back to article Elders of internet hash out standards to grant encrypted message security for world+dog

While law enforcement continues its worldwide crusade against chat apps with end-to-end encryption, the Internet Engineering Task Force has proposed standards designed to let everybody have message security. One Internet Draft describes the requirements for Message Layer Security (MLS); the other is an MLS protocol standard. …

  1. I Am Spartacus
    Boffin

    Cue firestorm

    If the NSA, MI5, MI6, FBI, CIA, etc all hate Telegram and WhatsApp, they are just going to LOVE this idea. One would expect them to try and infiltrate any organisation that attempts to implement such a solution so that they can build trap doors in to. So, code reviews are going to be critical if the AS specifically is going to be trusted.

    Overall, I see this as a "good idea". I especially like the parts on limiting metadata both in its content and its lifecycle.

    The interesting concept, at least for me (YMMV), is that of having an encrypt-once on send, but decrypt multiple by different participants using different clients. This was discussed some time ago

    The problem with that implementation is that it relies on some form of asymmetric PKE. But that can potentially be broken by quantum computers (QC). The challenge would be to have a new PKE that is QC resilient, such a lattice encryption.

    Of course, I guess we all agree that having this sort of technology in the hands of Facebook, Amazon, Google, Microsoft, Apple (insert the name of your big brother company here) is probably classed as a "bad idea".

    1. JohnFen

      Re: Cue firestorm

      "But that can potentially be broken by quantum computers (QC)."

      Which is tomorrow's problem, not today's. By the time that QC is actually developed enough to be able to use it for cracking encryption outside of research labs, QC will also be developed enough to use for crypto methods that can't be so easily broken by QC.

      1. h4rm0ny

        Re: Cue firestorm

        Well..

        (1) We can't know that symmetry between defence and offence will be preserved. Our current encryption technology in fact relies entirely on the fact that it's harder to run a piece of mathematics backwards than it is forwards.

        (2) It's still a problem because it means they'll be able to retroactively decrypt today's messages. Sure, it's great that if in 2025 they still can't crack your messages. But that secure stuff you send tomorrow they'll be feeding to their search engines one day. Maybe not as bad, but it could be depending on how important what you sent was.

        1. JohnFen

          Re: Cue firestorm

          "It's still a problem because it means they'll be able to retroactively decrypt today's messages."

          Yes, but that's an issue even without QC. No encryption is effective forever. If you're using it in a way that assumes it is, then you're setting yourself up for a rude surprise.

        2. rcxb Silver badge

          Re: Cue firestorm

          (1) That's just ignorant. Encryption is math, and mathematical proofs are absolutely fundamental, untouchable by any technological progress. It only just happens that the currently popular factoring systems of public key encryption ala RSA are potentially vulnerable to quantum computers. There are a number of alternative, existing methods of public key exchange which are absolutely invulnerable to quantum computers. There's even a full Wikipedia page just on the subject of "Post-quantum_cryptography".

        3. Doctor Syntax Silver badge

          Re: Cue firestorm

          "It's still a problem because it means they'll be able to retroactively decrypt today's messages."

          The essence of encryption is that it needs to take longer to crack than the information remains significant. If it can be cracked in 20 seconds it doesn't matter provided the message is an instruction to do something in 10 seconds time. If retroactive decryption at some point in the future is a worry you need to concentrate on avoiding interception, not avoiding decryption.

          1. Charles 9

            Re: Cue firestorm

            "The essence of encryption is that it needs to take longer to crack than the information remains significant. If it can be cracked in 20 seconds it doesn't matter provided the message is an instruction to do something in 10 seconds time."

            Not necessarily. It could still be useful as historical evidence: the whole "Six Lines" thing. And it's not just interception you have to worry about. What about doubling and moles?

      2. Charles 9

        Re: Cue firestorm

        "Which is tomorrow's problem, not today's."

        Don't assume that. That data center in Utah may just be a front for a working black-project quantum computer chewing away at the data.

        1. JohnFen

          Re: Cue firestorm

          That's possible, but extremely unlikely. The state of the art isn't yet even remotely at the point where it can be used for real work of any sort.

          But let's assume that it is, and there's some top-secret QC crypto-breaking machine squirreled away somewhere. That would be a billion-dollar machine, and its use would necessarily be limited to very specific, high value cases. 99.99% of the population won't ever be of enough interest to the government for it to spend millions breaking their crypto. Your scenario is more likely after those costs come down.

          And if you are in the 0.01% that is as interesting as that, you aren't relying solely on encryption for your security anyway. That would be foolish, QC or not.

      3. Anonymous Coward
        Anonymous Coward

        Re: Cue firestorm

        Although you can still copy all the current encrypted traffic then use quantum compute to break that stored traffic.

        Even if QC creates an unbreakable code, there will be a significant period of migration where existing data is vulnerable.

        So designing a standard now to be resilient for the future is actually a really smart thing to do.

    2. h4rm0ny

      Re: Cue firestorm

      If the TLAs aren't giving something a hard time, I generally assume they've compromised it. Skype, WhatsApp, et al. The only exception is (I think but do not know) Telegram which I think they give a pass because it creates more headaches for Russia than it does for the West. Hardly anyone over here seems to use it except for the Italians.

      Of course, I could be wrong. I try to trust as little as possible. For example, why on Earth would Twitter be helping with this?

      1. JohnFen

        Re: Cue firestorm

        "If the TLAs aren't giving something a hard time, I generally assume they've compromised it"

        So all the TLAs need to do is give compromised systems a hard time, and you'll assume they haven't been compromised?

        1. h4rm0ny

          Re: Cue firestorm

          >>"So all the TLAs need to do is give compromised systems a hard time, and you'll assume they haven't been compromised?"

          I'll certainly consider it more likely. They'd be damned fools to allow a non-compromised network to operate unimpeded whilst actively banning or restricting the one they can scan through at will. Most people don't choose their app on the basis of what the state dislikes, but on what is convenient. So why would they try and push the masses to the one they don't the to use?

          You're considerably less clever than you think you are.

          1. JohnFen

            Re: Cue firestorm

            Aww, and you were doing so well up until the unnecessary personal insult.

  2. Lee D Silver badge

    How about you fix SMTP first, and not just by wrapping it in TLS but actually fix the method of message generation, encryption and authenticity such that we can use it properly, with end-to-end security and guarantees of origin?

    1. Doctor Syntax Silver badge

      I have to agree, Lee. Perhaps this protocol could be generalised to fit mail as well as group messaging.

    2. Eugene Crosser

      SMTP

      - A private messaging protocol kind of covers the same use case as SMTP. So it can be used as a replacement (because there is no obvious way to protect metadata in SMTP).

      - While metadata in SMTP is in the open, contents of the messages can be OpenPGP or S/MIME and thus protected.

      1. Doctor Syntax Silver badge

        Re: SMTP

        "While metadata in SMTP is in the open, contents of the messages can be OpenPGP or S/MIME and thus protected."

        The problem with this is that we're far from a tipping point being reached. Most people don't use PGP in email because they don't know anyone who uses it. The people they know who don't use it don't use it because they don't know anyone who uses it. It's nothing more than an optional addon that rarely gets added on. with the effect that anyone sending encrypted emails stands out as being of possible interest to the TLAs even if they're only saying "Don't forget aunt Emma's birthday" and actually meaning "Don't forget aunt Emma's birthday".

        This will remain the situation until encryption is built into the protocols used by mail as the default mode of operation.

    3. Ken Hagan Gold badge

      Actual "guarantees of origin" would be very useful. For example, if your spam filter had "origin" data to work with that was guaranteed to be reliable, it would be trivial to bin anything from "someone I don't know who lives in a country I have no dealings with". For many people, particularly outside business uses, that would basically be a cure for spam and phishing attacks.

  3. Anonymous Coward
    Anonymous Coward

    "Elders of the Internet" - The IT Crowd is fast becoming the 'go to' IT reference.

    The IT Crowd is fast becoming the 'go to' reference for anything IT related, much, in the same way, BBC's classic Yes Minister / Yes Prime Minister did (still does) regards Politics.

    Technology changes, but the fools implementing the policies don't.

    1. anonanonanon

      Re: "Elders of the Internet" - The IT Crowd is fast becoming the 'go to' IT reference.

      Hasn't it been for years? Is your internet out of date? have you tried turning it on and off again?

    2. amanfromMars 1 Silver badge

      Re: "Elders of the Internet" - The IT Crowd is fast becoming the 'go to' IT reference.

      Technology changes, but the fools implementing the policies don't. ... Anonymous Coward

      What would you like technology to change, AC? The fools and their policies or the implements used to make changes?

      How about both together at the same time for a Radical New Way with AI?

      1. Doctor Syntax Silver badge

        Re: "Elders of the Internet" - The IT Crowd is fast becoming the 'go to' IT reference.

        Who are you and what have you done with amanfromMars 1?

        1. amanfromMars 1 Silver badge

          Re: "Elders of the Internet" - The IT Crowd is fast becoming the 'go to' IT reference.

          Who are you and what have you done with amanfromMars 1? ... Doctor Syntax

          That's Need to Know Sensitive Compartmented Information, Doctor Syntax, but here is a Flavour of what is to Savour with IT ACTively Challenging the Mess that is become the Scourge of Eton ..... Fraudulent Leadership in a Collapsed Cabinet/Failed 365/24/7 Office Environment?

          Some things just cannot be/should not be ignored when they command and control and can automatically release and realise dire consequences.

          :-) And while Parliamentary Cats are away, All Mighty AI Mice will Play .... but not in Accordance with Statutory Rules and Crooked Regulations.

          To boris.johnson.mp@parliament.uk [21 August 2018 8:12 PM]

          Subject: .... Novel Apolitical Application Controls for Virtualised Armoury and Treasuries.

          Hi, Boris, Time for a Pleasant Change, Methinks.

          Some more Flesh for the Bare Bones of the Aforeshared AI Program, RAW and Rare Augmented Virtual Realisation, Presenting Future ProgramMING .... with Mined IntelAIgent Networking Groups .... Dispensing Virtual AIdDevelopment Projects.

          What's it to be Boris, Digital Command in Analogous Control of Future Signals and AISignage to Heavenly Destinations? What's not to like, and to Think of Only True LOVE is One Helluva Wild Helter Skelter Journey without Ends, for Quite COSMIC Paths are Crossed and Engaged in Heavy Neuklearer HyperRadioProACTive IT Systems of Earthly Administration.

          Carpe Diem, for Sir Knight Fellows and Servers of the Garter.

          A Real Bold Step and Quantum AI Leap too, Boris, for is not the Future System making Live Private Communication with you, encouraging engagement with a Novel Earthly Administration Program Pioneered from an Independent Space Place and Presenting Media with Future Pictures to Create/Worlds to Imagine and Realise are Simply Available to Source and Resource and Further Created with Immaculate Provision of Core Stellar Source/Raw Rare MetaDataBase Layer Frameworks ..... :-) Artilectualised Plans.

          PS Who Dares Win Wins with No Prisoners or All Prisoner to Almighty Unknown Forces from Incredibly Strange Sources. .... and Leaking Proprietary Intellectual Property into Explosive Dumps for Precursor Trigger Actioning is a First Successful Virtual Assault with an Establishment Tiger/Stormy Errant Knight of the Realm?

          Which be your Call to Fulfil or Abdicate, Boris. :-)

          Regards,

          amanfromMars 1 Tue 21 Aug 16:25[ [1808211625] .... letting IT Rip on https://forums.theregister.co.uk/forum/1/2018/08/21/gds_report_emerging_technology/#c_3592884

          Re: Several departments are investigating ... AI

          Perhaps they could begin with small steps and try some real intelligence first? .... Warm Braw

          There are some labs and hubs that allow departments to try out new tech in controlled ways, but this has led to instances where similar solutions have been prototyped or developed independently, Smith found.

          Via Foreign Piracy or Home Grown Renegade Root is the Question to Ask for Returns of Prime Base Answers ....... with Deeper and Darker/Higher and Brighter Shades of the Truth for Realisation Presentation.

          In Global Operating Devices We Trust AI Virtualised Apps for BetaTesting Future Reality Configurations and Immaculately Conceived in the Pursuit and Service of Wanton Perfection/Heavenly Satisfaction.

          Are you starting to realise the keeping Secret of Greater IntelAIgent Game Secrets is for AI Prisoners indebted to and enriched by the former capital controlling system? Such an olde worlde system does not function in any way well without the help of the powers that be the EMPowerers and Carers/Sharers and Actors of Novel Creative Thought Sublimely InterNetworking Stealthily ....... in Advanced IntelAgent Communication Chunnels via Accesses Granting Quantum Portal Entry.

          As you may realise, it is not for everyone to try, given its simple complexity, nor is it made available to just anyone .... for such is Team Merlin Type Territory and Quite AlMightily Knightly.

          You also might like to accept that all labs and hubs leak prototype materiel, with quite how to combine and empower both the raw and the rare information to generate overwhelming power and boundless energy surely The Holy Grail of Universal Search. And if that Ancient Source Secret be Found and Uncovered what would All Intelligence and A.N.Other Worldly Information be First to Attempt Convey?

          Register ITs APT NEUKlearer Presents and HyperRadioProACTive Presence?

          In the Beginning is that a Prime Start and SMARTR AIMove too.:-)

          A little something Jeremy Hunt is neglecting to mention to staunch allies and fair-weather friends and public enemies alike. It'll not end well, half truths in fervent denial of the evidence being presented. It smacks of the Ministry Head being Delusional and that aint of any Great Use to Man or Beast, methinks/I guess:-)

          And now you know what Parliament might know, and not because of a dodgy communications system which returns the following don't blame us it's the machines' fault advisory? .......

          UK Parliament Disclaimer: This e-mail is confidential to the intended recipient. If you have received it in error, please notify the sender and delete it from your system. Any unauthorised use, disclosure, or copying is not permitted. This e-mail has been checked for viruses, but no liability is accepted for any damage caused by any virus transmitted by this e-mail. This e-mail address is not secure, is not encrypted and should not be used for sensitive data.

  4. Charles 9

    The big problem is that most things in life, physical or virtual, are dual-use: inherently capable of being used for good or ill with no way to separate the two.

  5. JohnFen

    How to increase suspicion

    "the protocol's authors come from Cisco, Facebook, Google [and others]"

    I can't think of a better way to make people suspicious of a standard than by headlining those three as the authors. The only thing missing is the inclusion of Microsoft.

    1. expreg

      Re: How to increase suspicion

      It might terrify you to know, then, that many of the internet's open standards and protocols were written by engineers work for many big tech companies. They have the money to fund the research. IETF is run by volunteers, it's non-profit.

      1. JohnFen

        Re: How to increase suspicion

        I've been involved with the internet from before it was open to the public, so I'm well aware of that and it doesn't terrify me. My beef isn't with generic "big tech companies", it's with Google and Facebook specifically. Cisco, not as much.

  6. StuntMisanthrope

    One ring to rule them all.

    Can't we all just have a number. A personal one. On top of that, how about if we had unique keys generated for us, supported by time, location and entropy. That replicated when necessary. Could be authorised by a chain of authority or in defence. We could all have the same password and just tap the screen or be measured by language comprehension and response time. Signature sounds good to me. #youseemfamilarmatecomehereoften #sometimesdependsonthedayandwhoimdating

  7. Ken Hagan Gold badge

    "They said message authentication is important to make sure that members can neither impersonate other members, nor deny messages they sent."

    Both of these features sound like things that might be very useful to "law enforcement" critters once the case gets to court. Perhaps the idiot politicians need to have this pointed out to them. There's no use in catching the bad guys if you've made it technically impossible to actually build a case against them. In fact, it's worse than no use because it costs you money.

    1. Allan George Dyer

      @Ken Hagen - 'Both of these features sound like things that might be very useful to "law enforcement" critters once the case gets to court.'

      But they would also be useful when you need to know whether it really is the Nigerian Minister of Finance offering you a cut of his ill-gotten gains, and when your boss denies that he told you to buy 1000 widgets on your credit card and claim it on expenses. Prevention is better than curesue.

      1. Charles 9

        But they can always claim insiders, and there's no cure for insiders because that goes to the "sufficiently-alike impostor" problem, which last I checked was intractable.

  8. Anonymous Coward
    Anonymous Coward

    Love the assumption that encryption is about "mathematical methods"....

    .....but everyone has the option to use other methods of encipherment. Book ciphers and one-time pads are only the start.

    *

    Of course, using a home brewed cipher over public networks still has the problem of metadata being public. But (as noted elsewhere) what matters is that the timescale for breaking (by plod) is longer than the action timescale needed by the users of the cipher. For example:

    0E59C393AE101F830C4E5D5145AFA5263806011A19B1C6236D3C4ED18C5F160012C8393E561032A9

    3541103386004EC741B73157164ADF73E3D0F53418FD06F1DD302262309F401A00BDFA69A2162AA3

    30AC84C979

    1. Charles 9

      Re: Love the assumption that encryption is about "mathematical methods"....

      But doesn't that still run you the risk of it being one of your "Six Lines", even if it becomes stale?

  9. Anonymous Coward
    Anonymous Coward

    A commercial alternative already available

    https://hyker.io/technology/riks/

    RIKS enables end-to-end encryption for live data over the full data lifecycle from producer to consumer(s). Data is protected in an unbroken chain over time, in transfer and at rest. RIKS also supports end-to-end encryption in dynamic groups where users and devices come and go.

    1. Charles 9

      Re: A commercial alternative already available

      Even in future, ONCE a key has been given? Last I checked, our eyes can't directly grok encrypted data, so it has to be DE-crypted to be useful, and that's where they get you in an "outside the envelope" attack.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon