNS_NONE=0.793] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pjACwFqEb_CA for ; Fri, 21 Mar 2014 16:09:23 -0700 (PDT) Received: from hoba.ie (unknown [92.51.243.15]) by ietfa.amsl.com (Postfix) with ESMTP id 117311A0753 for ; Fri, 21 Mar 2014 16:09:23 -0700 (PDT) Received: from [10.87.48.12] (unknown [86.45.63.226]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: stephen) by hoba.ie (Postfix) with ESMTPSA id E1C3AE01ED; Fri, 21 Mar 2014 23:09:11 +0000 (GMT) Message-ID: <532CC697.6090509@cs.tcd.ie> Date: Fri, 21 Mar 2014 23:09:11 +0000 From: Stephen Farrell User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: "Fred Baker (fred)" , Ted Lemon References: <532BCC66.8070106@cis-india.org> <88D5C8D3-2863-412F-9B8D-7A72E1356F70@isoc.org> <4EBDCBE9-F8F1-415A-B8D5-DBA881B7ED17@fugue.com> In-Reply-To: X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/egFBKvzuTFABhKknJZYzWJrNB1w Cc: Robin Wilton , "" , Pranesh Prakash Subject: Re: [perpass] Gmail is now HTTPS-only X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Mar 2014 23:09:24 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Fred, On 03/21/2014 10:21 PM, Fred Baker (fred) wrote: > Wouldn?t it be interesting to solve the problem at hand rather > than the one we think we might already know how to solve? You're correct. Unfortunately, for mail, despite decades of work on e2e security we are no nearer to a technology that is likely to be very widely used/deployed. I wish that were not the case, but it is. And that's the case for fairly well understood reasons that were rehearsed on this list late last year. (Can't recall when, sorry.) At the same time, I'd encourage those brave enough to be working on that problem to keep at it - one of you will probably get right eventually. S. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQEcBAEBAgAGBQJTLMaUAAoJEC88hzaAX42iyYQIAL4Zagr3yBqUcnQxXnJ3k0A3 cYzO7e3yV9nfD+jLgvj42CWffRYLe9mqEbHfwljNgURPkMx0CXwDafHje6Zm6uaf kuiguIHxqLu9AAuifLiQl2e9KsTHo9DRHjP+VuUU4tSxjEWbZ05PjT7iW8JiXBZp IYFABgF47exxyAjhl4a1W4ylqkpwDODFDXMTg+yhJCkNr4uDlF4zlWL2r90P57Wl dmXuD7p58Zm3tXx7tjAFwSp4nyzmtCX6Qftk+1kZRvbPIEFjNa6vzZgAhlN8DNPN qkzcVkw9WBREkm12f0yevnRp6zskvlMgQYAa29U8sGSEln8X9HJy7iLulBFTe9A= =wRap -----END PGP SIGNATURE----- From nobody Fri Mar 21 16:18:11 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 855B11A06DF for ; Fri, 21 Mar 2014 16:18:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.777 X-Spam-Level: X-Spam-Status: No, score=-0.777 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_CHICKENPOX_61=0.6, J_CHICKENPOX_72=0.6, RCVD_IN_DNSWL_LOW=-0.7] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kwUqQgTbWLvR for ; Fri, 21 Mar 2014 16:18:07 -0700 (PDT) Received: from mail-ve0-f171.google.com (mail-ve0-f171.google.com [209.85.128.171]) by ietfa.amsl.com (Postfix) with ESMTP id 7E3D11A08F5 for ; Fri, 21 Mar 2014 16:18:07 -0700 (PDT) Received: by mail-ve0-f171.google.com with SMTP id cz12so3308678veb.16 for ; Fri, 21 Mar 2014 16:17:57 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=IjSo493KRaYR+lBIsTja3PBfSYa7hjgucgWRF159Zek=; b=Bh5PHBT9D4nRPHWonJot2LWR1sOF/in7mS/Bkw31cUYJ/+9QIN/XfcqJpnswS2W6xX kDsXcITuB6xkXksSBj/LhwuajABPA8zaS+yrJhEW7LTjwKko1leoPvbJF1Nwn/GQAkoa ikCPj6RfLlUGPH0xAaiavieBcgNrz8OE4xAijLf3cjyZN+aiIhslC8I05zmbBTBZLiVK NGTdNq3+jcsYe+a5ygIYdO26urZkeBADTuvnvi0KWRjyVm4zvbIiOyTz/zkczRdenNU1 C0Jxde3vM2orBCAqupLpMsUcmixA7PbGIGzegKvYbBvdR78Lx2ifpLQGP+f9rhwfpeY2 XZBg== X-Gm-Message-State: ALoCoQmoigscZH/CrRfVcIP2Ppfeh+RDXFNZJpTpab1l11aMNIsymyB2CjJdnSUiNZrxtDAh9lcS X-Received: by 10.220.161.8 with SMTP id p8mr39311331vcx.4.1395443877645; Fri, 21 Mar 2014 16:17:57 -0700 (PDT) MIME-Version: 1.0 Received: by 10.220.98.73 with HTTP; Fri, 21 Mar 2014 16:17:37 -0700 (PDT) X-Originating-IP: [24.84.235.32] In-Reply-To: <532CC697.6090509@cs.tcd.ie> References: <532BCC66.8070106@cis-india.org> <88D5C8D3-2863-412F-9B8D-7A72E1356F70@isoc.org> <4EBDCBE9-F8F1-415A-B8D5-DBA881B7ED17@fugue.com> <532CC697.6090509@cs.tcd.ie> From: Tim Bray Date: Fri, 21 Mar 2014 16:17:37 -0700 Message-ID: To: Stephen Farrell Content-Type: multipart/alternative; boundary=001a11c20810a1a53104f52618a5 Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/gHjXtcclWDhuwoYFXjiUgn0gdwo Cc: Robin Wilton , "" , Ted Lemon , "Fred Baker \(fred\)" , Pranesh Prakash Subject: Re: [perpass] Gmail is now HTTPS-only X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Mar 2014 23:18:09 -0000 --001a11c20810a1a53104f52618a5 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Slightly off-topic, but there=E2=80=99s this thing called keybase.io that i= s doing what feels like a pretty good job to me of wrapping up GPG in a palatable UI (web & command line) with a key directory so that while I, for example, have never taken the trouble to install E2E encryption in my mail, I can see using keybase to encrypt particularly sensitive stuff. Don=E2=80=99t k= now if they=E2=80=99ve got just the right set of features, but it feels like there= =E2=80=99s an 80/20 point lurking out there somewhere. My blog on the subject is (I hope) an OK introduction: https://www.tbray.org/ongoing/When/201x/2014/03/19/Keybase On Fri, Mar 21, 2014 at 4:09 PM, Stephen Farrell wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > Hi Fred, > > On 03/21/2014 10:21 PM, Fred Baker (fred) wrote: > > Wouldn?t it be interesting to solve the problem at hand rather > > than the one we think we might already know how to solve? > > You're correct. Unfortunately, for mail, despite decades of work > on e2e security we are no nearer to a technology that is likely to > be very widely used/deployed. I wish that were not the case, but > it is. And that's the case for fairly well understood reasons that > were rehearsed on this list late last year. (Can't recall when, > sorry.) > > At the same time, I'd encourage those brave enough to be working > on that problem to keep at it - one of you will probably get right > eventually. > > S. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.14 (GNU/Linux) > > iQEcBAEBAgAGBQJTLMaUAAoJEC88hzaAX42iyYQIAL4Zagr3yBqUcnQxXnJ3k0A3 > cYzO7e3yV9nfD+jLgvj42CWffRYLe9mqEbHfwljNgURPkMx0CXwDafHje6Zm6uaf > kuiguIHxqLu9AAuifLiQl2e9KsTHo9DRHjP+VuUU4tSxjEWbZ05PjT7iW8JiXBZp > IYFABgF47exxyAjhl4a1W4ylqkpwDODFDXMTg+yhJCkNr4uDlF4zlWL2r90P57Wl > dmXuD7p58Zm3tXx7tjAFwSp4nyzmtCX6Qftk+1kZRvbPIEFjNa6vzZgAhlN8DNPN > qkzcVkw9WBREkm12f0yevnRp6zskvlMgQYAa29U8sGSEln8X9HJy7iLulBFTe9A=3D > =3DwRap > -----END PGP SIGNATURE----- > > _______________________________________________ > perpass mailing list > perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass > --001a11c20810a1a53104f52618a5 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Sli= ghtly off-topic, but there=E2=80=99s this thing called keybase.io that is doing what feels like a pretty good job to= me of wrapping up GPG in a palatable UI (web & command line) with a ke= y directory so that while I, for example, have never taken the trouble to i= nstall E2E encryption in my mail, I can see using keybase to encrypt partic= ularly sensitive stuff. =C2=A0Don=E2=80=99t know if they=E2=80=99ve got jus= t the right set of features, but it feels like there=E2=80=99s an 80/20 poi= nt lurking out there somewhere. =C2=A0My blog on the subject is (I hope) an= OK introduction:=C2=A0https://www.tbray.org/ongoing/When/201x/2014/03/19/Keyba= se


On Fri,= Mar 21, 2014 at 4:09 PM, Stephen Farrell <stephen.farrell@cs.tcd.= ie> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi Fred,

On 03/21/2014 10:21 PM, Fred Baker (fred) wrote:
> Wouldn?t it be interesting to solve the problem at hand rather
> than the one we think we might already know how to solve?

You're correct. Unfortunately, for mail, despite decades of work
on e2e security we are no nearer to a technology that is likely to
be very widely used/deployed. I wish that were not the case, but
it is. And that's the case for fairly well understood reasons that
were rehearsed on this list late last year. (Can't recall when,
sorry.)

At the same time, I'd encourage those brave enough to be working
on that problem to keep at it - one of you will probably get right
eventually.

S.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQEcBAEBAgAGBQJTLMaUAAoJEC88hzaAX42iyYQIAL4Zagr3yBqUcnQxXnJ3k0A3
cYzO7e3yV9nfD+jLgvj42CWffRYLe9mqEbHfwljNgURPkMx0CXwDafHje6Zm6uaf
kuiguIHxqLu9AAuifLiQl2e9KsTHo9DRHjP+VuUU4tSxjEWbZ05PjT7iW8JiXBZp
IYFABgF47exxyAjhl4a1W4ylqkpwDODFDXMTg+yhJCkNr4uDlF4zlWL2r90P57Wl
dmXuD7p58Zm3tXx7tjAFwSp4nyzmtCX6Qftk+1kZRvbPIEFjNa6vzZgAhlN8DNPN
qkzcVkw9WBREkm12f0yevnRp6zskvlMgQYAa29U8sGSEln8X9HJy7iLulBFTe9A=3D
=3DwRap
-----END PGP SIGNATURE-----

_______________________________________________
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass

--001a11c20810a1a53104f52618a5-- From nobody Fri Mar 21 16:21:40 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1A551A0444 for ; Fri, 21 Mar 2014 16:21:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.747 X-Spam-Level: X-Spam-Status: No, score=-4.747 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.547] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ekBL8OcpU2bz for ; Fri, 21 Mar 2014 16:21:33 -0700 (PDT) Received: from grey.uoregon.edu (grey.uoregon.edu [128.223.214.89]) by ietfa.amsl.com (Postfix) with SMTP id 308F41A01B1 for ; Fri, 21 Mar 2014 16:21:33 -0700 (PDT) Date: Fri, 21 Mar 2014 16:12:10 -0700 (PDT) Message-Id: <14032116120991_A4@oregon.uoregon.edu> From: "Joe St Sauver" To: nweaver@icsi.berkeley.edu X-VMS-To: SMTP%"nweaver@icsi.berkeley.edu" X-VMS-Cc: SMTP%"perpass@ietf.org" Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/F7J3XH611svnr-_sYy9RMkCnJVU Cc: perpass@ietf.org Subject: Re: [perpass] Gmail is now HTTPS-only X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Mar 2014 23:21:35 -0000 Hi and TGIF! :-) Nicholas commented in response to Robert Story: #> Unless the client does the decryption locally... If gmail offered this #> option, I'm sure browser plugin writers would meet the challenge quickly.. # #That is no longer webmail. It would have serious usability problems. #And to further put the obvious, even that provides no protection for #incoming messages. Speaking of plugins, isn't that precisely what the (free for personal Gmail accounts) Penango plugin currently does for S/MIME in Gmail via Firefox or IE? See https://www.penango.com/ (no relationship to that outfit, except as a user of their free product on my personal gmail account from time to time) Gmail with Penango sure looks and feels like web email, just with S/MIME support bolted on... As to protection for incoming messages, if both sides have an S/MIME compatible email user agent, it would certainly seem as if they should be able to encrypt outgoing email, at least once they've exchanged keys via an initial signed email, no? Regards, and hope everyone has a nice weekend, Joe Disclaimer: all opinions strictly my own From nobody Fri Mar 21 17:54:00 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DFB81A0910 for ; Fri, 21 Mar 2014 17:53:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.79 X-Spam-Level: X-Spam-Status: No, score=-1.79 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, T_DKIM_INVALID=0.01] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id svoi1VDtK0eb for ; Fri, 21 Mar 2014 17:53:57 -0700 (PDT) Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0597F1A08E1 for ; Fri, 21 Mar 2014 17:53:56 -0700 (PDT) Received: from SUBMAN.resistor.net (IDENT:sm@localhost [127.0.0.1]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id s2M0rNjM011542 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 21 Mar 2014 17:53:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1395449613; bh=ABCQA3l4Gc/EGgIZtxu7I4UnP6xUAwFBf70rU+/w1co=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=QjzdScOM7AB8dJg7RyIwasc+2B2dGCN4CtH/RSWi8o39EUIT3oJ3jlLcD2d6jguWl sv3U2Aii5qZFavcZnCWj+jM6tAgKCUh9PF0w28DQhpneISu9eoB7idS1477Qs13jqV cQQXvBiTS9FN86hhNOOYoUMAhqSuMlJSowC4HK60= DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=resistor.net; s=mail; t=1395449613; i=@resistor.net; bh=ABCQA3l4Gc/EGgIZtxu7I4UnP6xUAwFBf70rU+/w1co=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=FSKoOhElzFk3GZgaV9QnIze6iz9wX8JiRKoxr5YUgmgEyMfLIgbt0c75x5cFQW4gI EuyAhbhJWqnsD0i9a47WlJ+z7LSkW0VoetiEmNW5KNmU6R3rZtSWuEXR7QrsLJnVkk 05wT/eULOaECJv0m++h5O9NczTbbKP/vhk1QlY94= Message-Id: <6.2.5.6.2.20140321165350.0c248660@resistor.net> X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6 Date: Fri, 21 Mar 2014 17:52:11 -0700 To: Ted Lemon , Richard Barnes From: SM In-Reply-To: <20FCA714-E429-4F7F-94EF-1DBFF7E7F855@fugue.com> References: <532BCC66.8070106@cis-india.org> <88D5C8D3-2863-412F-9B8D-7A72E1356F70@isoc.org> <4EBDCBE9-F8F1-415A-B8D5-DBA881B7ED17@fugue.com> <20FCA714-E429-4F7F-94EF-1DBFF7E7F855@fugue.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/IMFAVRRRonlUnJtOvqj_zqx0Aa8 Cc: Robin Wilton , perpass@ietf.org, Pranesh Prakash Subject: Re: [perpass] Gmail is now HTTPS-only X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Mar 2014 00:53:58 -0000 Hi Ted, At 11:10 21-03-2014, Ted Lemon wrote: >Actually, they just put taps in Googles and Facebook's data >centers. No need to tap an undersea cable. They even did it on >the far side of SSL concentrators, where the traffic was flying >unencrypted. So encrypting traffic as Google is now doing >certainly does address a meaningful threat model. "We" did that because you left that window open [1]. :-) Time will tell whether the (new) threat model is a good one or not. >There are a lot of things you'd like your mail to do that can't be >done if you don't trust the machine where the mail is stored. If >you want both security and features, you probably need to run your >own server, or else you need some trust relationship with the >service provider that likely isn't practical in a lot of cases, and >isn't even _possible_ if your threat model is something on the level >of not being victimized by NSLs. Even if you run your own server you might still have to trust some body. I would not use the word "victimized" for NSLs [2]. There were papers published in 2009 in which subpoena threats were mentioned. A threat model which only considers data in flight does not qualify as a threat model. Regards, -sm 1. http://entertainment.guardianoffers.co.uk/csp/nmp/products/medium/AA_RM001699.jpg 2. http://www.washingtonpost.com/wp-dyn/content/article/2007/03/20/AR2007032000921.html From nobody Sat Mar 22 04:34:22 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DBBC1A08B1 for ; Sat, 22 Mar 2014 04:34:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.099 X-Spam-Level: X-Spam-Status: No, score=-0.099 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SiDdXVS_mBws for ; Sat, 22 Mar 2014 04:34:18 -0700 (PDT) Received: from mail-oa0-x233.google.com (mail-oa0-x233.google.com [IPv6:2607:f8b0:4003:c02::233]) by ietfa.amsl.com (Postfix) with ESMTP id 884541A06B4 for ; Sat, 22 Mar 2014 04:34:18 -0700 (PDT) Received: by mail-oa0-f51.google.com with SMTP id i4so3769751oah.38 for ; Sat, 22 Mar 2014 04:34:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=up0sjRCLbKbcdelIc5dqHLT5yQrPE30X8zfWldKAX4A=; b=dRqPmkXGcqfFgrbXNGDmKNR2b8VUrb87bcmcGszs4k93m2Ys63AN5x7rnSMOmtnOtl HsmDXMpN/tUfdJeDMqSabO5D/jL2UIGf+I/DCteZEH6MHlFzq1zxrYYY8CqqDE6nS3Fd zAnYWI+Zn7PxRJAhsZoq3P74AMYAeQJNZxeeFTwMv0hLgn9MS+uT/tctyeUMDSNUc8cR KLlmGPghyVb/lVo06xgEGqn+H2gd/VC5pRKOQ8dZ/SFrRz9/GJnlojatWnt9mVkelzXD Sg7znLY59IyV38+8qG7Cljh3IrtP6PxJekZkP6nd4E4NQZu9zYnEnEXaU6KvXJDoYCC0 w6sA== MIME-Version: 1.0 X-Received: by 10.182.16.33 with SMTP id c1mr17312083obd.4.1395488058112; Sat, 22 Mar 2014 04:34:18 -0700 (PDT) Received: by 10.182.48.9 with HTTP; Sat, 22 Mar 2014 04:34:17 -0700 (PDT) Received: by 10.182.48.9 with HTTP; Sat, 22 Mar 2014 04:34:17 -0700 (PDT) In-Reply-To: References: <532BCC66.8070106@cis-india.org> <88D5C8D3-2863-412F-9B8D-7A72E1356F70@isoc.org> <4EBDCBE9-F8F1-415A-B8D5-DBA881B7ED17@fugue.com> Date: Sat, 22 Mar 2014 07:34:17 -0400 Message-ID: From: Scott Brim To: "Fred Baker, (fred)" Content-Type: multipart/alternative; boundary=f46d04479f93fe02cf04f5306182 Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/n5a9mhUPtwC8X2RfvRN24ADEFow Cc: Robin Wilton , perpass , Ted Lemon , Pranesh Prakash Subject: Re: [perpass] Gmail is now HTTPS-only X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Mar 2014 11:34:20 -0000 --f46d04479f93fe02cf04f5306182 Content-Type: text/plain; charset=ISO-8859-1 On Mar 21, 2014 6:22 PM, "Fred Baker (fred)" wrote: > Wouldn't it be interesting to solve the problem at hand rather than the one we think we might already know how to solve? I interpret this as "Look, at least we're making progress on something." I doubt this lowers the feeling of urgency for other proven vulnerabilities. --f46d04479f93fe02cf04f5306182 Content-Type: text/html; charset=ISO-8859-1


On Mar 21, 2014 6:22 PM, "Fred Baker (fred)" <fred@cisco.com> wrote:
> Wouldn’t it be interesting to solve the problem at hand rather than the one we think we might already know how to solve?

I interpret this as "Look, at least we're making progress on something." I doubt this lowers the feeling of urgency for other proven vulnerabilities.

--f46d04479f93fe02cf04f5306182-- From nobody Sat Mar 22 14:22:02 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57BDB1A0A06; Sat, 22 Mar 2014 14:21:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.7 X-Spam-Level: X-Spam-Status: No, score=0.7 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CymO922pkm7i; Sat, 22 Mar 2014 14:21:56 -0700 (PDT) Received: from mail-oa0-x22d.google.com (mail-oa0-x22d.google.com [IPv6:2607:f8b0:4003:c02::22d]) by ietfa.amsl.com (Postfix) with ESMTP id B561F1A0A08; Sat, 22 Mar 2014 14:21:56 -0700 (PDT) Received: by mail-oa0-f45.google.com with SMTP id eb12so3815516oac.4 for ; Sat, 22 Mar 2014 14:21:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=IMBim/+oPwzR1eD6tKBB6ldvW+O/io6eQYkJKp2S3hI=; b=oUlz1J8x/aaG/b8r/Y5/Zs/25rsSSMWhWXhIypopzF+vVQiBJGWQk+KescY/S/DiPN +YSeKOlEjQw5khvQPLEnLTdn+k1D/YSJLzEUvbfhcxoYgXetNJMtJmU7Rd16160C0NN7 yG16N3ZM+ATCtJPgaQT9QuqWsKXHMRJPZtuQwYT/78qFT0lNruJvFHfjpIek7iG/Wu7T E7CLL/iVRYZ0FMa+1Dc4tI1I+eOOl7EfcG+j6psEuOSayMyr15r/1DlMZQEBjQyy9Gr+ miN4jHjEatf6RNX4Sn2X2GTgby1JI/Ie2Ge2rU5yiGN8uvl6lBCtYmOGpYKEl2e5oNPL Gemw== X-Received: by 10.60.142.166 with SMTP id rx6mr52840oeb.57.1395523316448; Sat, 22 Mar 2014 14:21:56 -0700 (PDT) MIME-Version: 1.0 Received: by 10.182.48.9 with HTTP; Sat, 22 Mar 2014 14:21:36 -0700 (PDT) From: Scott Brim Date: Sat, 22 Mar 2014 17:21:36 -0400 Message-ID: To: ietf-privacy@ietf.org, perpass Content-Type: text/plain; charset=ISO-8859-1 Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/1NgVT8wlG0_X6TxAzeoKPgsZls0 Subject: [perpass] Wiki for managing PPM reviews of existing RFCs X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Mar 2014 21:21:58 -0000 (I'm sending to both perpass and ietf-privacy for this announcement, but follow-up should be only to ietf-privacy) Greetings. At the London IETF we had a Monday lunch meeting to talk about doing systematic reviews of existing RFCs. We finally have a wiki page for tracking that activity. It is at . We are using the Trac ticket system. If you have used tickets for working group issues, it's essentially the same but with a few different parameters. There are instructions on how to fill out a ticket on the web page. If you were at the Monday lunch and announced an intention to working on a particular set of RFCs, now there's a home for your reviews. If you couldn't commit to doing reviews but want to do some, here is your chance! (If you don't have a login on the wiki, it's easy to register.) In both cases, please add a ticket when you _start_ your review -- don't wait until you finish, people will want to know all about it from the start. Thanks, Scott and Avri From nobody Sat Mar 22 17:45:13 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A4811A6EF5 for ; Sat, 22 Mar 2014 17:45:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -109.511 X-Spam-Level: X-Spam-Status: No, score=-109.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_WHITELIST=-100] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tyVLzt3n_dEd for ; Sat, 22 Mar 2014 17:45:08 -0700 (PDT) Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) by ietfa.amsl.com (Postfix) with ESMTP id CC5AE1A072C for ; Sat, 22 Mar 2014 17:45:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1135; q=dns/txt; s=iport; t=1395535508; x=1396745108; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=Gw8hRtDH/jpBSwBSmB0sEKQSqwDYlaWF8DyQrWbM9Kc=; b=FiHEQuO+SEM4Z8nDmdfVjDstxwEeBd6rTDvqTLPgNgRjBaKrnaGZudA4 WK6kItLC9PEloZLcu+HyhP0IY/gNTpX1fe/4+QEvr3jiVq9+eRbeAYoag nibn3KPx0P4ZTSSFj2O7N+5wFQBmf8rMzi41lUKP/+8TVVtY6N7o+1AL6 Q=; X-Files: signature.asc : 195 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AgQFAHItLlOtJV2Z/2dsb2JhbABYgwY7V8JtgRMWdIIlAQEBAwF5BQsCAQgOCi4yJQIEDgUOh2MIDc1lF456B4MkgRQEkFOBNAKGQZIxgy2CKw X-IronPort-AV: E=Sophos;i="4.97,711,1389744000"; d="asc'?scan'208";a="29607573" Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by alln-iport-3.cisco.com with ESMTP; 23 Mar 2014 00:45:08 +0000 Received: from xhc-aln-x11.cisco.com (xhc-aln-x11.cisco.com [173.36.12.85]) by rcdn-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id s2N0j8ge026453 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Sun, 23 Mar 2014 00:45:08 GMT Received: from xmb-rcd-x09.cisco.com ([169.254.9.247]) by xhc-aln-x11.cisco.com ([173.36.12.85]) with mapi id 14.03.0123.003; Sat, 22 Mar 2014 19:45:07 -0500 From: "Fred Baker (fred)" To: Ted Lemon Thread-Topic: [perpass] Gmail is now HTTPS-only Thread-Index: AQHPRMWPXfJLH3O9PkCl7xS7CUC8g5rrvwEAgAANHQCAACiuAIAANzYAgAIAfQA= Date: Sun, 23 Mar 2014 00:45:07 +0000 Message-ID: <2356A45A-9B61-434E-9B16-AF3042787FCA@cisco.com> References: <532BCC66.8070106@cis-india.org> <88D5C8D3-2863-412F-9B8D-7A72E1356F70@isoc.org> <4EBDCBE9-F8F1-415A-B8D5-DBA881B7ED17@fugue.com> <20FCA714-E429-4F7F-94EF-1DBFF7E7F855@fugue.com> In-Reply-To: <20FCA714-E429-4F7F-94EF-1DBFF7E7F855@fugue.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [10.19.64.125] Content-Type: multipart/signed; boundary="Apple-Mail=_61DF85C3-7642-455A-B5D2-AA5CB54E447E"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/mlEXffhKzSZGRqCVOFwNLlYvNv0 Cc: Richard Barnes , Robin Wilton , "" , Pranesh Prakash Subject: Re: [perpass] Gmail is now HTTPS-only X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Mar 2014 00:45:11 -0000 --Apple-Mail=_61DF85C3-7642-455A-B5D2-AA5CB54E447E Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On Mar 21, 2014, at 11:10 AM, Ted Lemon wrote: > On Mar 21, 2014, at 10:53 AM, Richard Barnes wrote: >> Which would you rather do, dig up a sub-sea cable, or tap a server = admin on the shoulder? >=20 > Actually, they just put taps in Googles and Facebook's data centers. = No need to tap an undersea cable. =20 = http://www.reuters.com/article/2014/03/22/us-usa-security-china-nsa-idUSBR= EA2L0PD20140322 --Apple-Mail=_61DF85C3-7642-455A-B5D2-AA5CB54E447E Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="signature.asc" Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iD8DBQFTLi6IbjEdbHIsm0MRAkVvAJ9DpoLK4GcxUt0ojPwNGIokHsUhiQCggjzi CCMzDnIWlg06PDoB/6uIX4I= =Ml08 -----END PGP SIGNATURE----- --Apple-Mail=_61DF85C3-7642-455A-B5D2-AA5CB54E447E-- From nobody Sat Mar 22 19:03:10 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99D951A08E4 for ; Sat, 22 Mar 2014 19:03:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.511 X-Spam-Level: X-Spam-Status: No, score=-0.511 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F0d30HXmFBzH for ; Sat, 22 Mar 2014 19:03:04 -0700 (PDT) Received: from toccata.fugue.com (toccata.fugue.com [204.152.186.142]) by ietfa.amsl.com (Postfix) with ESMTP id 85E2F1A08EA for ; Sat, 22 Mar 2014 19:03:04 -0700 (PDT) Received: from [192.168.146.119] (unknown [70.114.139.95]) by toccata.fugue.com (Postfix) with ESMTPSA id 00C4F23807EE; Sat, 22 Mar 2014 22:03:02 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\)) From: Ted Lemon In-Reply-To: <2356A45A-9B61-434E-9B16-AF3042787FCA@cisco.com> Date: Sat, 22 Mar 2014 21:03:01 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: References: <532BCC66.8070106@cis-india.org> <88D5C8D3-2863-412F-9B8D-7A72E1356F70@isoc.org> <4EBDCBE9-F8F1-415A-B8D5-DBA881B7ED17@fugue.com> <20FCA714-E429-4F7F-94EF-1DBFF7E7F855@fugue.com> <2356A45A-9B61-434E-9B16-AF3042787FCA@cisco.com> To: "Fred Baker (fred)" X-Mailer: Apple Mail (2.1874) Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/hZqJRK3ZEJsa8QOa1GEr3QDQcK0 Cc: Richard Barnes , Robin Wilton , "" , Pranesh Prakash Subject: Re: [perpass] Gmail is now HTTPS-only X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Mar 2014 02:03:08 -0000 On Mar 22, 2014, at 7:45 PM, Fred Baker (fred) wrote: > = http://www.reuters.com/article/2014/03/22/us-usa-security-china-nsa-idUSBR= EA2L0PD20140322 Did I say somewhere that nobody ever hacked any servers in a data = center? No, I did not. I said that one of the hacks that was used, = in a context where they didn't hack servers in a data center, was to = install taps on the networks of service providers. This is a real thing that happened, and securing those links is of real = benefit. By itself it doesn't solve the whole problem, but if you = don't secure the messages in transit, then securing them on the server = doesn't either. From nobody Sun Mar 23 18:25:25 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE5BC1A0079 for ; Sun, 23 Mar 2014 18:25:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=unavailable Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A1waA2Zxef8Z for ; Sun, 23 Mar 2014 18:25:21 -0700 (PDT) Received: from xsmtp02.mail2web.com (xsmtp22.mail2web.com [168.144.250.185]) by ietfa.amsl.com (Postfix) with ESMTP id 8FDBF1A0088 for ; Sun, 23 Mar 2014 18:25:20 -0700 (PDT) Received: from [10.5.2.15] (helo=xmail05.myhosting.com) by xsmtp02.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from ) id 1WRtde-0005fN-O1 for perpass@ietf.org; Sun, 23 Mar 2014 21:25:19 -0400 Received: (qmail 12573 invoked from network); 24 Mar 2014 01:25:17 -0000 Received: from unknown (HELO HUITEMA5) (Authenticated-user:_huitema@huitema.net@[24.16.156.113]) (envelope-sender ) by xmail05.myhosting.com (qmail-ldap-1.03) with ESMTPA for ; 24 Mar 2014 01:25:17 -0000 From: "Christian Huitema" To: "'Scott Brim'" , , "'perpass'" References: In-Reply-To: Date: Sun, 23 Mar 2014 18:25:16 -0700 Message-ID: <00b701cf46ff$ea99b360$bfcd1a20$@huitema.net> MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 15.0 Thread-Index: AQK+azF0+bwYyn2cLSX/mffTDwGSw5kRKKrw Content-Language: en-us Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/yrLhuzUYS5hz_qf4mqR1B0cI5ac Subject: Re: [perpass] [ietf-privacy] Wiki for managing PPM reviews of existing RFCs X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Mar 2014 01:25:23 -0000 > If you were at the Monday lunch and announced an intention to working > on a particular set of RFCs, now there's a home for your reviews. If > you couldn't commit to doing reviews but want to do some, here is your > chance! (If you don't have a login on the wiki, it's easy to > register.) In both cases, please add a ticket when you _start_ your > review -- don't wait until you finish, people will want to know all > about it from the start. I added a couple of tickets for the various DHCP RFC that I reviewed when writing the DHCP draft. What is the process for picking new RFC to review? Just pick one at random and write a provisional ticket in https://trac.tools.ietf.org/group/ppm-legacy-review/wiki ? -- Christian Huitema From nobody Sun Mar 23 19:49:23 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50BAD1A00DB for ; Sun, 23 Mar 2014 19:49:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.509 X-Spam-Level: X-Spam-Status: No, score=-0.509 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, HTML_MESSAGE=0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vmnN21wAUPO4 for ; Sun, 23 Mar 2014 19:49:16 -0700 (PDT) Received: from cnnic.cn (smtp.cnnic.cn [218.241.118.7]) by ietfa.amsl.com (Postfix) with SMTP id 9B0561A00D4 for ; Sun, 23 Mar 2014 19:49:14 -0700 (PDT) X-EYOUMAIL-SMTPAUTH: yaojk@cnnic.cn Received: from unknown127.0.0.1 (HELO healthyao-think) (127.0.0.1) by 127.0.0.1 with SMTP; Mon, 24 Mar 2014 10:49:10 +0800 Date: Mon, 24 Mar 2014 10:49:10 +0800 From: "Jiankang Yao" To: "Scott Brim" , ietf-privacy , perpass References: X-Priority: 3 X-Has-Attach: no X-Mailer: Foxmail 7.0.1.92[cn] Mime-Version: 1.0 Message-ID: <201403241049032689006@cnnic.cn> Content-Type: multipart/alternative; boundary="----=_001_NextPart885447565813_=----" Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/QXQI-Dr0juKnHZRhq73_X_CYWI4 Subject: Re: [perpass] Wiki for managing PPM reviews of existing RFCs X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: yaojk List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Mar 2014 02:49:18 -0000 This is a multi-part message in MIME format. ------=_001_NextPart885447565813_=---- Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: base64 DQpGcm9tOiBTY290dCBCcmltDQpEYXRlOiAyMDE0LTAzLTIzIDA1OjIxDQpUbzogaWV0Zi1wcml2 YWN5OyBwZXJwYXNzDQpTdWJqZWN0OiBbcGVycGFzc10gV2lraSBmb3IgbWFuYWdpbmcgUFBNIHJl dmlld3Mgb2YgZXhpc3RpbmcgUkZDcw0KPihJJ20gc2VuZGluZyB0byBib3RoIHBlcnBhc3MgYW5k IGlldGYtcHJpdmFjeSBmb3IgdGhpcyBhbm5vdW5jZW1lbnQsDQo+YnV0IGZvbGxvdy11cCBzaG91 bGQgYmUgb25seSB0byBpZXRmLXByaXZhY3kpDQoNCj5HcmVldGluZ3MuIEF0IHRoZSBMb25kb24g SUVURiB3ZSBoYWQgYSBNb25kYXkgbHVuY2ggbWVldGluZyB0byB0YWxrDQo+YWJvdXQgZG9pbmcg c3lzdGVtYXRpYyByZXZpZXdzIG9mIGV4aXN0aW5nIFJGQ3MuIFdlIGZpbmFsbHkgaGF2ZSBhDQo+ d2lraSBwYWdlIGZvciB0cmFja2luZyB0aGF0IGFjdGl2aXR5LiBJdCBpcyBhdA0KPmh0dHBzOi8v dHJhYy50b29scy5pZXRmLm9yZy9ncm91cC9wcG0tbGVnYWN5LXJldmlldy8uDQo+DQo+DQoNCml0 IGlzIGEgZ29vZCBzdGFydC4gdGhhbmtzLg0Kc2luY2UgdGhlcmUgYXJlIHRob3VzYW5kcyBvZiBS RkNzLCBpdCBpcyBiZXR0ZXIgdGhhdCB0aGV5IGNhbiBiZSByZXZpZXdkIGJ5IGNhdGVnb3J5Lg0K Zm9yIGV4YW1wbGUsIGJhc2VkIG9uIHRoZSBmb2xsb3dpbmcgY2F0ZWdvcnk6DQpodHRwOi8vd3d3 LmZhcXMub3JnL3JmY3MvbnAuaHRtbCANCg0KSmlhbmthbmcgWWFv ------=_001_NextPart885447565813_=---- Content-Type: text/html; charset="gb2312" Content-Transfer-Encoding: quoted-printable
 
Date: 2014-03-23 05:21
To: ietf-privacy= ; perpass
Subject: [perpass] Wiki for managing PPM reviews of exist= ing=20 RFCs
>(I'm sending to both perpass and ie= tf-privacy for this announcement,
>but follow-up should be only to iet= f-privacy)
 
>Greetings. At the London IETF we ha= d a Monday lunch meeting to talk
>about doing systematic reviews of existi= ng RFCs. We finally have a
>wiki page for tracking that activity.&nb= sp;It is at
>https://trac= .tools.ietf.org/group/ppm-legacy-review/.
>
>
 
it is a good start. thanks.
since there are thousands of RFCs, it is better that they can be=20 reviewd by category.
for example, based on the following category:
http://www.faqs.org/rfcs/np.html= =20
 
Jiankang Yao
------=_001_NextPart885447565813_=------ From nobody Sun Mar 23 20:46:46 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7CCC1A00DD for ; Sun, 23 Mar 2014 20:46:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ilQ2mx4DS3BD for ; Sun, 23 Mar 2014 20:46:43 -0700 (PDT) Received: from mail-pa0-x22b.google.com (mail-pa0-x22b.google.com [IPv6:2607:f8b0:400e:c03::22b]) by ietfa.amsl.com (Postfix) with ESMTP id E9C3F1A00E1 for ; Sun, 23 Mar 2014 20:46:42 -0700 (PDT) Received: by mail-pa0-f43.google.com with SMTP id bj1so4843829pad.16 for ; Sun, 23 Mar 2014 20:46:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=QorHXeNbcOuRkffxcZs4z5ne7mRVuig5bVV1geu6rQI=; b=HO0hhZxmcW0vthzbgkAWiPkna5nNP959TLnyLykh6tiZ9SUn7fPUvoOx3Ck21M82Ft gyDxEPAsd+ForUq458fCM3fEsZsNSqIM1tkciG3o0C61SFjQYa9tXkrnxQ0HgY+EEnyF sQAta4BUJ7f5+Io9vQKpkYfP31FeDWqbznify6c5/bkJpYoDafuO39mq6QxaijQUZx67 PGMDiKpYm26FGN1I43ucxF3lxiHLYawkAmJV2hV2xJvMRmH7CKOgy2wyn+X6mUyX7U7Y 0MwRKRTPpsKOLES/S+6EsA7O/ldLZzBIr1Q75vQekzvqsOS03deGTRTMb2EeiEVwzty2 5bCg== X-Received: by 10.68.133.163 with SMTP id pd3mr219339pbb.166.1395632802451; Sun, 23 Mar 2014 20:46:42 -0700 (PDT) Received: from spandex.local (69-162-195-133-rb2.sol.dsl.dynamic.acsalaska.net. [69.162.195.133]) by mx.google.com with ESMTPSA id it4sm30257237pbc.39.2014.03.23.20.46.41 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 23 Mar 2014 20:46:41 -0700 (PDT) Message-ID: <532FAA9F.7040200@gmail.com> Date: Sun, 23 Mar 2014 19:46:39 -0800 From: Melinda Shore User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130620 Thunderbird/17.0.7 MIME-Version: 1.0 To: perpass@ietf.org References: <201403241049032689006@cnnic.cn> In-Reply-To: <201403241049032689006@cnnic.cn> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/6_FwXha4cKpWw8U_UGBYeZ3SfGQ Subject: Re: [perpass] Wiki for managing PPM reviews of existing RFCs X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Mar 2014 03:46:44 -0000 On 3/23/14 6:49 PM, Jiankang Yao wrote: > it is a good start. thanks. > since there are thousands of RFCs, it is better that they can be > reviewd by category. > for example, based on the following category: > http://www.faqs.org/rfcs/np.html I'm not sure about that - there are a lot of documents defining protocols that have never been implemented or deployed, and so on. It seems likely to me that as this process is starting up, people will tend to review significant documents, which is what probably the best place to start anyway. As more documents are reviewed there may be a need to become more systematic. But for now, I think the current situation is good. Melinda From nobody Mon Mar 24 02:49:56 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBA7D1A017C; Mon, 24 Mar 2014 02:49:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.339 X-Spam-Level: X-Spam-Status: No, score=0.339 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HELO_EQ_FR=0.35, T_RP_MATCHES_RCVD=-0.01] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PTWk9PiF19j8; Mon, 24 Mar 2014 02:49:50 -0700 (PDT) Received: from mx4.nic.fr (mx4.nic.fr [IPv6:2001:67c:2218:2::4:12]) by ietfa.amsl.com (Postfix) with ESMTP id 1AEFE1A0171; Mon, 24 Mar 2014 02:49:50 -0700 (PDT) Received: from mx4.nic.fr (localhost [127.0.0.1]) by mx4.nic.fr (Postfix) with SMTP id B73EA280385; Mon, 24 Mar 2014 10:49:48 +0100 (CET) Received: from relay1.nic.fr (relay1.nic.fr [192.134.4.162]) by mx4.nic.fr (Postfix) with ESMTP id B17F3280129; Mon, 24 Mar 2014 10:49:48 +0100 (CET) Received: from bortzmeyer.nic.fr (batilda.nic.fr [IPv6:2001:67c:1348:8::7:113]) by relay1.nic.fr (Postfix) with ESMTP id A5EF94C007C; Mon, 24 Mar 2014 10:49:18 +0100 (CET) Date: Mon, 24 Mar 2014 10:49:18 +0100 From: Stephane Bortzmeyer To: Jiankang Yao Message-ID: <20140324094918.GA13307@nic.fr> References: <201403241049032689006@cnnic.cn> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201403241049032689006@cnnic.cn> X-Operating-System: Debian GNU/Linux 7.4 X-Kernel: Linux 3.2.0-4-686-pae i686 Organization: NIC France X-URL: http://www.nic.fr/ User-Agent: Mutt/1.5.21 (2010-09-15) Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/-kKf0eWlGUmf4UBiqQwX2mM3mYI Cc: ietf-privacy , perpass , Scott Brim Subject: Re: [perpass] Wiki for managing PPM reviews of existing RFCs X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Mar 2014 09:49:52 -0000 On Mon, Mar 24, 2014 at 10:49:10AM +0800, Jiankang Yao wrote a message of 116 lines which said: > since there are thousands of RFCs, IMHO, the work should be indexed by PROTOCOL not by RFC, since some protocols are specified in many RFCs (DNS...) From nobody Mon Mar 24 02:54:19 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A94441A0185; Mon, 24 Mar 2014 02:54:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.56 X-Spam-Level: X-Spam-Status: No, score=-1.56 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_FR=0.35, T_RP_MATCHES_RCVD=-0.01] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bwlV5hUOYFfc; Mon, 24 Mar 2014 02:53:42 -0700 (PDT) Received: from mx4.nic.fr (mx4.nic.fr [IPv6:2001:67c:2218:2::4:12]) by ietfa.amsl.com (Postfix) with ESMTP id 020ED1A017A; Mon, 24 Mar 2014 02:53:42 -0700 (PDT) Received: from mx4.nic.fr (localhost [127.0.0.1]) by mx4.nic.fr (Postfix) with SMTP id 14250280385; Mon, 24 Mar 2014 10:53:41 +0100 (CET) Received: from relay2.nic.fr (relay2.nic.fr [192.134.4.163]) by mx4.nic.fr (Postfix) with ESMTP id 0F240280129; Mon, 24 Mar 2014 10:53:41 +0100 (CET) Received: from bortzmeyer.nic.fr (batilda.nic.fr [IPv6:2001:67c:1348:8::7:113]) by relay2.nic.fr (Postfix) with ESMTP id 034CBB3DD5D; Mon, 24 Mar 2014 10:53:11 +0100 (CET) Date: Mon, 24 Mar 2014 10:53:10 +0100 From: Stephane Bortzmeyer To: Scott Brim Message-ID: <20140324095310.GA14840@nic.fr> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Operating-System: Debian GNU/Linux 7.4 X-Kernel: Linux 3.2.0-4-686-pae i686 Organization: NIC France X-URL: http://www.nic.fr/ User-Agent: Mutt/1.5.21 (2010-09-15) Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/N9OGeJeQk8GBNZ_8_UQt9hDDuMc Cc: ietf-privacy@ietf.org, perpass Subject: Re: [perpass] Wiki for managing PPM reviews of existing RFCs X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Mar 2014 09:54:08 -0000 On Sat, Mar 22, 2014 at 05:21:36PM -0400, Scott Brim wrote a message of 29 lines which said: > We finally have a wiki page for tracking that activity. It is at > . Trac has an issue: Warning: The ticket has been created, but an error occurred while sending notifications: [Errno 111] Connection refused From nobody Mon Mar 24 02:54:52 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D3DC1A0185; Mon, 24 Mar 2014 02:54:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.91 X-Spam-Level: X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=unavailable Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eYt83QIOlf7h; Mon, 24 Mar 2014 02:53:55 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 44B5B1A0184; Mon, 24 Mar 2014 02:53:55 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 5EE54BE5C; Mon, 24 Mar 2014 09:53:54 +0000 (GMT) Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ybp14VqWV1o5; Mon, 24 Mar 2014 09:53:54 +0000 (GMT) Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 278B9BE57; Mon, 24 Mar 2014 09:53:54 +0000 (GMT) Message-ID: <533000B2.9070500@cs.tcd.ie> Date: Mon, 24 Mar 2014 09:53:54 +0000 From: Stephen Farrell User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 To: Melinda Shore References: <201403241049032689006@cnnic.cn> <532FAA9F.7040200@gmail.com> In-Reply-To: <532FAA9F.7040200@gmail.com> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/XuJnPzfjjV5mUInT8j0g4TfAIho X-Mailman-Approved-At: Mon, 24 Mar 2014 02:54:51 -0700 Cc: "ietf-privacy@ietf.org" Subject: Re: [perpass] Wiki for managing PPM reviews of existing RFCs X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Mar 2014 09:54:06 -0000 (bcc'ing perpass and moving this to ietf-privacy which we agreed was a better list for this) On 03/24/2014 03:46 AM, Melinda Shore wrote: > On 3/23/14 6:49 PM, Jiankang Yao wrote: >> it is a good start. thanks. >> since there are thousands of RFCs, it is better that they can be >> reviewd by category. >> for example, based on the following category: >> http://www.faqs.org/rfcs/np.html > > I'm not sure about that - there are a lot of documents > defining protocols that have never been implemented or > deployed, and so on. It seems likely to me that as this > process is starting up, people will tend to review > significant documents, which is what probably the best > place to start anyway. As more documents are reviewed > there may be a need to become more systematic. But > for now, I think the current situation is good. I agree with Melinda. Let's get a body of work done that people want to do or feel is important to do and then we can organise that. So jump in and review something. S. > > Melinda > > > _______________________________________________ > perpass mailing list > perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass > From nobody Mon Mar 24 05:22:49 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 598111A01E9; Mon, 24 Mar 2014 05:22:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ae7NFuqkvxSM; Mon, 24 Mar 2014 05:22:46 -0700 (PDT) Received: from mail-ob0-x22c.google.com (mail-ob0-x22c.google.com [IPv6:2607:f8b0:4003:c01::22c]) by ietfa.amsl.com (Postfix) with ESMTP id 847E11A01E6; Mon, 24 Mar 2014 05:22:46 -0700 (PDT) Received: by mail-ob0-f172.google.com with SMTP id wm4so5678107obc.31 for ; Mon, 24 Mar 2014 05:22:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=sWoHW2LDH1tGlKlgADZjDt+D68jDJQEEHJGVrrq8Pzo=; b=z8dDbsWDZ7S5z/PvZCDi64lTLd7NytFa147r1OnIklGgSjp8lzgSdNGlzXyp+0atgN mJt1FyVuv3jbZMVrCTsGNo0lfesWtORTlURi7YuF0totNt5CDPn0JPuq9VCgf2ZSFVYn yO5DWN6qEKjILAZ7PSORByDC1R0ibY7PuUBkFGclrwaMjRuHfe0L1dkmJ76bq2tDLSm1 RkILlOJNcJ5xVFuYvKT/LqYW7gr3KRemIrxLm6O4noMb2x7l7MdwWLNA4UmjyqJ7QKPY e0CxvhJ+uJqIdIR3ay/UcdHeS3Erji+p0l6L5en63qH/GaaZw4saISawZJ9IKBcQ+Vp3 47Ug== MIME-Version: 1.0 X-Received: by 10.60.161.101 with SMTP id xr5mr531264oeb.71.1395663765794; Mon, 24 Mar 2014 05:22:45 -0700 (PDT) Received: by 10.182.48.9 with HTTP; Mon, 24 Mar 2014 05:22:45 -0700 (PDT) Received: by 10.182.48.9 with HTTP; Mon, 24 Mar 2014 05:22:45 -0700 (PDT) In-Reply-To: <201403241049032689006@cnnic.cn> References: <201403241049032689006@cnnic.cn> Date: Mon, 24 Mar 2014 08:22:45 -0400 Message-ID: From: Scott Brim To: yaojk Content-Type: multipart/alternative; boundary=e89a8fb1f4cafc77aa04f5594a18 Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/p7zvBz0fP-TI2JLCj0KDLqmE-ag Cc: ietf-privacy@ietf.org, perpass Subject: Re: [perpass] Wiki for managing PPM reviews of existing RFCs X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Mar 2014 12:22:48 -0000 --e89a8fb1f4cafc77aa04f5594a18 Content-Type: text/plain; charset=ISO-8859-1 On Mar 23, 2014 10:49 PM, "Jiankang Yao" wrote: > since there are thousands of RFCs, it is better that they can be reviewd by category. > for example, based on the following category: > http://www.faqs.org/rfcs/np.html > > Jiankang Yao We want to make sure the essential RFCs are reviewed, and categories are a good way to organize that if you know what categories to use. We don't have enough experience yet to know what good categories would be -- we don't know how many reviewers we will have our their interest areas. To start with let's just get everyone doing reviews. We can organize them later, once we get over a hundred. Thanks... Scott --e89a8fb1f4cafc77aa04f5594a18 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable


On Mar 23, 2014 10:49 PM, "Jiankang Yao" <yaojk@cnnic.cn> wrote:
> since there are thousands of RFCs, it is better that they can be revie= wd=A0by category.
> for example, based on the following category:
> http://www.faqs.org/rfcs/= np.html
> =A0
> Jiankang Yao

We want to make sure the essential RFCs are reviewed, and ca= tegories are a good way to organize that if you know what categories to use= . We don't have enough experience yet to know what good categories woul= d be -- we don't know how many reviewers we will have our their interes= t areas. To start with let's just get everyone doing reviews. We can or= ganize them later, once we get over a hundred.

Thanks... Scott

--e89a8fb1f4cafc77aa04f5594a18-- From nobody Mon Mar 24 05:34:57 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A135C1A01EA; Mon, 24 Mar 2014 05:34:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yypxPkvmqwxC; Mon, 24 Mar 2014 05:34:53 -0700 (PDT) Received: from mail-oa0-x231.google.com (mail-oa0-x231.google.com [IPv6:2607:f8b0:4003:c02::231]) by ietfa.amsl.com (Postfix) with ESMTP id 9DCC21A01F2; Mon, 24 Mar 2014 05:34:52 -0700 (PDT) Received: by mail-oa0-f49.google.com with SMTP id h16so5704516oag.36 for ; Mon, 24 Mar 2014 05:34:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=K4py9OX1R/cPL8NRepzwLGGF0qBJvbaT2okqkjU4U4c=; b=tv2ZxSvxM7HhUaZxIG3RAhNT1z29JRLju7m1kG3EoY80CX7x/DkTFZDy/K7OaP/bdB a1j/8FzBAIqGw40sI+qChTKfs2N+MlsrfIKEDTesZbaU+IJ+SVhMiQQnCSnDzQJyYO7e Bj98Ud/5UsmJUH3EJ7xEpTwX0LUJKfIsH0RnjKQo7RjU4xjpmvRcAggxqgN2Asp0p8P0 NtSQo7uAkQKwiMlv2jnLQf25CRnhSyYNF8Gee6P4H8Y6jAwOU3YqBph0P65MWVj0zlRM ZSpiG3XA+88/GdnoLWgnXmkE7DGUQNR1qTPgrccLFiJvSfK8B6LY3hHvgEsQbiKk35Bm oSjA== MIME-Version: 1.0 X-Received: by 10.60.157.228 with SMTP id wp4mr57117289oeb.39.1395664491901; Mon, 24 Mar 2014 05:34:51 -0700 (PDT) Received: by 10.182.48.9 with HTTP; Mon, 24 Mar 2014 05:34:51 -0700 (PDT) Received: by 10.182.48.9 with HTTP; Mon, 24 Mar 2014 05:34:51 -0700 (PDT) In-Reply-To: <20140324095310.GA14840@nic.fr> References: <20140324095310.GA14840@nic.fr> Date: Mon, 24 Mar 2014 08:34:51 -0400 Message-ID: From: Scott Brim To: Stephane Bortzmeyer Content-Type: multipart/alternative; boundary=047d7bd6c64443f9bb04f559767f Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/YMFqFPoE1hasF_mY2uopvIjfTsE Cc: ietf-privacy@ietf.org, perpass Subject: Re: [perpass] Wiki for managing PPM reviews of existing RFCs X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Mar 2014 12:34:54 -0000 --047d7bd6c64443f9bb04f559767f Content-Type: text/plain; charset=ISO-8859-1 On Mar 24, 2014 5:53 AM, "Stephane Bortzmeyer" wrote: > > On Sat, Mar 22, 2014 at 05:21:36PM -0400, > Scott Brim wrote > a message of 29 lines which said: > > > We finally have a wiki page for tracking that activity. It is at > > . > > Trac has an issue: > > Warning: The ticket has been created, but an error occurred while sending notifications: [Errno 111] Connection refused Ok, I'll tell Henrik. He manually added a notification. Thanks. --047d7bd6c64443f9bb04f559767f Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable


On Mar 24, 2014 5:53 AM, "Stephane Bortzmeyer" <bortzmeyer@nic.fr> wrote:
>
> On Sat, Mar 22, 2014 at 05:21:36PM -0400,
> =A0Scott Brim <scott.brim@g= mail.com> wrote
> =A0a message of 29 lines which said:
>
> > We finally have a wiki page for tracking that activity. It is at<= br> > > <https://trac.tools.ietf.org/group/ppm-legacy-review/>.
>
> Trac has an issue:
>
> Warning: The ticket has been created, but an error occurred while send= ing notifications: [Errno 111] Connection refused

Ok, I'll tell Henrik. He manually added a notification. = Thanks.

--047d7bd6c64443f9bb04f559767f-- From nobody Tue Mar 25 06:53:55 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18A601A0139 for ; Tue, 25 Mar 2014 06:53:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.789 X-Spam-Level: X-Spam-Status: No, score=0.789 tagged_above=-999 required=5 tests=[BAYES_50=0.8, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bmXJuFrsQ0tK for ; Tue, 25 Mar 2014 06:53:51 -0700 (PDT) Received: from walnut.tislabs.com (walnut.tislabs.com [192.94.214.200]) by ietfa.amsl.com (Postfix) with ESMTP id A06021A0115 for ; Tue, 25 Mar 2014 06:53:51 -0700 (PDT) Received: from nova.tislabs.com (unknown [10.66.1.77]) by walnut.tislabs.com (Postfix) with ESMTP id 8DE3828B0042; Tue, 25 Mar 2014 09:53:50 -0400 (EDT) Received: from ispx.vb.futz.org (localhost.localdomain [127.0.0.1]) by nova.tislabs.com (Postfix) with ESMTP id 510451F8035; Tue, 25 Mar 2014 09:53:50 -0400 (EDT) Date: Tue, 25 Mar 2014 09:53:46 -0400 From: Robert Story To: "Joe St Sauver" Message-ID: <20140325095346.0fd555ba@ispx.vb.futz.org> In-Reply-To: <14032116120991_A4@oregon.uoregon.edu> References: <14032116120991_A4@oregon.uoregon.edu> Organization: Parsons X-Mailer: Claws Mail 3.9.3 (GTK+ 2.24.22; x86_64-redhat-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; boundary="Sig_/I=._Z0m1hnsnMJx2L9XFf52"; protocol="application/pgp-signature" Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/oul4EFyHVmJc7k2_lq2BiAu3frI Cc: perpass@ietf.org, nweaver@icsi.berkeley.edu Subject: Re: [perpass] Gmail is now HTTPS-only X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Mar 2014 13:53:53 -0000 --Sig_/I=._Z0m1hnsnMJx2L9XFf52 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Fri, 21 Mar 2014 16:12:10 -0700 (PDT) Joe wrote: JSS> As to protection for incoming messages, if both sides have an S/MIME JSS> compatible email user agent, it would certainly seem as if they should= =20 JSS> be able to encrypt outgoing email, at least once they've exchanged keys JSS> via an initial signed email, no? Even if both sides don't do S/MIME, if a webmail provider allowed users to upload their public key and then used that key to encrypt anything that wasn't already encrypted on arrival, then the data is always protected at rest. Robert -- Senior Software Engineer @ Parsons --Sig_/I=._Z0m1hnsnMJx2L9XFf52 Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlMxim0ACgkQ7/fVLLY1mnjEOgCglB/TCQs4MW51zwcCi5DaoMMc n3YAnj3ZosLMkikB2mj1+YvvSkd7O0O0 =SS9j -----END PGP SIGNATURE----- --Sig_/I=._Z0m1hnsnMJx2L9XFf52-- From nobody Tue Mar 25 07:29:40 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9649C1A0140 for ; Tue, 25 Mar 2014 07:29:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.278 X-Spam-Level: X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VPP_6v4ovarj for ; Tue, 25 Mar 2014 07:29:37 -0700 (PDT) Received: from mail-we0-x236.google.com (mail-we0-x236.google.com [IPv6:2a00:1450:400c:c03::236]) by ietfa.amsl.com (Postfix) with ESMTP id 413061A011B for ; Tue, 25 Mar 2014 07:29:37 -0700 (PDT) Received: by mail-we0-f182.google.com with SMTP id p61so369140wes.41 for ; Tue, 25 Mar 2014 07:29:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:content-type; bh=75/Ly7npXPJEe2OWfclS26SznaKkhFeIgkiirwaXs3E=; b=FhYQ40igLpjtOz6B1xw2sbFeRd0qXFNRg4+lBp6JdoOHQrosojKPggxqTq2NQLmyku ETIQpPZgHSBCiF/TCFgz/EUUByr4YIVqyzcOmdDab6Kq6PwMlJnLEWUuAyb2EBkTWOkb RETs+7mXcGKTJQNzplxqcESyBNTEyRNc0Ir5rB5KRvH0+TCKH7fGQ2Et57PRyJ76iwb1 P50CcFfuX4W0wFOhxuqayvh4LduSMOKDSL5otVzlIbVnQetFaj4o8ry+k4FtqFnDhy5t bGE99BXikbhigtzbwWrrBsE9gIafB17P6HWjyv5JsxqY2sd87oV99PYbOeG4JvQKuI8i LCRw== MIME-Version: 1.0 X-Received: by 10.180.72.136 with SMTP id d8mr24288421wiv.44.1395757775565; Tue, 25 Mar 2014 07:29:35 -0700 (PDT) Sender: bittau@gmail.com Received: by 10.217.61.10 with HTTP; Tue, 25 Mar 2014 07:29:35 -0700 (PDT) Date: Tue, 25 Mar 2014 07:29:35 -0700 X-Google-Sender-Auth: q0tHaRVNJrKEg0jDRxpuFR-W86s Message-ID: From: Andrea Bittau To: perpass@ietf.org Content-Type: text/plain; charset=ISO-8859-1 Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/Hcx6q_pgbsCePpr3mMOv9IiGujo Subject: [perpass] Fwd: New Non-WG Mailing List: Tcpcrypt -- Discussion list for adding encryption to TCP X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Mar 2014 14:29:38 -0000 FYI: A new IETF non-working group email list has been created. List address: tcpcrypt@ietf.org Archive: http://www.ietf.org/mail-archive/web/tcpcrypt/ To subscribe: https://www.ietf.org/mailman/listinfo/tcpcrypt Purpose: The goal of this mailing list is to discuss encryption of TCP sessions, without necessarily requiring endpoint authentication in all cases (but while also making endpoint authentication possible). The initial purpose of the mailing list is to discuss the scope and a potential charter of a WG that would work on the definition of TCP extensions to support such encryption, or to find an existing WG to perform the work. For additional information, please contact the list administrators. From nobody Tue Mar 25 10:12:25 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0F5B1A01CC for ; Tue, 25 Mar 2014 10:12:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 3.798 X-Spam-Level: *** X-Spam-Status: No, score=3.798 tagged_above=-999 required=5 tests=[BAYES_50=0.8, J_CHICKENPOX_31=0.6, J_CHICKENPOX_42=0.6, J_CHICKENPOX_51=0.6, J_CHICKENPOX_61=0.6, J_CHICKENPOX_72=0.6, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vxM7T28AjtbQ for ; Tue, 25 Mar 2014 10:11:59 -0700 (PDT) Received: from mail.maclaboratory.net (mail.maclaboratory.net [209.190.215.232]) by ietfa.amsl.com (Postfix) with ESMTP id 86BAC1A0133 for ; Tue, 25 Mar 2014 10:11:58 -0700 (PDT) X-Footer: Y2R0Lm9yZw== Received: from hypochilid-2.local ([108.61.90.131]) (authenticated user jhall@cdt.org) by mail.maclaboratory.net (using TLSv1 with cipher DHE-RSA-AES128-SHA (128 bits)) for perpass@ietf.org; Tue, 25 Mar 2014 13:11:55 -0400 Message-ID: <5331B8DB.5090905@cdt.org> Date: Tue, 25 Mar 2014 13:11:55 -0400 From: Joseph Lorenzo Hall User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 To: perpass@ietf.org References: <532BCC66.8070106@cis-india.org> <88D5C8D3-2863-412F-9B8D-7A72E1356F70@isoc.org> <4EBDCBE9-F8F1-415A-B8D5-DBA881B7ED17@fugue.com> <532CC697.6090509@cs.tcd.ie> In-Reply-To: X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/w7Gi-tQRESYiWsBDRHp4xC-QYyU Subject: Re: [perpass] Gmail is now HTTPS-only X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Mar 2014 17:12:03 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 There is a thoughtful critique of keybase.io here: http://blog.lrdesign.com/2014/03/thoughts-on-keybase-io/ I have 2 invites left if you'd like to try it out (preference will go to those of you I know (in the biblical key-signing sense) or have met in person). I do think it is a clever take on PGP user experience... there are a few red flags, such as (optionally!) storing an encrypted copy of your private key on their server. yikes. best, Joe On 3/21/14, 7:17 PM, Tim Bray wrote: > Slightly off-topic, but there?s this thing called keybase.io > that is doing what feels like a pretty good job > to me of wrapping up GPG in a palatable UI (web & command line) > with a key directory so that while I, for example, have never taken > the trouble to install E2E encryption in my mail, I can see using > keybase to encrypt particularly sensitive stuff. Don?t know if > they?ve got just the right set of features, but it feels like > there?s an 80/20 point lurking out there somewhere. My blog on the > subject is (I hope) an OK introduction: > https://www.tbray.org/ongoing/When/201x/2014/03/19/Keybase > > > On Fri, Mar 21, 2014 at 4:09 PM, Stephen Farrell > > > wrote: > > > Hi Fred, > > On 03/21/2014 10:21 PM, Fred Baker (fred) wrote: >> Wouldn?t it be interesting to solve the problem at hand rather >> than the one we think we might already know how to solve? > > You're correct. Unfortunately, for mail, despite decades of work on > e2e security we are no nearer to a technology that is likely to be > very widely used/deployed. I wish that were not the case, but it > is. And that's the case for fairly well understood reasons that > were rehearsed on this list late last year. (Can't recall when, > sorry.) > > At the same time, I'd encourage those brave enough to be working on > that problem to keep at it - one of you will probably get right > eventually. > > S. > > _______________________________________________ perpass mailing > list perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass > > > > > _______________________________________________ perpass mailing > list perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass > - -- Joseph Lorenzo Hall Chief Technologist Center for Democracy & Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 joe@cdt.org PGP: https://josephhall.org/gpg-key fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTMbjbAAoJEF+GaYdAqahxJAAQAIxK2XTdNYrNBFELb+/WJpZ5 tW9BxSWp6eWK3xNeGZvzhOdQq1Vr1taAHnSR2xv4xZGvHUMdaDwK+7phRp71VO9P 02SlpLP2cxHEL4FytrJGIJvDHXIkq9nJASxfifcNIOB4L6iWEYOx7vQQDYCHQPXs ROad4ZrjG7AnfS50VB0P0yl4iPGaym4jPZKz6nmJxrqpLJ1dcUiNQpKRbch15VKr n1hMCCNIY6ZMovztcoek4K/OhmMbMyMgbODHjPRWWpAVWjG7Yyscck7iFlFR3VHj WJjxAQGFzzZfh/nkL3I3gOHIZb8VfUjEl1JojnmFigmmYUygFI9J+CP9w8YzYlOA WdWTSZs5MQ5iDYLo7zT+Umo4xBDfhyjmqNyxyZ+EVJciZqlRnNQxUHuIXiYV/bzZ WLi8DP6AZuu7kCaTMTDrYR2GKes0sMZlVMAuOgdR7IIv4tV6lJA5VksvRtsgISeH V8OPw2AbTNF1sy7CkArnvbjrh63veJGWdxA/mLr34KtEJT7+eJzdIcFujJ0kNM1z loocEm7nzYZcGOtWIqbixmYoJmO2XdQzCauTwp72iZevVZ8SFIzbTP2FBhyqN53C cTa2xkMnzagn9ebcRyMR1DvKfAs/5TP7YEM8Ms8KJOpEJrTYQYXFXUEV1Jr7HBpx 0j8UipQCLcKUl1NkmeFt =huSL -----END PGP SIGNATURE----- From nobody Tue Mar 25 14:34:48 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B03C1A020A for ; Tue, 25 Mar 2014 14:34:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.902 X-Spam-Level: X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hX1WpE8sRsTn for ; Tue, 25 Mar 2014 14:34:46 -0700 (PDT) Received: from obsidian.cagechimps.com (obsidian.cagechimps.com [216.218.196.40]) by ietfa.amsl.com (Postfix) with ESMTP id 48D4E1A0207 for ; Tue, 25 Mar 2014 14:34:46 -0700 (PDT) Received: from localhost (localhost.localdomain [127.0.0.1]) by obsidian.cagechimps.com (Postfix) with ESMTP id 15FFE1A82CE5; Tue, 25 Mar 2014 14:35:57 -0700 (PDT) Received: from obsidian.cagechimps.com ([127.0.0.1]) by localhost (obsidian.cagechimps.com [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id xWRtAzcH2EtL; Tue, 25 Mar 2014 14:35:56 -0700 (PDT) Received: from localhost (localhost.localdomain [127.0.0.1]) by obsidian.cagechimps.com (Postfix) with ESMTP id 8A5EC1A82CE8; Tue, 25 Mar 2014 14:35:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at obsidian.cagechimps.com Received: from obsidian.cagechimps.com ([127.0.0.1]) by localhost (obsidian.cagechimps.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id ne6Wes_TH6eh; Tue, 25 Mar 2014 14:35:56 -0700 (PDT) Received: from carl.vla.bleet (ppp108-18.static.internode.on.net [150.101.108.18]) by obsidian.cagechimps.com (Postfix) with ESMTPSA id AF2A01A82CE5; Tue, 25 Mar 2014 14:35:55 -0700 (PDT) Message-ID: <5331F671.3020802@bleeter.id.au> Date: Wed, 26 Mar 2014 08:34:41 +1100 From: Peter Lawler User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Andrea Bittau References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/2jrAtDmfUt1A5m7VDj7MbAkNy2o Cc: perpass@ietf.org Subject: Re: [perpass] Fwd: New Non-WG Mailing List: Tcpcrypt -- Discussion list for adding encryption to TCP X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Mar 2014 21:34:47 -0000 On 26/03/14 01:29, Andrea Bittau wrote: > FYI: > > A new IETF non-working group email list has been created. > > List address: tcpcrypt@ietf.org Thanks Andrea. Now if I could only get IETF's mailman subscribe page to stop 504'ing... :-) Pete. From nobody Tue Mar 25 16:06:59 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62ECD1A026E for ; Tue, 25 Mar 2014 16:06:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.91 X-Spam-Level: X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FDjVhPfs9RYh for ; Tue, 25 Mar 2014 16:06:53 -0700 (PDT) Received: from egssmtp02.att.com (egssmtp02.att.com [144.160.128.166]) by ietfa.amsl.com (Postfix) with ESMTP id C7A721A025C for ; Tue, 25 Mar 2014 16:06:53 -0700 (PDT) Received: from dns.maillennium.att.com (maillennium.att.com [135.25.114.99]) by egssmtp02.att.com ( EGS R6 8.14.5/8.14.5) with ESMTP id s2PN6q5V028719 for ; Tue, 25 Mar 2014 16:06:52 -0700 Received: from vpn-135-70-100-101.vpn.swst.att.com ([135.70.100.101]) by maillennium.att.com (mailgw1) with ESMTP id <20140325230651gw100j0cc1e>; Tue, 25 Mar 2014 23:06:51 +0000 X-Originating-IP: [135.70.100.101] Message-ID: <53320C0A.9090504@att.com> Date: Tue, 25 Mar 2014 19:06:50 -0400 From: Tony Hansen User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Peter Lawler References: <5331F671.3020802@bleeter.id.au> In-Reply-To: <5331F671.3020802@bleeter.id.au> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/kp_71gucRwMQMrHLTAKJYSCuywU Cc: perpass@ietf.org Subject: Re: [perpass] Fwd: New Non-WG Mailing List: Tcpcrypt -- Discussion list for adding encryption to TCP X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Mar 2014 23:06:55 -0000 send a mail message to tcpcrypt-request@ietf.org and pub "subscribe" in the subject line. On 3/25/14, 5:34 PM, Peter Lawler wrote: > On 26/03/14 01:29, Andrea Bittau wrote: >> FYI: >> >> A new IETF non-working group email list has been created. >> >> List address: tcpcrypt@ietf.org > > Thanks Andrea. > > Now if I could only get IETF's mailman subscribe page to stop > 504'ing... :-) From nobody Wed Mar 26 23:02:52 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A86E1A0463 for ; Wed, 26 Mar 2014 23:02:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.844 X-Spam-Level: X-Spam-Status: No, score=0.844 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, FU_ENDS_2_WRDS=0.255, J_CHICKENPOX_72=0.6, T_RP_MATCHES_RCVD=-0.01] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vO3MsayLvxcF for ; Wed, 26 Mar 2014 23:02:48 -0700 (PDT) Received: from mail.cis-india.org (mail.cis-india.org [202.190.125.68]) by ietfa.amsl.com (Postfix) with ESMTP id 2E6F71A0462 for ; Wed, 26 Mar 2014 23:02:48 -0700 (PDT) Received: from [172.16.24.21] (unknown [203.116.152.18]) by mail.cis-india.org (Postfix) with ESMTPSA id 7AF90A7C7FB; Thu, 27 Mar 2014 06:01:15 +0000 (UTC) Message-ID: <5333BF03.8050304@cis-india.org> Date: Thu, 27 Mar 2014 14:02:43 +0800 From: Pranesh Prakash Organization: Centre for Internet and Society User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 To: Joseph Lorenzo Hall , perpass@ietf.org References: <532BCC66.8070106@cis-india.org> <88D5C8D3-2863-412F-9B8D-7A72E1356F70@isoc.org> <4EBDCBE9-F8F1-415A-B8D5-DBA881B7ED17@fugue.com> <532CC697.6090509@cs.tcd.ie> <5331B8DB.5090905@cdt.org> In-Reply-To: <5331B8DB.5090905@cdt.org> X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="1xfRL4jHnHrSdqR3Db0pWgrvt3lMrgOpR" Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/EcDA3Pajq1xFSIDeJI8wwb_04rg Subject: Re: [perpass] Gmail is now HTTPS-only X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Mar 2014 06:02:49 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --1xfRL4jHnHrSdqR3Db0pWgrvt3lMrgOpR Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable Joseph Lorenzo Hall [2014-03-25 13:11:55 -0400 ]: > There is a thoughtful critique of keybase.io here: > > http://blog.lrdesign.com/2014/03/thoughts-on-keybase-io/ > > I have 2 invites left if you'd like to try it out (preference will go > to those of you I know (in the biblical key-signing sense) or have met > in person). Me me! --=20 Pranesh Prakash Policy Director, Centre for Internet and Society T: +91 80 40926283 | W: http://cis-india.org ------------------- Access to Knowledge Fellow, Information Society Project, Yale Law School M: +1 520 314 7147 | W: http://yaleisp.org PGP ID: 0x1D5C5F07 | Twitter: https://twitter.com/pranesh_prakash --1xfRL4jHnHrSdqR3Db0pWgrvt3lMrgOpR Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJTM78DAAoJEFUPonS5l6Cp7ioP/RYA+Vu4kDbUV/ZzY9a7CjA/ LygAUT0OuInwzomhg6B4T8OhJ3bLu9mtes8wBK6T/oXEVtsndWqhGC1I2eSAZ7/Y bngKG7/aT58eA6zOgOL+ItNu3SAiBhxjNtl2pNmetI29BXrogRZ5sepZkpIaH2NY J6GWNj46W1HyYb2wMuU563SgLI6PM7pXo849GzZVU33Qf1T3YoY+S7ddrNcanVVg YecQCJmXdslZZDlIG2IU4FgLv9U3oEjwe/SWuXyfQQJ+VUEqbbXhccOmEx7jh90n iAD6+7pjk8Ap/DVgfhYMBBYe0UdTr3ghCeBjc23ChmJar4F+OrVfeG8GjnvfzqL5 ZV6o2z7vgPd5qsSj/hEqdTJW7T2WOM8DrEoVql7onEwik35JupJ/sLur4ktGo+ry Jz5NahXpufJQhCj44PK9qkhtd467Eek2eTXw2CBoH6xwgm6lOC1BBOYtMTSHkfDU AklDMNgRzQBEEjtAzWYGFd0tNVAoUJCM9Sil3+r6y5DGm5YCXWj9WaCnbdRM2FEd dVYEO8AUMHReM2TGavvRGiJindQELZzP8VQO0SpK6z2bNMhrxaPHs7vVlzGeCuQv OQken43H2rNWYzxQHQE7OTB0IUDCXWdDnq9G7kKez8FGXpTJ1my8qvy9n2QeUAE9 1Z64oYhAQnfjmSyjFYsF =2Lii -----END PGP SIGNATURE----- --1xfRL4jHnHrSdqR3Db0pWgrvt3lMrgOpR-- From nobody Sun Mar 30 10:35:26 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B29D1A08A8 for ; Sun, 30 Mar 2014 10:35:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.801 X-Spam-Level: X-Spam-Status: No, score=0.801 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_DBL_REDIR=0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t0EgLX-gDsyi for ; Sun, 30 Mar 2014 10:35:20 -0700 (PDT) Received: from xsmtp11.mail2web.com (xsmtp31.mail2web.com [168.144.250.234]) by ietfa.amsl.com (Postfix) with ESMTP id C5ECF1A06D9 for ; Sun, 30 Mar 2014 10:35:20 -0700 (PDT) Received: from [10.5.2.52] (helo=xmail12.myhosting.com) by xsmtp11.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from ) id 1WUJdc-0001LN-M0 for perpass@ietf.org; Sun, 30 Mar 2014 13:35:17 -0400 Received: (qmail 10789 invoked from network); 30 Mar 2014 17:35:15 -0000 Received: from unknown (HELO HUITEMA5) (Authenticated-user:_huitema@huitema.net@[24.16.156.113]) (envelope-sender ) by xmail12.myhosting.com (qmail-ldap-1.03) with ESMTPA for ; 30 Mar 2014 17:35:15 -0000 From: "Christian Huitema" To: "'perpass'" References: <20140330164500.GA26721@vortex.com> In-Reply-To: Date: Sun, 30 Mar 2014 10:35:14 -0700 Message-ID: <031101cf4c3e$69901f90$3cb05eb0$@huitema.net> MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 15.0 Thread-Index: AQHPTDfgob5nVIMHOEyQHLY0VREXUJr545rw Content-Language: en-us Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/Wonr7BIn7A9dKKI9nkFDE-5Pawg Subject: [perpass] FW: [IP] Details of how Turkey is intercepting Google Public DNS X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Mar 2014 17:35:24 -0000 Could be of interest for this list. An example of Internet infrastructure vulnerability exploited by various operators. Mount an intercept attack on the DNS protocol, and then use it for censorship or man-in-the-middle insertion. From: Lauren Weinstein Subject: [ NNSquad ] Details of how Turkey is intercepting Google Public DNS Date: March 30, 2014 at 12:45:00 PM EDT To: nnsquad@nnsquad.org Details of how Turkey is intercepting Google Public DNS http://j.mp/1lwpwcV (Bortzmeyer) "If you try another well-known DNS resolver, such as OpenDNS, you'll get the same problem: a liar responds instead. So, someone replies, masquerading as the real Google Public DNS resolver. Is it done by a network equipment on the path, as it is common in China where you get DNS responses even from IP addresses where no name server runs? It seems instead it was a trick with routing: the IAP announced a route to the IP addresses of Google, redirecting the users to an IAP's own impersonation of Google Public DNS, a lying DNS resolver. Many IAP already hijack Google Public DNS in such a way, typically for business reasons (gathering data about the users, spying on them). You can see the routing hijack on erdems' Twitter feed, using Turkish Telecom looking glass: the routes are no normal BGP routes, with a list of AS numbers, they are injected locally, via the IGP (so, you won't see it in remote BGP looking glasses, unless someone in Turkey does the same mistake that Pakistan Telecom did with YouTube in 2008). Test yourself: ... Of course, DNSSEC would solve the problem, if and only if validation were done on the user's local machine, something that most users don't do today." - - - --Lauren-- Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/15702618-7fa41320 Modify Your Subscription: https://www.listbox.com/member/?member_id=15702618&id_secret=15702618-916751 3e Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=15702618&id_secret=15702618-f a5046b0&post_id=20140330124740:FFC04226-B82A-11E3-A1BE-FCEEE903E9CB Powered by Listbox: http://www.listbox.com From nobody Mon Mar 31 09:58:15 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFFD81A08A3 for ; Mon, 31 Mar 2014 09:58:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bfPQECuCACmL for ; Mon, 31 Mar 2014 09:58:12 -0700 (PDT) Received: from mail.bortzmeyer.org (aetius.bortzmeyer.org [217.70.190.232]) by ietfa.amsl.com (Postfix) with ESMTP id CF8EA1A089A for ; Mon, 31 Mar 2014 09:58:11 -0700 (PDT) Received: by mail.bortzmeyer.org (Postfix, from userid 10) id C7F373B819; Mon, 31 Mar 2014 18:58:06 +0200 (CEST) Received: by mail.sources.org (Postfix, from userid 1000) id B4DC1190634; Mon, 31 Mar 2014 18:57:35 +0200 (CEST) Date: Mon, 31 Mar 2014 18:57:35 +0200 From: Stephane Bortzmeyer To: perpass@ietf.org Message-ID: <20140331165735.GA22593@sources.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Transport: UUCP rules X-Operating-System: Debian GNU/Linux 7.3 User-Agent: Mutt/1.5.21 (2010-09-15) Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/bTwe8L8ymJT5xWsl4DoFB1wWHWc Subject: [perpass] NSA infiltrated RSA security more deeply than thought - study X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Mar 2014 16:58:14 -0000 IETF (and one important contributor) is mentioned here and I worry about this story. http://www.reuters.com/article/2014/03/31/us-usa-security-nsa-rsa-idUSBREA2U0TY20140331 From nobody Mon Mar 31 10:30:39 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A34401A07C3 for ; Mon, 31 Mar 2014 10:30:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.61 X-Spam-Level: X-Spam-Status: No, score=-2.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BEaBrpqy1B_i for ; Mon, 31 Mar 2014 10:30:35 -0700 (PDT) Received: from mx04.mykolab.com (mx01.mykolab.com [95.128.36.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B7F01A089D for ; Mon, 31 Mar 2014 10:30:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at kolabsys.net Sender: fergdawgster@mykolab.com Message-ID: <5339A631.2060200@mykolab.com> Date: Mon, 31 Mar 2014 10:30:25 -0700 From: Paul Ferguson Organization: Clowns R. Mofos To: Stephane Bortzmeyer References: <20140331165735.GA22593@sources.org> In-Reply-To: <20140331165735.GA22593@sources.org> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/YF2mmV9yb77ssMMEfWErR_vXc8s Cc: perpass@ietf.org Subject: Re: [perpass] NSA infiltrated RSA security more deeply than thought - study X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Mar 2014 17:30:37 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 3/31/2014 9:57 AM, Stephane Bortzmeyer wrote: > IETF (and one important contributor) is mentioned here and I worry > about this story. > > http://www.reuters.com/article/2014/03/31/us-usa-security-nsa-rsa-idUSBREA2U0TY20140331 > > Specifically: http://dualec.org/ FYI, - - ferg - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlM5pjEACgkQKJasdVTchbJs6gD7B5s4/U8dTWGM4dCD4rlP3Ihc CsvzZzH0Y8BHs7rNgcYA/0TlaMUxaOj5qSYjQ2Ziz3VrUxI3xEukSB/uUWpqclbf =zNij -----END PGP SIGNATURE----- From nobody Mon Mar 31 10:40:10 2014 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6ECCB1A089D for ; Mon, 31 Mar 2014 10:40:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.91 X-Spam-Level: X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tR7twZInuZBb for ; Mon, 31 Mar 2014 10:40:05 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 75C421A089A for ; Mon, 31 Mar 2014 10:40:05 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id EA27DBE49; Mon, 31 Mar 2014 18:40:01 +0100 (IST) Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G9VH04fXUSVj; Mon, 31 Mar 2014 18:40:01 +0100 (IST) Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id AF8E2BE3E; Mon, 31 Mar 2014 18:40:01 +0100 (IST) Message-ID: <5339A871.3060207@cs.tcd.ie> Date: Mon, 31 Mar 2014 18:40:01 +0100 From: Stephen Farrell User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 To: Paul Ferguson , Stephane Bortzmeyer References: <20140331165735.GA22593@sources.org> <5339A631.2060200@mykolab.com> In-Reply-To: <5339A631.2060200@mykolab.com> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/-g6CGfAzjb4ax1gM563RLJfZwZQ Cc: perpass@ietf.org Subject: Re: [perpass] NSA infiltrated RSA security more deeply than thought - study X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Mar 2014 17:40:07 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There's a thread on the TLS WG list on this. Probably better there than here as the paper is very much specific to TLS. S. On 03/31/2014 06:30 PM, Paul Ferguson wrote: > On 3/31/2014 9:57 AM, Stephane Bortzmeyer wrote: > >> IETF (and one important contributor) is mentioned here and I >> worry about this story. > >> http://www.reuters.com/article/2014/03/31/us-usa-security-nsa-rsa-idUSBREA2U0TY20140331 > >> > > Specifically: http://dualec.org/ > > FYI, > > - ferg > > > > _______________________________________________ perpass mailing > list perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQEcBAEBAgAGBQJTOahtAAoJEC88hzaAX42iptsH/2aPPbJvIYHlOcBKQfv++Bs/ 07/HkBX/VugBTI7Q55uscvS7PLdgkQOID/h3rXBHzh/mQdW2ChI4Q+18QLmJocCO eCTqe1po40huEeqR1jpuzSOB6NWS+dVyPh5djgk+miREE8bORa7FoiIGjs70QApv BpkBZ5zBQm6g1N7aHe/VLw0Ax68p9knXFKrIg6YqhZpbLWYEMIBPTOQnufIx5vk4 /sm/Noc3tOFReOpUCAaPrMZQG3T0VaIEwSp2UknY9ZPVHDGL3f6j7501LPAiCH74 Vb/PsMXUQZ2GhquXguNeG2SwD6YOcY/VEGJGicAWZsZ8ofz5CIcKGUTJGhXVPC0= =gzAg -----END PGP SIGNATURE-----