SlideShare a Scribd company logo

Crypto Hardening Sysadmins - IETF Reaction

Aaron Zauner
Aaron Zauner

The document discusses the reaction from the Internet Engineering Community to the Snowden leaks. It describes how the IETF began working on drafts and new working groups to prevent pervasive monitoring after 2013. This includes the TLS, UTA, TCPINC, and DPRIVE working groups which are standardizing improvements to TLS, application usage of TLS, TCP encryption, and DNS privacy. The CFRG is also working to standardize a set of cryptographic curves for use in IETF protocols by the end of 2014, including Curve25519, NUMS, and ed448goldilocks.

Technology
1 of 8
Download to read offline
Bettercrypto - Applied Crypto Hardening for Sysadmins Reaction from the Internet Engineering Community Aaron Zauner azet@azet.org BetterCrypto.org Hack.lu - 21/10/2014
post-Snowden I After the Snowden Leaks appeared in press the IETF began discussion on how ‘’pervaisive monitoring” can be prevented I In September 2013 the ‘’PERPASS” (pervaisive, passive monitoring) mailing list was started I People started working on drafts to circumvent ‘’pervaisive monitoring”: http://down.dsg.cs.tcd.ie/misc/perpass.txt Hack.lu - 21/10/2014 Bettercrypto - Applied Crypto Hardening for Sysadmins Aaron Zauner 1/6
I IETF 89 was accompanied by a meeting on the topic (STRINT) with invited speakers on privacy, security and cryptography: https://www.w3.org/2014/strint/ I ‘’strenghtening the internet against pervaisive monitoring” I a lot of good feedback and ideas I main takeaways: threat modeling, CFRG was tasked with TLS-WG guidance on choices of ciphers and which curves/parameters (ECC) to use http://tools.ietf.org/html/draft-iab-strint-report-00 Hack.lu - 21/10/2014 Bettercrypto - Applied Crypto Hardening for Sysadmins Aaron Zauner 2/6
New WGs and documents being worked on I UTA-WG (utilizing TLS in applications): working BCPs on how to properly use/implement TLS I TLS-WG (transport layer security): TLS 1.3, chacha20-poly1305, DJB curves (ECC), FALLBACK_SCSV extension,.. I TCPINC (TCP increased security): working on standardization of opportunistic encryption on the TCP layer (similar to tcpcrypt) I DPRIVE (DNS private exchange): working on DNS privacy features I IAB (internet architecture board): threat model, see: https://tools.ietf.org/html/draft-iab-privsec-confidentiality-threat I TRANS (Public Notary Transparency): fight malicious certificate authorities with certificate transparency, see: www.certificate-transparency.org .H..ack.lu - 21/10/2014 Bettercrypto - Applied Crypto Hardening for Sysadmins Aaron Zauner 3/6
Curves Curves Curves I CFRG (cryptography forum research group within IRTF) is working on a standardized set of curves and curve parameters for IETF WGs: expected by the end of 2014 I + Curve25519 (dan bernstein, et al.) I + NUMS (microsoft) I + ed448goldilocks (michael hamburg) In comparison to NIST curves: most new proposals are plugable into existing standards and can be reused within protocols and IETF documents. Good summary (by the Brainpool authors, so a bit biased): http://eprint.iacr.org/2014/832.pdf Hack.lu - 21/10/2014 Bettercrypto - Applied Crypto Hardening for Sysadmins Aaron Zauner 4/6
I Certificate Transparency is now being worked on as an IETF standard: https://datatracker.ietf.org/wg/trans/charter/ I discussion on mandatory encryption in HTTP2 (HTTPBIS-WG) Hack.lu - 21/10/2014 Bettercrypto - Applied Crypto Hardening for Sysadmins Aaron Zauner 5/6
..A lot more going on within IETF, but I can barely keep up with TLS-WG due to work currently.. Questions? Hack.lu - 21/10/2014 Bettercrypto - Applied Crypto Hardening for Sysadmins Aaron Zauner 6/6

Recommended

Wormhole Attack Network Research Projects Guidance
Wormhole Attack Network Research Projects GuidanceWormhole Attack Network Research Projects Guidance
Wormhole Attack Network Research Projects GuidanceNetwork Simulation Tools
 
40238- (1)
40238- (1)40238- (1)
40238- (1)Kenny Shugg
 
State of Transport Security in the E-Mail Ecosystem at Large
State of Transport Security in the E-Mail Ecosystem at LargeState of Transport Security in the E-Mail Ecosystem at Large
State of Transport Security in the E-Mail Ecosystem at LargeAaron Zauner
 
I Left My JWT in San JOSE
I Left My JWT in San JOSEI Left My JWT in San JOSE
I Left My JWT in San JOSEBrian Campbell
 
Javascript Object Signing & Encryption
Javascript Object Signing & EncryptionJavascript Object Signing & Encryption
Javascript Object Signing & EncryptionAaron Zauner
 
JOSE Can You See...
JOSE Can You See...JOSE Can You See...
JOSE Can You See...Brian Campbell
 
JSON Web Tokens
JSON Web TokensJSON Web Tokens
JSON Web TokensIvan Rosolen
 
Dealing with pervasive monitoring - Networkshop44
Dealing with pervasive monitoring - Networkshop44Dealing with pervasive monitoring - Networkshop44
Dealing with pervasive monitoring - Networkshop44Jisc
 

Recommended

Wormhole Attack Network Research Projects Guidance
Wormhole Attack Network Research Projects GuidanceWormhole Attack Network Research Projects Guidance
Wormhole Attack Network Research Projects GuidanceNetwork Simulation Tools
 
40238- (1)
40238- (1)40238- (1)
40238- (1)Kenny Shugg
 
State of Transport Security in the E-Mail Ecosystem at Large
State of Transport Security in the E-Mail Ecosystem at LargeState of Transport Security in the E-Mail Ecosystem at Large
State of Transport Security in the E-Mail Ecosystem at LargeAaron Zauner
 
I Left My JWT in San JOSE
I Left My JWT in San JOSEI Left My JWT in San JOSE
I Left My JWT in San JOSEBrian Campbell
 
Javascript Object Signing & Encryption
Javascript Object Signing & EncryptionJavascript Object Signing & Encryption
Javascript Object Signing & EncryptionAaron Zauner
 
JOSE Can You See...
JOSE Can You See...JOSE Can You See...
JOSE Can You See...Brian Campbell
 
JSON Web Tokens
JSON Web TokensJSON Web Tokens
JSON Web TokensIvan Rosolen
 
Dealing with pervasive monitoring - Networkshop44
Dealing with pervasive monitoring - Networkshop44Dealing with pervasive monitoring - Networkshop44
Dealing with pervasive monitoring - Networkshop44Jisc
 
powe point presentation on kali linux and ethical hacking
powe point presentation on kali linux and ethical hackingpowe point presentation on kali linux and ethical hacking
powe point presentation on kali linux and ethical hackingdhruvpawar010
 
The Death Of Computer Forensics: Digital Forensics After the Singularity
The Death Of Computer Forensics: Digital Forensics After the SingularityThe Death Of Computer Forensics: Digital Forensics After the Singularity
The Death Of Computer Forensics: Digital Forensics After the SingularityTech and Law Center
 
Selected Cloud Security Patterns For Improving End User Security and Privacy ...
Selected Cloud Security Patterns For Improving End User Security and Privacy ...Selected Cloud Security Patterns For Improving End User Security and Privacy ...
Selected Cloud Security Patterns For Improving End User Security and Privacy ...PRISMACLOUD Project
 
Dagrep v006-i009-complete 2
Dagrep v006-i009-complete 2Dagrep v006-i009-complete 2
Dagrep v006-i009-complete 2sandeep1721
 
Dagrep v006-i009-complete
Dagrep v006-i009-completeDagrep v006-i009-complete
Dagrep v006-i009-completesandeep1721
 
Improving Cloud Security Using Multi Level Encryption and Authentication
Improving Cloud Security Using Multi Level Encryption and AuthenticationImproving Cloud Security Using Multi Level Encryption and Authentication
Improving Cloud Security Using Multi Level Encryption and AuthenticationAM Publications,India
 
ION Santiago: Lock It Up: TLS for Network Operators
ION Santiago: Lock It Up: TLS for Network OperatorsION Santiago: Lock It Up: TLS for Network Operators
ION Santiago: Lock It Up: TLS for Network OperatorsDeploy360 Programme (Internet Society)
 
Security Testing ModernApps_v1.0
Security Testing ModernApps_v1.0Security Testing ModernApps_v1.0
Security Testing ModernApps_v1.0Neelu Tripathy
 
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionCloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionIJERA Editor
 
Chapter 7 security tools i
Chapter 7 security tools iChapter 7 security tools i
Chapter 7 security tools iSyaiful Ahdan
 
[Attacks Part] BetterCrypto Workshop @ Hack.lu 2014
[Attacks Part] BetterCrypto Workshop @ Hack.lu 2014 [Attacks Part] BetterCrypto Workshop @ Hack.lu 2014
[Attacks Part] BetterCrypto Workshop @ Hack.lu 2014 Aaron Zauner
 
A Steganography-based Covert Keylogger
A Steganography-based Covert KeyloggerA Steganography-based Covert Keylogger
A Steganography-based Covert KeyloggerCSCJournals
 
The evolving threat in the face of increased connectivity
The evolving threat in the face of increased connectivityThe evolving threat in the face of increased connectivity
The evolving threat in the face of increased connectivityAPNIC
 
2013 april-screen
2013 april-screen2013 april-screen
2013 april-screenHenrik Kramshøj
 
Crypto Hot Cases – One Year Backward
Crypto Hot Cases – One Year BackwardCrypto Hot Cases – One Year Backward
Crypto Hot Cases – One Year BackwardPositive Hack Days
 
Evaluating Network Forensics Applying Advanced Tools
Evaluating Network Forensics Applying Advanced ToolsEvaluating Network Forensics Applying Advanced Tools
Evaluating Network Forensics Applying Advanced ToolsIJAEMSJORNAL
 
Quantum computing
Quantum computingQuantum computing
Quantum computingMiguel Antonio Rey
 
Formative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksFormative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksDamaineFranklinMScBE
 
Network_System_Admin.docx
Network_System_Admin.docxNetwork_System_Admin.docx
Network_System_Admin.docxPhilip Martin
 
International Journal of Network Security & Its Applications (IJNSA)
International Journal of Network Security & Its Applications (IJNSA)International Journal of Network Security & Its Applications (IJNSA)
International Journal of Network Security & Its Applications (IJNSA)IJNSA Journal
 
Because "use urandom" isn't everything: a deep dive into CSPRNGs in Operating...
Because "use urandom" isn't everything: a deep dive into CSPRNGs in Operating...Because "use urandom" isn't everything: a deep dive into CSPRNGs in Operating...
Because "use urandom" isn't everything: a deep dive into CSPRNGs in Operating...Aaron Zauner
 
[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...
[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...
[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...Aaron Zauner
 

More Related Content

Similar to Crypto Hardening Sysadmins - IETF Reaction

powe point presentation on kali linux and ethical hacking
powe point presentation on kali linux and ethical hackingpowe point presentation on kali linux and ethical hacking
powe point presentation on kali linux and ethical hackingdhruvpawar010
 
The Death Of Computer Forensics: Digital Forensics After the Singularity
The Death Of Computer Forensics: Digital Forensics After the SingularityThe Death Of Computer Forensics: Digital Forensics After the Singularity
The Death Of Computer Forensics: Digital Forensics After the SingularityTech and Law Center
 
Selected Cloud Security Patterns For Improving End User Security and Privacy ...
Selected Cloud Security Patterns For Improving End User Security and Privacy ...Selected Cloud Security Patterns For Improving End User Security and Privacy ...
Selected Cloud Security Patterns For Improving End User Security and Privacy ...PRISMACLOUD Project
 
Dagrep v006-i009-complete 2
Dagrep v006-i009-complete 2Dagrep v006-i009-complete 2
Dagrep v006-i009-complete 2sandeep1721
 
Dagrep v006-i009-complete
Dagrep v006-i009-completeDagrep v006-i009-complete
Dagrep v006-i009-completesandeep1721
 
Improving Cloud Security Using Multi Level Encryption and Authentication
Improving Cloud Security Using Multi Level Encryption and AuthenticationImproving Cloud Security Using Multi Level Encryption and Authentication
Improving Cloud Security Using Multi Level Encryption and AuthenticationAM Publications,India
 
Security Testing ModernApps_v1.0
Security Testing ModernApps_v1.0Security Testing ModernApps_v1.0
Security Testing ModernApps_v1.0Neelu Tripathy
 
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionCloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionIJERA Editor
 
Chapter 7 security tools i
Chapter 7 security tools iChapter 7 security tools i
Chapter 7 security tools iSyaiful Ahdan
 
[Attacks Part] BetterCrypto Workshop @ Hack.lu 2014
[Attacks Part] BetterCrypto Workshop @ Hack.lu 2014 [Attacks Part] BetterCrypto Workshop @ Hack.lu 2014
[Attacks Part] BetterCrypto Workshop @ Hack.lu 2014 Aaron Zauner
 
A Steganography-based Covert Keylogger
A Steganography-based Covert KeyloggerA Steganography-based Covert Keylogger
A Steganography-based Covert KeyloggerCSCJournals
 
The evolving threat in the face of increased connectivity
The evolving threat in the face of increased connectivityThe evolving threat in the face of increased connectivity
The evolving threat in the face of increased connectivityAPNIC
 
Crypto Hot Cases – One Year Backward
Crypto Hot Cases – One Year BackwardCrypto Hot Cases – One Year Backward
Crypto Hot Cases – One Year BackwardPositive Hack Days
 
Evaluating Network Forensics Applying Advanced Tools
Evaluating Network Forensics Applying Advanced ToolsEvaluating Network Forensics Applying Advanced Tools
Evaluating Network Forensics Applying Advanced ToolsIJAEMSJORNAL
 
Formative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksFormative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksDamaineFranklinMScBE
 
Network_System_Admin.docx
Network_System_Admin.docxNetwork_System_Admin.docx
Network_System_Admin.docxPhilip Martin
 
International Journal of Network Security & Its Applications (IJNSA)
International Journal of Network Security & Its Applications (IJNSA)International Journal of Network Security & Its Applications (IJNSA)
International Journal of Network Security & Its Applications (IJNSA)IJNSA Journal
 

Similar to Crypto Hardening Sysadmins - IETF Reaction (20)

powe point presentation on kali linux and ethical hacking
powe point presentation on kali linux and ethical hackingpowe point presentation on kali linux and ethical hacking
powe point presentation on kali linux and ethical hacking
 
The Death Of Computer Forensics: Digital Forensics After the Singularity
The Death Of Computer Forensics: Digital Forensics After the SingularityThe Death Of Computer Forensics: Digital Forensics After the Singularity
The Death Of Computer Forensics: Digital Forensics After the Singularity
 
Selected Cloud Security Patterns For Improving End User Security and Privacy ...
Selected Cloud Security Patterns For Improving End User Security and Privacy ...Selected Cloud Security Patterns For Improving End User Security and Privacy ...
Selected Cloud Security Patterns For Improving End User Security and Privacy ...
 
Dagrep v006-i009-complete 2
Dagrep v006-i009-complete 2Dagrep v006-i009-complete 2
Dagrep v006-i009-complete 2
 
Dagrep v006-i009-complete
Dagrep v006-i009-completeDagrep v006-i009-complete
Dagrep v006-i009-complete
 
Improving Cloud Security Using Multi Level Encryption and Authentication
Improving Cloud Security Using Multi Level Encryption and AuthenticationImproving Cloud Security Using Multi Level Encryption and Authentication
Improving Cloud Security Using Multi Level Encryption and Authentication
 
ION Santiago: Lock It Up: TLS for Network Operators
ION Santiago: Lock It Up: TLS for Network OperatorsION Santiago: Lock It Up: TLS for Network Operators
ION Santiago: Lock It Up: TLS for Network Operators
 
Security Testing ModernApps_v1.0
Security Testing ModernApps_v1.0Security Testing ModernApps_v1.0
Security Testing ModernApps_v1.0
 
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionCloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
 
Chapter 7 security tools i
Chapter 7 security tools iChapter 7 security tools i
Chapter 7 security tools i
 
[Attacks Part] BetterCrypto Workshop @ Hack.lu 2014
[Attacks Part] BetterCrypto Workshop @ Hack.lu 2014 [Attacks Part] BetterCrypto Workshop @ Hack.lu 2014
[Attacks Part] BetterCrypto Workshop @ Hack.lu 2014
 
A Steganography-based Covert Keylogger
A Steganography-based Covert KeyloggerA Steganography-based Covert Keylogger
A Steganography-based Covert Keylogger
 
The evolving threat in the face of increased connectivity
The evolving threat in the face of increased connectivityThe evolving threat in the face of increased connectivity
The evolving threat in the face of increased connectivity
 
2013 april-screen
2013 april-screen2013 april-screen
2013 april-screen
 
Crypto Hot Cases – One Year Backward
Crypto Hot Cases – One Year BackwardCrypto Hot Cases – One Year Backward
Crypto Hot Cases – One Year Backward
 
Evaluating Network Forensics Applying Advanced Tools
Evaluating Network Forensics Applying Advanced ToolsEvaluating Network Forensics Applying Advanced Tools
Evaluating Network Forensics Applying Advanced Tools
 
Quantum computing
Quantum computingQuantum computing
Quantum computing
 
Formative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksFormative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering Attacks
 
Network_System_Admin.docx
Network_System_Admin.docxNetwork_System_Admin.docx
Network_System_Admin.docx
 
International Journal of Network Security & Its Applications (IJNSA)
International Journal of Network Security & Its Applications (IJNSA)International Journal of Network Security & Its Applications (IJNSA)
International Journal of Network Security & Its Applications (IJNSA)
 

More from Aaron Zauner

Because "use urandom" isn't everything: a deep dive into CSPRNGs in Operating...
Because "use urandom" isn't everything: a deep dive into CSPRNGs in Operating...Because "use urandom" isn't everything: a deep dive into CSPRNGs in Operating...
Because "use urandom" isn't everything: a deep dive into CSPRNGs in Operating...Aaron Zauner
 
[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...
[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...
[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...Aaron Zauner
 
No need for Black Chambers: Testing TLS in the E-Mail Ecosystem at Large (hac...
No need for Black Chambers: Testing TLS in the E-Mail Ecosystem at Large (hac...No need for Black Chambers: Testing TLS in the E-Mail Ecosystem at Large (hac...
No need for Black Chambers: Testing TLS in the E-Mail Ecosystem at Large (hac...Aaron Zauner
 
Introduction to and survey of TLS security (BsidesHH 2014)
Introduction to and survey of TLS security (BsidesHH 2014)Introduction to and survey of TLS security (BsidesHH 2014)
Introduction to and survey of TLS security (BsidesHH 2014)Aaron Zauner
 
Beautiful Bash: Let's make reading and writing bash scripts fun again!
Beautiful Bash: Let's make reading and writing bash scripts fun again!Beautiful Bash: Let's make reading and writing bash scripts fun again!
Beautiful Bash: Let's make reading and writing bash scripts fun again!Aaron Zauner
 
Introduction to and survey of TLS Security
Introduction to and survey of TLS SecurityIntroduction to and survey of TLS Security
Introduction to and survey of TLS SecurityAaron Zauner
 
Introduction to and survey of TLS Security
Introduction to and survey of TLS SecurityIntroduction to and survey of TLS Security
Introduction to and survey of TLS SecurityAaron Zauner
 
BetterCrypto: Applied Crypto Hardening
BetterCrypto: Applied Crypto HardeningBetterCrypto: Applied Crypto Hardening
BetterCrypto: Applied Crypto HardeningAaron Zauner
 
How to save the environment
How to save the environmentHow to save the environment
How to save the environmentAaron Zauner
 
Sc12 workshop-writeup
Sc12 workshop-writeupSc12 workshop-writeup
Sc12 workshop-writeupAaron Zauner
 

More from Aaron Zauner (10)

Because "use urandom" isn't everything: a deep dive into CSPRNGs in Operating...
Because "use urandom" isn't everything: a deep dive into CSPRNGs in Operating...Because "use urandom" isn't everything: a deep dive into CSPRNGs in Operating...
Because "use urandom" isn't everything: a deep dive into CSPRNGs in Operating...
 
[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...
[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...
[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...
 
No need for Black Chambers: Testing TLS in the E-Mail Ecosystem at Large (hac...
No need for Black Chambers: Testing TLS in the E-Mail Ecosystem at Large (hac...No need for Black Chambers: Testing TLS in the E-Mail Ecosystem at Large (hac...
No need for Black Chambers: Testing TLS in the E-Mail Ecosystem at Large (hac...
 
Introduction to and survey of TLS security (BsidesHH 2014)
Introduction to and survey of TLS security (BsidesHH 2014)Introduction to and survey of TLS security (BsidesHH 2014)
Introduction to and survey of TLS security (BsidesHH 2014)
 
Beautiful Bash: Let's make reading and writing bash scripts fun again!
Beautiful Bash: Let's make reading and writing bash scripts fun again!Beautiful Bash: Let's make reading and writing bash scripts fun again!
Beautiful Bash: Let's make reading and writing bash scripts fun again!
 
Introduction to and survey of TLS Security
Introduction to and survey of TLS SecurityIntroduction to and survey of TLS Security
Introduction to and survey of TLS Security
 
Introduction to and survey of TLS Security
Introduction to and survey of TLS SecurityIntroduction to and survey of TLS Security
Introduction to and survey of TLS Security
 
BetterCrypto: Applied Crypto Hardening
BetterCrypto: Applied Crypto HardeningBetterCrypto: Applied Crypto Hardening
BetterCrypto: Applied Crypto Hardening
 
How to save the environment
How to save the environmentHow to save the environment
How to save the environment
 
Sc12 workshop-writeup
Sc12 workshop-writeupSc12 workshop-writeup
Sc12 workshop-writeup
 

Recently uploaded

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 

Recently uploaded (20)

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 

Crypto Hardening Sysadmins - IETF Reaction

  • 1. Bettercrypto - Applied Crypto Hardening for Sysadmins Reaction from the Internet Engineering Community Aaron Zauner azet@azet.org BetterCrypto.org Hack.lu - 21/10/2014
  • 2.
  • 3. post-Snowden I After the Snowden Leaks appeared in press the IETF began discussion on how ‘’pervaisive monitoring” can be prevented I In September 2013 the ‘’PERPASS” (pervaisive, passive monitoring) mailing list was started I People started working on drafts to circumvent ‘’pervaisive monitoring”: http://down.dsg.cs.tcd.ie/misc/perpass.txt Hack.lu - 21/10/2014 Bettercrypto - Applied Crypto Hardening for Sysadmins Aaron Zauner 1/6
  • 4. I IETF 89 was accompanied by a meeting on the topic (STRINT) with invited speakers on privacy, security and cryptography: https://www.w3.org/2014/strint/ I ‘’strenghtening the internet against pervaisive monitoring” I a lot of good feedback and ideas I main takeaways: threat modeling, CFRG was tasked with TLS-WG guidance on choices of ciphers and which curves/parameters (ECC) to use http://tools.ietf.org/html/draft-iab-strint-report-00 Hack.lu - 21/10/2014 Bettercrypto - Applied Crypto Hardening for Sysadmins Aaron Zauner 2/6
  • 5. New WGs and documents being worked on I UTA-WG (utilizing TLS in applications): working BCPs on how to properly use/implement TLS I TLS-WG (transport layer security): TLS 1.3, chacha20-poly1305, DJB curves (ECC), FALLBACK_SCSV extension,.. I TCPINC (TCP increased security): working on standardization of opportunistic encryption on the TCP layer (similar to tcpcrypt) I DPRIVE (DNS private exchange): working on DNS privacy features I IAB (internet architecture board): threat model, see: https://tools.ietf.org/html/draft-iab-privsec-confidentiality-threat I TRANS (Public Notary Transparency): fight malicious certificate authorities with certificate transparency, see: www.certificate-transparency.org .H..ack.lu - 21/10/2014 Bettercrypto - Applied Crypto Hardening for Sysadmins Aaron Zauner 3/6
  • 6. Curves Curves Curves I CFRG (cryptography forum research group within IRTF) is working on a standardized set of curves and curve parameters for IETF WGs: expected by the end of 2014 I + Curve25519 (dan bernstein, et al.) I + NUMS (microsoft) I + ed448goldilocks (michael hamburg) In comparison to NIST curves: most new proposals are plugable into existing standards and can be reused within protocols and IETF documents. Good summary (by the Brainpool authors, so a bit biased): http://eprint.iacr.org/2014/832.pdf Hack.lu - 21/10/2014 Bettercrypto - Applied Crypto Hardening for Sysadmins Aaron Zauner 4/6
  • 7. I Certificate Transparency is now being worked on as an IETF standard: https://datatracker.ietf.org/wg/trans/charter/ I discussion on mandatory encryption in HTTP2 (HTTPBIS-WG) Hack.lu - 21/10/2014 Bettercrypto - Applied Crypto Hardening for Sysadmins Aaron Zauner 5/6
  • 8. ..A lot more going on within IETF, but I can barely keep up with TLS-WG due to work currently.. Questions? Hack.lu - 21/10/2014 Bettercrypto - Applied Crypto Hardening for Sysadmins Aaron Zauner 6/6