[Cryptography] The role of the IETF in security of the Internet: for or against the NSA? for or against the security of users of the net?

[Stephen Farrell]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hiya,

On 03/26/2014 08:53 AM, Guido Witmond wrote:
> On 03/26/14 00:32, Stephen Farrell wrote:
> 
>> Its a shame that people do not (or will not?) take in that anyone
>> can write an internet-draft about anything and post their draft.
> 
> 
> Hi Stephen,
> 
> 
> I have this crazy idea about using client certificates to create 
> authenticated yet anonymous/pseudonymous accounts, making
> cryptography transparent to the end users. (Site builders,
> operators and hosters do have some work to do).
> 
> I would love to write my ideas in a draft.

Go for it then. While you might be tilting at a windmill,
that's ok too sometimes I figure, and I've done that myself
for what's probably v. similar to one of the moving parts
of your proposal. [1]

> My fear is that the barons and kings of this world won't like it as
> they lose much of their surveillance capabilities. With many
> members of the IETF being henchmen of the barons, they will outvote
> me any time.

The IETF doesn't vote and doesn't have members. People participate
mainly via email same as here, but with a load of bureaucracy that's
unfortunately needed to get to and establish a rough consensus that's
written down in an RFC when there're a few thousand voices that can
in principle be involved in anything.

> Or have the times changed since the Revelations of a Contractor and
> is there a genuine wish at the barons and kings levels to make
> privacy a birth-right?
> 
> Is that fear justified? Or is it paranoia? What are the experiences
> on this?

WRT barons, kings, henchmen and fear: if you're able to make
sound technical arguments and figure out how to get stuff done
the IETF is a place where you can get stuff done. It does take
work though, and not everyone wants to devote their time to
that kind of thing, which is just fine. (ISTM there are some
folks who never manage to figure out how to get stuff done
despite trying, whilst others grok that really quickly. People
are just different I guess.)

And have the times changed? Yes, in the IETF its looking like
they may have, but we won't know for sure for some time. As one
example, in London this month, we had a productive discussion
about adding some form of confidentiality for DNS queries. [2]
There's a mailing list [3] for that, and that list might well
figure out something useful in that space that could be deployed.
Two years ago that wouldn't even have gotten onto an agenda I'd
say, as privacy or confidentiality were considered non-goals
for DNS in general. There are more examples like that too.

While some skepticism is always warranted of course, I do
think things are clearly moving the right direction at the
moment. (But then I would, wouldn't I:-)

Cheers,
S.

[1] https://tools.ietf.org/html/draft-ietf-httpauth-hoba
[2] https://datatracker.ietf.org/meeting/89/materials.html#dnse
[3] https://www.ietf.org/mailman/listinfo/dns-privacy

> 
> Regards, Guido.
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQEcBAEBAgAGBQJTMr32AAoJEC88hzaAX42ibRkH/RpNvvek7lZYqEBNPc1GI9Rv
Eo/BAUMsrJvW9rJT3Yzm8MIc+tyEVU1EQ4SRXwl3q5kln83wjHTXYpsnq5YV0/S8
DYh+Xwds5BKdr8AWH2EHAy6EQUSFsB5S4RiIwM2WqLA9C5YOp1OrZF3YJQtn9EMx
PZ853W0R2mr609xMM1EHGdBKpB7OMp7ppfV6Kb523RgOtk4+6SToWwXjgFAgrpBX
RVvSJFhC070StMhcs5X4/2THJvKefoHDx4HG8Reqvt26x2bo/wQAyXeNSZu/pKYJ
N2AgYaypW0H8nHmdQ95tyV//Uq/OgTD4u5qmy3+wrxgqUg44wQp6c/TzAVROE/8=
=Ev4/
-----END PGP SIGNATURE-----