[bestbits] five IETF hums

jefsey jefsey at jefsey.com
Tue Nov 12 06:44:14 EST 2013


This is a mail from Russ Housley. Noteworthy:
(1) they were formed very quickly without full exploration at the plenary
(2) there are concerns that opportunistic encryption could harm other 
security efforts.

The conclusion could be that discussion is to be as informed as is 
possible and that the IETF community will take steps to address 
pervasive surveillance. All this obviously depends on "The BUG" 
resolution. 
http://bramsummit.org/index.php?title=Banned_Use_Gene_%28The_Bug%29_-_Mentalit%C3%A9_de_l%27utilisation_Restreinte_%28MUR%29 
The resolution is most probably not at the IETF level. We do not use 
(trust?) IPsec while we know about SSH.
jfc

>On 11/6/13 12:41 PM, Russ Housley wrote:
>At the end of the IETF88 Technical Plenary, there were five 
>hums.  This note is to provide the text of the hums and the 
>community response.  The people in the room were asked to hum for 
>YES if they agreed with the statement and hum for NO if they 
>disagreed with the statement.
>
>1.  The IETF is willing to respond to the pervasive surveillance attack?
>Overwhelming YES.  Silence for NO.
>
>2. Pervasive surveillance is an attack, and the IETF needs to adjust 
>our threat model to consider it when developing standards track specifications.
>Very strong YES.  Silence for NO.
>
>3. The IETF should include encryption, even outside authentication, 
>where practical.
>Strong YES.  Silence for NO.
>
>4.  The IETF should strive for end-to-end encryption, even when 
>there are middleboxes in the path.
>Mixed response, but more YES than NO.
>
>5.  Many insecure protocols are used in the Internet today, and the 
>IETF should create a secure alternative for the popular ones.
>Mostly YES, but some NO.




More information about the Bestbits mailing list