[Cryptography] The role of the IETF in security of the Internet: for or against the NSA? for or against the security of users of the net?

[Bill Frantz]

On 3/17/14 at 4:15 PM, nico at cryptonector.com (Nico Williams) wrote:

>And BTW, the IETF doesn't always do design by committee, the IETF
>standardizes protocols that participants want to; if you bring a fully
>formed protocol to the IETF that the community is interested in then
>they'll standardize it after reviewing it -- chances of zero changes
>are low, but the design will not have been by committee.

I have been following the TLS committee for many years. It 
appeared to me that the organizations which captured it were the 
certificate authority companies, not NSA moles. They were the 
people who blew off my suggestion of having key continuity in 
browsers so the browser noticed when a site's public key 
changes. They said in essence, "But how to you handle the cold 
introduction problem?" In the post Snowdon era, most TLS 
contributors recognize that there are significant weaknesses in 
the CA model.

The group is beginning to discuss TLS3. There is a movement to 
work with competing drafts to avoid the "by committee" problems. 
If anyone has interest in influencing the discussions, the 
proper place is:

     TLS mailing list
     TLS at ietf.org
     https://www.ietf.org/mailman/listinfo/tls

>Really, the
>IETF has its faults, and who knows, maybe there are NSA/GCHQ moles
>pushing the consensus around, but please don't let's generalize so
>broadly.

I agree. The IETF is the most open standards organization I know.

Cheers - BIll

-----------------------------------------------------------------------
Bill Frantz        | If the site is supported by  | Periwinkle
(408)356-8506      | ads, you are the product.    | 16345 
Englewood Ave
www.pwpconsult.com |                              | Los Gatos, 
CA 95032