[Cryptography] The role of the IETF in security of the Internet: for or against the NSA? for or against the security of users of the net?
ianG
iang at iang.org
Tue Jul 22 06:11:47 EDT 2014
Hi Stephen,
On 20/07/2014 17:54 pm, Stephen Farrell wrote:
>
> Hiya,
>
> On 20/07/14 10:18, ianG wrote:
>> E.g., a recent case in point was a discussion on algorithmic agility
>> which I engaged in at saag and tcpinc. It was *expensive* ... the
>> discussion bounced back and forth between groups, with procedure and
>> claims of 'consensus' being used as weapons by incumbents. I spent a
>> lot of hours! Which I cannot afford! In the end, the emerging fresh
>> anti-consensus was more or less slapped down, but it also seems that the
>> push to encode algorithm agility into RFC got stalled.
>
> You may end up in the rough in that discussion, but I would point
> out that a) you (and anyone able to talk sense:-) are free to take
> part and
I'd say this is a difference of perspective. Of course, anyone who pays
green fees and wears the right shoes is welcome to take part. And if
they end up being pushed out into the rough, well, no doubt that can
happen to anyone, the rules are fair, right?
> b) the discussion is not over - I think its not unlikely
> that Russ' draft will change as a result to at least note the
> downsides of how algorithm agility has been handled in the past
> (e.g. see [1] and follow ups).
(For others: Russ' draft promotes algorithm agility. After some degree
of skepticism that this is always good, a rewrite ensued that ...
promotes algorithm agility. To some of us, this was a surprising
result, so a new rewrite would be welcome.)
The discussion is not over with Russ' draft, but the discussion is over
with TCPinc. The charter still says
"must employ algorithm agility"
even though Russ' draft did not survive that same assertion.
This stinks of club politics. No willingness to give grounds on the
direct important issue, even though it is clearly in play in the more
philosophical arena of saag/Russ ... seems like pushing the rebels out
into the rough, while the local champion is eased forward.
> On your more general point, yes, people with money (*) can work
> within even open processes like the IETF's more easily than those
> without. I don't know how you tackle that.
I personally tackle it in the time-honoured way - theft. I steal time
from other activities that own my time. It works until various
supervisors, SOs and other nosy parkers start quizzing me on the
unproductive time spent there, and the time not spent writing code...
So, likely I won't be doing so much more. The point against algorithm
agility has been made, and I cannot justify more expenditure if others
in IETF are going to outspend me, *especially* if the message is that
politics are being used to get what is desired.
> Best seems to be
> as open as you can be, which the IETF does and tries all the
> time to do better, but the issue remains.
John Kelsey's post on the 'volunteer' nature of the net is well taken,
individual volunteers are easy to push around, and corporates can be
focussed. Either the IETF WGs are corporates in volunteer's clothing,
or it's too easy for it to slide that way.
How do we address this? Well, I reckon the only answer for an
organisation like IETF is to look to competitions with winner take all.
But they have to be open competitions, and the rules have to be open,
not stacked in advance such as is happening with TCPinc.
(The dictator approach solves the design mess, but it doesn't solve the
fight for power within the WG, indeed it probably makes it as bad or worse.)
> (*) meaning money and the time, expertise etc. that all buys
>
> [1] https://www.ietf.org/mail-archive/web/saag/current/msg05058.html
iang
More information about the cryptography
mailing list