[Cryptography] The role of the IETF in security of the Internet: for or against the NSA? for or against the security of users of the net?

[Stephen Farrell]

Hiya,

On 20/07/14 10:18, ianG wrote:
> E.g., a recent case in point was a discussion on algorithmic agility
> which I engaged in at saag and tcpinc.  It was *expensive* ... the
> discussion bounced back and forth between groups, with procedure and
> claims of 'consensus' being used as weapons by incumbents.  I spent a
> lot of hours!  Which I cannot afford!  In the end, the emerging fresh
> anti-consensus was more or less slapped down, but it also seems that the
> push to encode algorithm agility into RFC got stalled.

You may end up in the rough in that discussion, but I would point
out that a) you (and anyone able to talk sense:-) are free to take
part and b) the discussion is not over - I think its not unlikely
that Russ' draft will change as a result to at least note the
downsides of how algorithm agility has been handled in the past
(e.g. see [1] and follow ups).

On your more general point, yes, people with money (*) can work
within even open processes like the IETF's more easily than those
without. I don't know how you tackle that. Best seems to be
as open as you can be, which the IETF does and tries all the
time to do better, but the issue remains.

S.

(*) meaning money and the time, expertise etc. that all buys

[1] https://www.ietf.org/mail-archive/web/saag/current/msg05058.html