Re: Is traffic analysis really a target (was Re: [saag] Is opportunistic unauthenticated encryption a waste of time?)
Eric Burger <eburger <at> standardstrack.com>
2014-08-24 16:32:15 GMT
I am concerned with the drive to make all traffic totally opaque. I’ll be brief: we have an existence proof
of the mess that happens when we make all traffic look benign. It is called “everything over port 80.”
That ‘practical’ approach drove the development of deep packet inspection, because everything
running over port 80 was no longer HTTP traffic. It meant we could no longer prioritize traffic (in a good
sense - *I* want to make sure my VoIP gets ahead of my Web surfing ahead of my FTP). It meant we could no longer
apply enterprise policy on different applications. It drove ‘investment’ in the tools that today
dominate pervasive monitoring.
Good job folks for unintended consequences.
On Aug 23, 2014, at 5:33 PM, Stephen Farrell <stephen.farrell <at> cs.tcd.ie> wrote:
> On 23/08/14 22:05, Bernard Aboba wrote:
>> Stephen Farrell:
>>> However, say we're wrong and someone who thinks OS is a waste of
>>> time is actually correct, what would such a person recommend that
>>> we do as well as, or instead of, OS?
>> [BA] It depends on who we are trying to protect, and from what (or
>> If the target is protection of dissidents from oppressive
>> regimes, then you need something much more comprehensive than
>> 'unauthenticated opportunistic encryption" (e.g. along the lines of