On Fri, Sep 20, 2013 at 10:02 AM, Martin Sustrik
<sustrik(_at_)250bpm(_dot_)com> wrote:
On 19/09/13 17:59, Hannes Tschofenig wrote:
I am personally not worried that the standardization work in the IETF
can be sabotaged by governments since our process is open, and
transparent to everyone who cares to see what is going on.
Isn't it the other way round? That exactly because IETF process is open
it's relatively easy for anyone to secretly introduce a backdoor into a
protocol?
I mean, NSA does security screenings, holds people legally responsible if
they defect etc. So, if I have a NSA-devised protocol, I am almost sure
there's at most 1 backdoor there.
Absolutely not.
We know that the process failed with Snowden. We do not know where else it
failed.
You will note that I am not criticizing the NSA, I am criticizing the
current management.
If I am afraid of KGB, the protocol may work well for me. With IETF
standard there can very well be several unknown backdoors introduced by
different parties, so it's never safe.
If you are working for the Brazilian government then you are probably not
going to be happy with either prospect.
The Web is an international resource. It does not belong to one government
or country.
That being said, wouldn't it make more sense to admit that IETF is not a
good platform for devising, say, crypto protocols and act accordingly (use
3rd party protocols, make it mandatory for new protocols to enable
pluggable crypto etc.)?
Plugable crypto is not a good idea. We are pretty sure we know how to do
algorithms now, our recent failures have come from the plugability
infrastructures.
Plugable trust models is where we need to go. We are not going to have a
ubiquitous email security infrastructure unless we can move past the S/MIME
vs PGP stalemate. One has deployment, the other mindshare. We should have
built one infrastructure capable of supporting both trust models rather
than two competing proposals.
I see PRISM as an opportunity for us. We have a once in a decade
opportunity to revisit our biggest security failure: email. We have two
infrastructures that are 95% there. We do not need to redo that 95%, we
need to remove some stuff thats in the way and add in the missing 10%.
--
Website: http://hallambaker.com/