[Cryptography] The role of the IETF in security of the Internet: for or against the NSA? for or against the security of users of the net?

Eric Mill eric at konklone.com
Tue Mar 25 14:27:19 EDT 2014 

I personally enjoyed what Mark Nottingham (who is chairing the IETF HTTP2
working group) wrote on the matter:

http://www.mnot.net/blog/2014/01/04/strengthening_http_a_personal_view
http://www.mnot.net/blog/2014/01/30/http2_expectations

>From the last one, "what to expect from http 2":

6. More Encryption

HTTP/2 doesn't require you to use TLS (the standard form of SSL, the Web's
encryption layer), but its higher performance makes using encryption
easier, since it reduces the impact on how fast your site seems.

In fact, many people believe that the only safe way to deploy the new
protocol on the "open" Internet is to use encryption; Firefox and Chrome
have said that they'll only support HTTP/2 using TLS.

They have two reasons for this. One is that deploying a new version of HTTP
across the Internet is hard, because a lot of "middleboxes" like proxies
and firewalls assume that HTTP/1 won't ever change, and they can introduce
interoperability and even security problems if they try to interpret a
HTTP/2 connection.

The other is that the Web is an increasingly dangerous place, and using
more encryption is one way to mitigate a number of threats. By using HTTP/2
as a carrot for sites to use TLS, they're hoping that the overall security
of the Web will improve.



On Tue, Mar 25, 2014 at 9:42 AM, ianG <iang at iang.org> wrote:

> On 24/03/2014 23:53 pm, Sandy Harris wrote:
> > On Sat, Mar 22, 2014 at 9:58 AM, Gary Mulder <flyingkiwiguy at gmail.com>
> wrote:
> >
> >> Would the RFC process be the ideal forum for development of an Internet
> >> Magna Carta?
> >
> > There are already some policy documents, as well as the standards
> > track & BCP security documents:
> >
> > RFC 1984 (best number choice on record?)
> > IAB and IESG Statement on Cryptographic Technology and the Internet
> > https://tools.ietf.org/html/rfc1984
> >
> > RFC 2804 IETF Policy on Wiretapping
> > https://tools.ietf.org/html/rfc2804
> >
> > There may be others that I don't know about.
> >
> > But yes, some sort of Magna Carta would be a good idea and
> > the IETF would in some ways be a good place to develop one.
> > The trick would be to avoid most of the politics and keep
> > discussion to the technical issues.
>
>
> Analogy may serve, but look to Chinese curse:  be careful what you wish
> for!
>
> Is the IETF a place for individuals to find their rights?
>
> Or is it a place for the barons to force their rights over the monarch
> at the point of a sword?  A reading of the history of Magna Carta may
> show a very different view to cozy ideals.
>
> Who are today's barons?  Google, Facebook, IBM, Microsoft?  And if the
> fought over a new Great Charter with the monarch, what would they ask for?
>
> And what would be left for the individuals?
>
>
>
> iang
>
>
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
>



-- 
konklone.com | @konklone <https://twitter.com/konklone>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140325/20d1d0b9/attachment.html>

More information about the cryptography mailing list