[Cryptography] The role of the IETF in security of the Internet: for or against the NSA? for or against the security of users of the net?

[Nico Williams]

On Sun, Mar 16, 2014 at 9:49 AM, ianG <iang at iang.org> wrote:
> ...
> Let's assume the following tactics of the NSA in their meta-goal of
> owning the net [0]:
>
>    1.  make sure that only very few people used cryptography.

The crypto wars ended eons ago.

>    2.  make it spectacularly complex to use.

Security has always been spectacularly hard.

>    3.  channel all users of crypto through TTPs.

Over in the real world we want to scale, which is why we use TTPs.  It
sucks, but then, Internet commerce is sooo nice.  We all want to buy
or sell stuff (goods, services), trading with perfect strangers, yet
we have some expectations of legal support.  Well, it's difficult to
scale beyond your immediate circle of friends and family without TTPs.
 That's also true offline.  And sure, the TTPs can MITM you.  Well,
yeah, it's the price you pay.  You can do all sorts of things to make
it harder on the TTPs to screw you over, but you as long as you have
the introduction problem and you want to scale, you'll have TTPs to
kick around.

> This is where the IETF has played the NSA game.  Thanks to the IETF's WG
> platform of bringing together industry players, the emphasis is on
> protecting only *those who use the product*.  Which meant that anyone
> not using the product was irrelevant.  According to IETF unwritten
> policy, as enforced by industry players, everyone had to pay the price
> of admission in order to be considered worthy of protection.

How much experience do you have in the IETF?  What you say does not
reflect the reality I inhabit.

Later you say:

On Mon, Mar 17, 2014 at 7:01 AM, ianG <iang at iang.org> wrote:
> On 16/03/2014 21:58 pm, Bill Frantz wrote:
>> On 3/16/14 at 7:49 AM, iang at iang.org (ianG) wrote:
>>
>>> This is where the IETF has played the NSA game.  Thanks to the IETF's WG
>>> platform of bringing together industry players, the emphasis is on
>>> protecting only *those who use the product*.  Which meant that anyone
>>> not using the product was irrelevant.  According to IETF unwritten
>>> policy, as enforced by industry players, everyone had to pay the price
>>> of admission in order to be considered worthy of protection.
>>
>> I'm not convinced this analysis is correct. One analysis I like takes
>> from Machiavelli the thought that introducing new systems is hard,
>> because the old systems have a lot of inertia, including the people who
>> depend on them to make a living.
>
>
> Absolutely -- I set myself an almost impossible hurdle.  But that's
> aside from whether the analysis is correct or not.
>
>> The only successful security model we have seen in wide deployment is
>> the CA model. (SSH is not generally used outside small communities.)
>
>
> Skype.  Let's ask ourselves what would have happened if Skype had gone
> the WG ID path?

Say what?  You think Skype is better/more secure for not having been
standardized?  So you trust Skype more than various IETF security
protocols?  I find it hard to take that seriously.  I've no idea what
Skype does on any given day, and less what it will do the next.

And BTW, the IETF doesn't always do design by committee, the IETF
standardizes protocols that participants want to; if you bring a fully
formed protocol to the IETF that the community is interested in then
they'll standardize it after reviewing it -- chances of zero changes
are low, but the design will not have been by committee.  Really, the
IETF has its faults, and who knows, maybe there are NSA/GCHQ moles
pushing the consensus around, but please don't let's generalize so
broadly.

Also, the cost of bringing a protocol to the IETF is rather low: it's
the cost of the labor needed to write the documents, rally interest
(it's a volunteer organization), and go through the process.  You
don't even need to pay the IETF one penny if you don't every choose to
attend an _actual_, physical meeting.  This cost is as low as it gets,
though it isn't low, i know.  You can always just manage to get
interest and a community going outside the IETF, effectively making
your own SDO -- plenty have done it.  And there are alternative SDOs.

Heck, SSL was a protocol brought to the IETF by an outsider, not
designed by committee at all.  Kerberos was too.  Ditto NFS, SSH, ...
Sure, after two or three decades they look like monsters, but that's
not because of committee, it's because of the impossibly high cost of
flag days.  The design-by-committee parts come after initial
standardization, when many people use the protocol and therefore have
a stake in its evolution.  I don't see how you avoid this.  It's
called "organic growth", or "entropy" if you like.

Can we _please_, pretty please, with sugar and cherries on top[*]
raise the signal-to-noise ratio on this list?  How can we work to
improve security when our lists become a DDoS on ourselves?

I miss the days when Perry moderated aggressively to tamp down
retreading and when he'd edit posts to note that a given thread was
exhausted.

Nico

[*] I hate sugar, but still.