<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto">He answered it completely. "You" worried about interception of RPKI exchange over the wire are failing to see that there is nothing there important to decrypt because the encryption in the transmission is not there !<div><br></div><div>And yet you've failed to even follow up to his question... "What's your point regarding your message? ROV does not use (nor needs) encryption."</div><div><br></div><div>So maybe you could give some context on that so someone can steer you out of the wrong direction.<br><br><div dir="ltr"><div><span style="background-color: rgba(255, 255, 255, 0);">-- </span></div><div><span style="background-color: rgba(255, 255, 255, 0);"> J. Hellenthal</span></div><div><span style="background-color: rgba(255, 255, 255, 0);"><br></span></div><span style="background-color: rgba(255, 255, 255, 0);">The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume.</span></div><div dir="ltr"><br><blockquote type="cite">On Oct 30, 2021, at 10:31, A Crisan <alina.florar@gmail.com> wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-family:garamond,times new roman,serif;font-size:small">Hi Matthew, <br></div><div class="gmail_default" style="font-family:garamond,times new roman,serif;font-size:small"><br></div><div class="gmail_default" style="font-family:garamond,times new roman,serif;font-size:small">Quantum computing exists as POCs, IBM being one of those advertising them and announced to extend their project. There are others on the market, Amazon advertised quantum computing as a service back in 2019: <a href="https://www.theverge.com/2019/12/2/20992602/amazon-is-now-offering-quantum-computing-as-a-service">https://www.theverge.com/2019/12/2/20992602/amazon-is-now-offering-quantum-computing-as-a-service</a>. The bottle neck of the current technology is scalability: we will not see QC as personal computing level just yet (to go in more detail, current technologies work at cryogenic temperatures, thus they are hyper expensive and not really scalable), but they exist and one could be imagine they are/will be used for various tasks.<br></div><div class="gmail_default" style="font-family:garamond,times new roman,serif;font-size:small"><br></div><div class="gmail_default" style="font-family:garamond,times new roman,serif;font-size:small">On the other hand, you've actually commented every word of my mail, minus the stated question. Thanks. <br></div><div class="gmail_default" style="font-family:garamond,times new roman,serif;font-size:small"><br></div><div class="gmail_default" style="font-family:garamond,times new roman,serif;font-size:small">Best Regards, <br></div><div class="gmail_default" style="font-family:garamond,times new roman,serif;font-size:small">Dora Crisan <br></div><div class="gmail_default" style="font-family:garamond,times new roman,serif;font-size:small"><br></div><div class="gmail_default" style="font-family:garamond,times new roman,serif;font-size:small"><br></div><div class="gmail_default" style="font-family:garamond,times new roman,serif;font-size:small"><br></div><div class="gmail_default" style="font-family:garamond,times new roman,serif;font-size:small"> </div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Oct 29, 2021 at 8:10 PM Matthew Walster <<a href="mailto:matthew@walster.org">matthew@walster.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto"><div><br><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, 29 Oct 2021, 15:55 A Crisan, <<a href="mailto:alina.florar@gmail.com" target="_blank">alina.florar@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-family:garamond,times new roman,serif;font-size:small">Hi Matthew,</div></div><div class="gmail_quote"><div style="font-family:garamond,times new roman,serif;font-size:small" class="gmail_default">I was reading the above exchange, and I do have a question linked to your last affirmation. To give you some context, the last 2021 ENISA report seem to suggest that internet traffic is "casually registered" by X actors to apply post Retrospective decryption (excerpt below). This would be at odds with your (deescalating) affirmation that hijacks are non-malicious and they are de-peered quickly, unless you pinpoint complete flux arrest only. Are there any reportings/indicators... that look into internet flux constant monitoring capabilities/capacities? Thanks.</div></div></div></blockquote></div></div><div dir="auto"><br></div><div dir="auto">RPKI uses authentication not confidentiality. There is no encryption taking place, other than the signatures on the certificates etc.</div><div dir="auto"><br></div><div dir="auto"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><div style="font-family:garamond,times new roman,serif;font-size:small" class="gmail_default">Excerpt from the introduction: "<span><span dir="ltr">What makes matters worse is
that any cipher text intercepted by an attacker today can be decrypted
by the attacker as soon as he has access to a large quantum computer
(Retrospective decryption). </span></span></div></div></div></blockquote></div></div><div dir="auto"><br></div><div dir="auto">Which do not exist (yet).</div><div dir="auto"><br></div><div dir="auto"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><div style="font-family:garamond,times new roman,serif;font-size:small" class="gmail_default"><span><span dir="ltr">Analysis of Advanced Persistent Threats
(APT) and Nation State capabilities, </span></span></div></div></div></blockquote></div></div><div dir="auto"><br></div><div dir="auto">Buzzwords.</div><div dir="auto"><br></div><div dir="auto"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><div style="font-family:garamond,times new roman,serif;font-size:small" class="gmail_default"><span><span dir="ltr">along with whistle blowers’
revelations</span></span></div></div></div></blockquote></div></div><div dir="auto"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><div style="font-family:garamond,times new roman,serif;font-size:small" class="gmail_default" dir="auto"><span><span dir="ltr"> have shown that threat actors can and are casually recording
all Internet traffic in their data centers</span></span></div><div style="font-family:garamond,times new roman,serif;font-size:small" class="gmail_default" dir="auto"><span><span dir="ltr"></span></span></div></div></div></blockquote></div></div><div dir="auto"><br></div><div dir="auto">No they're not. It's just not possible or indeed necessary to duplicate everything at large scale. Perhaps with a large amount of filtering, certain flows would be captured, but in the days of pervasive TLS, this seems less and less worthwhile.</div><div dir="auto"><br></div><div dir="auto"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><div style="font-family:garamond,times new roman,serif;font-size:small" class="gmail_default" dir="auto"><span><span dir="ltr"> and that they select
encrypted traffic as interesting and worth storing.This means that any
data encrypted using any of the standard public-key systems today will
need to be considered compromised once a quantum computer exists and
there is no way to protect it retroactively, because a copy of the
ciphertexts in the hands of the attacker. This means that data that
needs to remain confidential after the arrival of quantum computers need
to be encrypted with alternative means"</span></span></div></div></div></blockquote></div></div><div dir="auto"><br></div><div dir="auto">None of this is relevant to RPKI (ROV) at all. In fact, it reads like the fevered dreams of a cyber security research student. What's your point regarding your message? ROV does not use (nor needs) encryption.</div><div dir="auto"><br></div><div dir="auto">M</div><div dir="auto"><br></div><div dir="auto"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><div style="font-family:garamond,times new roman,serif;font-size:small" class="gmail_default"><span><span dir="ltr"></span></span><span style="font-size:9.29843px;font-family:sans-serif" role="presentation" dir="ltr"></span></div></div></div>
</blockquote></div></div></div>
</blockquote></div>
</div></blockquote></div></body></html>