[Cryptography] The role of the IETF in security of the Internet: for or against the NSA? for or against the security of users of the net?
leichter at lrw.com
Wed Mar 26 05:41:34 EDT 2014
On Mar 25, 2014, at 7:32 PM, Stephen Farrell <stephen.farrell at cs.tcd.ie> wrote:
>> Security will not be improved with "trusted proxies" that is for sure
> Its a shame that people do not (or will not?) take in
> that anyone can write an internet-draft about anything
> and post their draft.
> The one to which you refer has no status whatsoever and
> is just one set of authors ideas....
Beyond that, much of the complaint has a "shoot the messenger" quality to it. Official MITM in the style described by the RFC is commonplace today in many business networks and in some national networks. Right now, it operates entirely in the shadows, with the proxy's CA inserted into browsers as part of standard corporate configuration procedures or by more nefarious means.
Approval of the RFC wouldn't make this practice any more common than it already is. Actual *conformance* with the RFC would at least make the presence of the proxy visible and allow users to say no to it. (Of course, the result of saying no may be denial of network access.)
In practice, looking at how such proxies have been used so far, I think we're unlikely to see much conformance with the notification and end-user control mechanisms the RFC requires. Those who put proxies in place generally don't want them noticed - they don't want to answer questions about them. To me, the whole exercise seems pointless.
More information about the cryptography