[Cryptography] Opening Discussion: Speculation on "BULLRUN"

Jeffrey I. Schiller jis at mit.edu
Sat Sep 7 19:52:44 EDT 2013

Hash: SHA1

On Sat, Sep 07, 2013 at 09:14:47PM +0000, Gregory Perry wrote:
> And this is exactly why there is no real security on the Internet.
> Because the IETF and standards committees and working groups are all
> in reality political fiefdoms and technological monopolies aimed at
> lining the pockets of a select few companies deemed "worthy" of
> authenticating user documentation for purposes of establishing
> online credibility.
> ...
> Encrypting IPv6 was initially a mandatory part of the spec,
> but then it somehow became discretionary.  The nuts and bolts of
> strong crypto have been around for decades, but the IETF and related
> standards "powers to be" are more interested in creating a global
> police state than guaranteeing some semblance of confidential and
> privacy for Internet users.

I’m sorry, but I cannot let this go unchallenged. I was there, I saw
it. For those who don’t know, I was the IESG Security Area Director
from 1994 - 2003. (by myself until 1998 after which we had two co-AD’s
in the Security Area). During this timeframe we formed the TLS working
group, the PGP working group and IPv6 became a Draft Standard. Scott
Bradner and I decided that security should be mandatory in IPv6, in
the hope that we could drive more adoption.

The IETF was (and probably still is) a bunch of hard working
individuals who strive to create useful technology for the
Internet. In particular IETF contributors are in theory individual
contributors and not representatives of their employers. Of course
this is the theory and practice is a bit “noisier” but the bulk of
participant I worked with were honest hard working individuals.

Security fails on the Internet for three important reasons, that have
nothing to do with the IETF or the technology per-se (except for point

 1.  There is little market for “the good stuff”. When people see that
     they have to provide a password to login, they figure they are
     safe... In general the consuming public cannot tell the
     difference between “good stuff” and snake oil. So when presented
     with a $100 “good” solution or a $10 bunch of snake oil, guess
     what gets bought.

 2.  Security is *hard*, it is a negative deliverable. You do not know
     when you have it, you only know when you have lost it (via
     compromise). It is therefore hard to show return on investment
     with security. It is hard to assign a value to something not

 2a. Most people don’t really care until they have been personally
     bitten. A lot of people only purchase a burglar alarm after they
     have been burglarized. Although people are more security aware
     today, that is a relatively recent development.

 3.  As engineers we have totally and completely failed to deliver
     products that people can use. I point out e-mail encryption as a
     key example. With today’s solutions you need to understand PK and
     PKI at some level in order to use it. That is likely requiring a
     driver to understand the internal combustion engine before they
     can drive their car. The real world doesn’t work that way.

No government conspiracy required. We have seen the enemy and it is...


Jeffrey I. Schiller
Information Services and Technology
Massachusetts Institute of Technology
77 Massachusetts Avenue  Room E17-110A, 32-392
Cambridge, MA 02139-4307
617.910.0259 - Voice
jis at mit.edu
Version: GnuPG v1.4.11 (GNU/Linux)


More information about the cryptography mailing list