What's Left for private Messaging

I had the privilege to address the annual Chaos Communication Congress (36C3) in Leipzig last week about the state and remaining issues in private communications.

The recording of the video has been made available by the CCC, and I have also posted the slides.

The TL;DR for me is that many of the trade-offs are balancing the stability of user experience with privacy mechanisms – and finding more ergonomic user experience interactions will be as important as new systems schemes are to improving the ecosystem.

I am particularly excited by the number of ongoing effort reducing trust in central servers. Many of the mechanistic trade-offs we face are due to the topology of our systems. With systems designed for fully anonymous interaction, like mixnets, PIR, and oblivious messaging, we can model and mitigate threats from much more realistic adversaries than we do with popular channels today. (For instance, consider an office which has received a whistle blowing message. If the receiving investigation wants to identify the source, they likely control both the local network, and have the ability to send messages to the account that initiated the conversation. Our current designs will find it quite difficult to protect a user from this scenario)

Email Security Checklist

There are a lot of various standards and protocols in play around SMTP that are being used today to validate email. when setting up self hosting, recently, I found it useful to refer to the following checklist of the following validations that I should be configuring.

For a server receiving email on behalf of a domain:

  • Delegated by MX or A record
  • Correct PTR record matching server HELO
  • TLS Cert for StartTLS upgrade support
  • MTA-STS record to indicate the expectation of TLS
    • A dns record of the form _mta-sts.example.com. IN TXT "v=STSv1; id=20160831085700Z;" defining the current policy ID
    • the presence of which triggers an HTTPS fetch of https://mta-sts.example.com/.well-known/mta-sts.txt
    • that file contains a policy of the form
version: STSv1
mode: enforce
mx: mail.example.com

For longer term validation (these standards seem to still be getting adoption, so probably won’t be validated by most senders)

  • DNSSEC enabled for the domain
  • DANE dns records for the expected cert
    • there’s a tool to test your implementation.
  • CAA dns record to limit cert issuer

For a server sending email on behalf of a domain:

  • Coming from a stable IP, ideally the same as the receiving server
  • HELO matches both MAIL FROM sender and the sending IP’s PTR record
  • Equipped with the TLS cert for the domain to be able to offer as a client certificate
  • SFP record
    • of the form example.com. TXT "v=spf1 +mx -all" (or “a” instead of “mx”)
  • DKIM header signing of messages
    • DNS <selector>._domainkey.example.com record with pubkey
  • ARC headers
  • Register the domain on postmaster.google.com

NextGen Korea Scholars

I had the incredible opportunity to spend the end of last week in Washington DC with the CSIS NextGen Scholars program meeting the US policy makers who define the US policy towards the DPRK.

It was fascinating to see the process has been put in place for weighing the different factors that go into these decisions, and how at the same time there really is truth to the almost inconceivable notion that the best any of us can hope for is that Trump and Kim Jong Un will have a successful summit and be able to make progress based on some unexpected personal trust.

I am hopeful I was able to offer some insight into what life is like in the country, and perhaps was able to offer some sense of the value provided by engagements like PUST.

Several tweets provide a sense of who we got to meet.

Ethics of Censorship Measurement

I gave a talk this past summer at DEFCON on the ethical quandary that continues to play a role in the academic discussion of network censorship measurement. Over the course of my phd studies, there was a significant arc of time where the community yielded to caution as the issues around ethics were better understood.

These issues have not gone away, and in the intervening six months since this talk, we’ve seen new groups re-develop techniques deemed problematic by the prevailing winds of the academic community.

Watch on Youtube


Corporate Censorship

One of the most interesting lines of inquiry within the Censored Planet project at the University of Michigan is trying to pull apart the different actors involved in Internet  censorship. One of the interesting quirks is that a significant factor in why content might not be available to users is that the web publisher themselves have limited who they’ll respond to.

This relates to existing phenomenons like increased balkanization of the web, where regions and nations promote domestic services and networks, but is as much a function of where lucrative markets are and a reaction to the background of fraud and malicious online traffic.

One outcome of this research is a set of measurements looking at how and where CDNs limit access, that will be presented tomorrow at IMC.

Like many parts of the Internet, a take-away here is that attribution is hard.

Tibet 2018

In the second half of August, 2018, I biked from Golmud in Qinghai to Lhasa. The road, the G109, is a lifeline for Tibet, with 85% of supplies for Tibet imported along this route. It parallels the primary train line into the region, and was one of the first paved routes on the plateau.

It’s also 1000+km above 4,500m.

My original motivation for the trip was a similar but different route, the G318 road connecting Chengdu in Sichuan to Lhasa. This route is one of the most popular long distance cycling routes in China, and there are a number of posts I found when looking for bicycling adventures in China that were simply incredible. The 318 wasn’t fully paved until 2013, and it wasn’t uncommon to see posts where groups were fording stretches of waste-deep mud. While this adventure lacks some of the romanticism, it approximates what for me is at the heart of the pilgrimage.

We started by flying to Xining, with a layover in Beijing where I redeemed online train reservations for tickets. After a short connection to a night train to golmud, we got our bikes assembled, and I navigated the kuaidi system to ship the extra luggage to a hotel in lhasa.

The first adventure occurred 30km outside of town. After passing signs warning us we’d already entered Tibet (we were still 100’s of km from the official boundary of the TAR, but the G109 road is managed by the Tibetan authority from Golmud), we encountered a road checkpoint that wanted foreigners to be accompanied by a guide, and to have a valid permit for entering the region. I had worked with Extravagant Yak to secure a guide from TuoTuoHe, a town before the first such checkpoint which either of us were aware of. After a couple rounds of discussions between the officers, us, and the tour guides, we were allowed to continue unaccompanied on the first leg, as initially planned. The hesitation and negotiation reminded me of how rare it is for foreigners to be in this area.

The first week was the highlight of the trip for me. A series of low-mileage but strenuous days brought us to the plateau, and the direct, spontaneous interactions we were able to have each day were fantastic. We got water from a local spring, received a warm welcome from returning military convoys, and learned how to operate a coal stove.

Tibet was interesting to finally see as well. I’ve hesitated to travel or interact with the region because of the political sensitivities. I don’t feel like that I was missing too much – my general impression of Tibetan culture and lifestyle has not dramatically changed as a result of the trip, though I do appreciate the direct experience confirming what I had suspected. In broad strokes, the situation of the Tibetan minority does not seem abnormal to that of other Chinese minorities. Like Xinjiang, there are restrictions on movement, a different predominant language, and different cultural norms. The underlying tensions are not unique, increased Chinese driven development is modernizing the society, but there is concern that the uplift is not equitable, and that improvements may mute traditional cultural values.

Regardless, Tibet-the-location is beautiful, and was fantastic to explore.

Web Hacker