Difference between revisions of "P2pbgpsec"
(→After PRISM) |
|||
Line 86: | Line 86: | ||
"there's a circumstantial case that the NSA and GCHQ are either directly accessing Certificate Authority keys** or else actively stealing keys from US providers, possibly (or probably) without executives' knowledge. This only requires a small number of people with physical or electronic access to servers, so it's quite feasible.*** The one reason I would have ruled it out a few days ago is because it seems so obviously immoral if not illegal, and moreover a huge threat to the checks and balances that the NSA allegedly has to satisfy in order to access specific users' data via programs such as PRISM." | "there's a circumstantial case that the NSA and GCHQ are either directly accessing Certificate Authority keys** or else actively stealing keys from US providers, possibly (or probably) without executives' knowledge. This only requires a small number of people with physical or electronic access to servers, so it's quite feasible.*** The one reason I would have ruled it out a few days ago is because it seems so obviously immoral if not illegal, and moreover a huge threat to the checks and balances that the NSA allegedly has to satisfy in order to access specific users' data via programs such as PRISM." | ||
+ | |||
+ | * https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html | ||
+ | |||
+ | (NSA breaking crypto, SSL, etc, by Schneider ) |
Revision as of 16:59, 18 September 2013
Projects | |
---|---|
Participants | |
Skills | |
Status | Dormant |
Niche | Software |
Purpose | Infrastructure |
Peer 2 Peer BGP Security
wiki page for participants of p2p-sec mailing list: https://lists.puscii.nl/wws/arc/p2p-sec
Objectives
- to contribute to creation and implementation of the distributed/decentralized (web-of-trust) BGP security.
- to create connections between people who share simmilar concerns about the upcoming introduction of hierarchical BGP-security structures, based on PKI/X.509 technology
- to provide space for disscussion & exchange of opinions, news, materials
- to co-ordinate the efforts among various groups that work on the above topics
Problem statements
- Internet Governance view:
- excellent summary by Milton Mueller, Brenden Kuerbis. (2010,09).
"Building a new governance hierarchy: RPKI and the future of Internet routing
- excellent summary by Milton Mueller, Brenden Kuerbis. (2010,09).
and addressing. Retrieved from Internet Governance Project: http://internetgovernance.org/pdf/RPKI-VilniusIGPfinal.pdf
- "Negotiating a New Governance Hierarchy: An Analysis of the
Conflicting Incentives to Secure Internet Routing"
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2021835
- Techical view:
- How broken is SSL: a talk by Moxie Marlinspike: "SSL And The Future Of Authenticity" at Defcon 2011:
http://www.youtube.com/watch?v=Z7Wl2FW2TcA
- Basic threat scenario: Man in the Middle attack / prefix hijacking,
presented at Defcon, 2008, by Pilosov/Kapela: http://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-pilosov-kapela.pdf
- Enisa report on the routing security: :
- Jeroen Massar's presentaton on Routing Security
Possble alternative technical approaches
- "trust agility", a talk by Moxie Marlinspike: "SSL And The Future Of Authenticity" at Defcon 2011:
http://www.youtube.com/watch?v=Z7Wl2FW2TcA
- http://convergence.io/
- Soveregn Keys, Peter Eckersley from EFF mp4 HQmp4 LQ
https://www.eff.org/deeplinks/2011/11/sovereign-keys-proposal-make-https-and-email-more-secure
Current solution: RPKI & sBGP
- Software: http://www.rpki.net/
- IETF wg: SIDR (secure InterDomain Routing)
Public discussion in European region: (articles, mailing lists, links)
http://www.ripe.net/lir-services/resource-management/certification/community-development
In the news:
- Malcolm Hutty, from London Internet Exchange:
https://publicaffairs.linx.net/news/?p=6118
- RIPE Members Vote To Continue RPKI Work, Nov 03, 2011 11:44 AM PDT
By Michele Neylon http://www.circleid.com/post/20111103_ripe_members_vote_to_continue_rpki_wo rk/
Meshnets media
See also: Privacy_Software_Workshop_Series#Mesh_networks
& http://wiki.techinc.nl/index.php/Privacy_Software_Workshop_Series#Mesh_networks
- Becha's article with many links:
http://becha.home.xs4all.nl/hackers-philosophers-utopian-network-dec-2012-becha.pdf
After PRISM
"there's a circumstantial case that the NSA and GCHQ are either directly accessing Certificate Authority keys** or else actively stealing keys from US providers, possibly (or probably) without executives' knowledge. This only requires a small number of people with physical or electronic access to servers, so it's quite feasible.*** The one reason I would have ruled it out a few days ago is because it seems so obviously immoral if not illegal, and moreover a huge threat to the checks and balances that the NSA allegedly has to satisfy in order to access specific users' data via programs such as PRISM."
(NSA breaking crypto, SSL, etc, by Schneider )