[Cryptography] The role of the IETF in security of the Internet: for or against the NSA? for or against the security of users of the net?
Phillip Hallam-Baker
hallam at gmail.com
Tue Mar 25 14:28:09 EDT 2014
If people don't like what the IETF does then make your own. Its rather
easier than people imagine. I was part of the W3C breakaway from IETF
and then the OASIS breakaway from W3C.
People have the standards model completely wrong. Writing a standard
is the easy part. The hard part is getting together a coalition to
deploy. I don't go to the IETF because I enjoy doing engineering work
by committee with 200 people. I go there because I need certain
stakeholders to buy-in.
The IETF problem tends to be that it is rather too easily swayed by
the lone wolf who has a crazy idea. So instead of having one way to do
a thing we have a framework like EAP or SASL or GSSAPI that each offer
fifty.
It would be helpful if more people joined in. Right now we are having
a discussion driven by the Snowden papers. Which is important. But I
don't see why we should only build infrastructure to limit NSA abuse.
Turkey is blocking Twitter via the DNS, shouldn't we be looking at
that problem as well? DNS Privacy would be nice but I want a
Private-DNS service that protects my privacy and neutralizes
government censorship attempts.
More information about the cryptography
mailing list