[Cryptography] FW: IAB Statement on Internet Confidentiality

[Christian Huitema]

> When the bad guys read "unauthenticated encryption, first and foremost"
they start joyfully singing to
themselves:
>
>   M-T-M all night,
>   M-T-M all day,
>   Traff'c analysis five miles long,
>   Oh, de doo dah day.

Do you really believe that the folks who pushed the IAB statement are not
aware of that?

Of course it is easy to be cynical. "Obscure standard outfit puts up a
statement. The spooks must be shaking in their boots." But it takes time to
update a bunch of IETF standards, and to undo what the IAB called "our
addiction to plain text." So instead of being cynical I would rather take
the statement for what it is, a step in a journey.

By the way, there were many such steps taken during last week's meeting. A
Wi-Fi network was dedicated to experimentation of MAC randomization. The
DHCP working group started discussions of privacy issues. A specific working
group starts working on DNS privacy. The work on TCP encryption progresses.
Lots of efforts on TLS profiles and deployments. 

All that may be going at a glacial pace, but there is something good about
glaciers. They are hard to stop.

-- Christian Huitema