[Cryptography] FW: IAB Statement on Internet Confidentiality

Jay Sulzberger jays at panix.com
Mon Nov 17 16:03:09 EST 2014

On Mon, 17 Nov 2014, alex at alten.org wrote:

> Hmm...the Reddit posting has had no responses.
> On a more serious note, the IAB statement below opens up a whole can of 
> worms.
> 1. The vast bulk of the Internet protocols now and in the future already 
> exist. How are we going to retrofit them or somehow deal with them?  New 
> secure protocols will be a tiny percentage of the installed base of insecure 
> protocols.
> 2. You can't just encrypt/authenticate without dealing with key management, 
> which adds more complexity and state to a protocol and supporting software. 
> Is the IETF going to design a one-size fits all key management protocol?
> 3. You can't just add key management without dealing with policy 
> adjudication. And you can't adjudicate without a (globally) scalable way to 
> deal with the identity of humans and programs.  How do we represent and store 
> policy attributes and rules? Is this beyond the purview of the IAB? If so, 
> whom does the IAB coordinate with?
> 4. You can't encrypt without dealing with legal issues, like supporting 
> judicial warrants for "wire taps". We cannot ignore most (democratic?) 
> societies' need to investigate crime. (I expect to get heated flame mail over 
> this point.)
> 5. You can't successfully secure your comm links if your nodes are insecure. 
> At the very least we will need to have operating systems that support 
> something like a Biba integrity model for processes.  And to do this we need 
> some sort of Reference Monitor inside each OS.  How can we do this without 
> hardware support?  And how do we get all the OS vendors to agree to secure 
> their OS's in manner that supports these new (and retrofitted) protocols 
> keying and policy needs?
> - Alex

ad 1: No, most new things start small.

ad 4: No, we need not negotiate with ourselves before building
and deploying stuff.

Here is one task which, if accomplished, may open a way forward:

   Write and distribute a system, which two non-sysadmins can learn to
   use in one full day, which provides:

   A method of sending an encrypted file from the home computer of
   Non-SA-A to the home computer of Non-SA-B.  The system does not
   require the use, at the application level, of a third party Net
   connected machine.


   1. Non-SA-A's, and also Non-SA-B's, machine is a home machine
      which sits behind a standard home router.  The system may
      require replacement of the home router.

   2. Non-SA-A and Non-SA-B have met and exchanged some pieces of
      paper, before the first transmission.

   Lack of Objective: The system should not defend againt traffic

I just now attempted to find a piece by John Walker, from about
twenty years ago, explaining the difficulty of traversing NAT in
order to make a home computer to home computer VOIP system.  I
think this is the piece, though it is about more than just NAT
and home computer telephony:



> Quoting ianG <iang at iang.org>:
>> For what it is worth, I twittered the below statement last night, and it 
>> got 2 orders of magnitude more response than anything I've ever said.  I 
>> conclude that the IAB's statement has struck a public nerve; there is clear 
>> approval in the public's mind.
>> iang
>> ps; I submit that this is a sensible top-post ;)
>> On 14/11/2014 13:46 pm, Salz, Rich wrote:
>>> -----Original Message-----
>>> From: IAB Chair [mailto:iab-chair at iab.org]
>>> Sent: Friday, November 14, 2014 4:26 AM
>>> To: IETF Announce
>>> Cc: IAB; IETF
>>> Subject: IAB Statement on Internet Confidentiality
>>> Please find this statement issued by the IAB today.
>>> On behalf of the IAB,
>>>  Russ Housley
>>>  IAB Chair
>>> = = = = = = = = = = = = =
>>> IAB Statement on Internet Confidentiality
> -- 
> Alex Alten
> alex at alten.org

More information about the cryptography mailing list