On 19/09/13 17:59, Hannes Tschofenig wrote:
I am personally not worried that the standardization work in the IETF
can be sabotaged by governments since our process is open, and
transparent to everyone who cares to see what is going on.
Isn't it the other way round? That exactly because IETF process is open
it's relatively easy for anyone to secretly introduce a backdoor into a
protocol?
I mean, NSA does security screenings, holds people legally responsible
if they defect etc. So, if I have a NSA-devised protocol, I am almost
sure there's at most 1 backdoor there. If I am afraid of KGB, the
protocol may work well for me. With IETF standard there can very well be
several unknown backdoors introduced by different parties, so it's never
safe.
That being said, wouldn't it make more sense to admit that IETF is not a
good platform for devising, say, crypto protocols and act accordingly
(use 3rd party protocols, make it mandatory for new protocols to enable
pluggable crypto etc.)?
Martin