[Cryptography] FW: IAB Statement on Internet Confidentiality
alex at alten.org
alex at alten.org
Sun Nov 16 23:54:11 EST 2014
Hmm...the Reddit posting has had no responses.
On a more serious note, the IAB statement below opens up a whole can of worms.
1. The vast bulk of the Internet protocols now and in the future
already exist. How are we going to retrofit them or somehow deal with
them? New secure protocols will be a tiny percentage of the installed
base of insecure protocols.
2. You can't just encrypt/authenticate without dealing with key
management, which adds more complexity and state to a protocol and
supporting software. Is the IETF going to design a one-size fits all
key management protocol?
3. You can't just add key management without dealing with policy
adjudication. And you can't adjudicate without a (globally) scalable
way to deal with the identity of humans and programs. How do we
represent and store policy attributes and rules? Is this beyond the
purview of the IAB? If so, whom does the IAB coordinate with?
4. You can't encrypt without dealing with legal issues, like
supporting judicial warrants for "wire taps". We cannot ignore most
(democratic?) societies' need to investigate crime. (I expect to get
heated flame mail over this point.)
5. You can't successfully secure your comm links if your nodes are
insecure. At the very least we will need to have operating systems
that support something like a Biba integrity model for processes. And
to do this we need some sort of Reference Monitor inside each OS. How
can we do this without hardware support? And how do we get all the OS
vendors to agree to secure their OS's in manner that supports these
new (and retrofitted) protocols keying and policy needs?
- Alex
Quoting ianG <iang at iang.org>:
> For what it is worth, I twittered the below statement last night,
> and it got 2 orders of magnitude more response than anything I've
> ever said. I conclude that the IAB's statement has struck a public
> nerve; there is clear approval in the public's mind.
>
> iang
>
> ps; I submit that this is a sensible top-post ;)
>
>
> On 14/11/2014 13:46 pm, Salz, Rich wrote:
>>
>> -----Original Message-----
>> From: IAB Chair [mailto:iab-chair at iab.org]
>> Sent: Friday, November 14, 2014 4:26 AM
>> To: IETF Announce
>> Cc: IAB; IETF
>> Subject: IAB Statement on Internet Confidentiality
>>
>> Please find this statement issued by the IAB today.
>>
>> On behalf of the IAB,
>> Russ Housley
>> IAB Chair
>>
>> = = = = = = = = = = = = =
>>
>> IAB Statement on Internet Confidentiality
>>
--
Alex Alten
alex at alten.org
More information about the cryptography
mailing list