[Cryptography] Opening Discussion: Speculation on "BULLRUN"

Phillip Hallam-Baker hallam at gmail.com
Sat Sep 7 22:11:17 EDT 2013


On Sat, Sep 7, 2013 at 8:53 PM, Gregory Perry <Gregory.Perry at govirtual.tv>wrote:

> On 09/07/2013 07:52 PM, Jeffrey I. Schiller wrote:
> > Security fails on the Internet for three important reasons, that have
> > nothing to do with the IETF or the technology per-se (except for point
> > 3).
> >  1.  There is little market for “the good stuff”. When people see that
> >      they have to provide a password to login, they figure they are
> >      safe... In general the consuming public cannot tell the
> >      difference between “good stuff” and snake oil. So when presented
> >      with a $100 “good” solution or a $10 bunch of snake oil, guess
> >      what gets bought.
> The IETF mandates the majority of the standards used on the Internet
> today.


No they do not. There is W3C and OASIS both of which are larger now. And
there has always been IEEE.

And they have no power to mandate anything. In fact one of the things I
have been trying to do is to persuade people that the Canute act commanding
the tides to turn is futile. People need to understand that the IETF does
not have any power to mandate anything and that stakeholders will only
follow standards proposals if they see a value in doing so.




>  If the IETF were truly serious about authenticity and integrity
> and confidentiality of communications on the Internet, then there would
> have been interim ad-hoc link layer encryption built into SMTP
> communications since the end of U.S. encryption export regulations.
>

Like STARTTLS which has been in the standards and deployed for a decade now?



> There would have been an IETF-mandated requirement for Voice over IP
> transport encryption, to provide a comparable set of confidentiality
> with VoIP communications that are inherent to traditional copper-based
> landline telephones.  There would at the very least be ad-hoc (read
> non-PKI integrated) DNSSEC.
>

What on earth is that? DNS is a directory so anything that authenticates
directory attributes is going to be capable of being used as a PKI.



> And then there is this Bitcoin thing.  I say this as an individual that
> doesn't even like Bitcoin.  For the record and clearly off topic, I hate
> Bitcoin with a passion and I believe that the global economic crisis
> could be easily averted by returning to a precious metal standard with
> disparate local economies and currencies, all in direct competition with
> each other for the best possible GDP.
>

The value of all the gold in the world ever mined is $8.2 trillion. The
NASDAQ alone traded $46 trillion last Friday.

There are problems with bitcoin but I would worry rather more about the
fact that the Feds have had no trouble at all shutting down every prior
attempt at establishing a currency of that type and the fact that there is
no anonymity whatsoever.





> So how does Bitcoin exist without the IETF?  In its infancy, millions of
> dollars of transactions are being conducted daily via Bitcoin, and there
> is no IETF involved and no central public key infrastructure to validate
> the papers of the people trading money with each other.  How do you
> counter this Bitcoin thing, especially given your tenure and experience
> at the IETF?


Umm I would suggest that it has more to do with supply and demand and the
fact that there is a large amount of economic activity that is locked out
of the formal banking system (including the entire nation of Iran) that is
willing to pay a significant premium for access to a secondary.


> Nonsense.  Port 25 connects to another port 25 and exchanges a public
> key.  Then a symmetrically keyed tunnel is established.  This is not a
> complex thing, and could have been written into the SMTP RFC decades ago.


RFC 3702 published in 2002.


-- 
Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130907/fb2e6b23/attachment.html>


More information about the cryptography mailing list