On Sep 6, 2013, at 8:07 AM, Eliot Lear <lear(_at_)cisco(_dot_)com> wrote:
On 9/6/13 3:04 PM, Martin Sustrik wrote:
So, what if an NSA guys comes in and proposes backdoor to be added to
a protocol? Is it even a valid interest? Does IETF as an organisation
have anything to say about that or does it remain strictly neutral?
It's happened before and we as a community have said no. See RFC 2804.
What if they didn't say they were NSA guys, but just discretely worked a
weakness into a protocol? What if they were a trusted senior member of the
community?
That way lies madness -- but it is a madness we must contemplate. Broader REAL
consensus, rather than apathetic agreement with a single contributor's
assertions is probably the right way to go.
That means an increasing thrust on educating IETFers, broadly, about security
issues. Not just the math, but the whole op-sec envelope.
--
Dean