Martin, I have no clue how you come up with that conclusion. Have you
ever worked in organizations that are closed to a small number of
members where decisions are being made behind closed doors? Do you think
that would help to produce better results?
I think the openness and transparency is the best tool we have, even
though it might not be perfect since we still need people to speak up
when they see something fishy and we obviously need reviewers.
If you spot a "backdoor" introduced by someone in the IETF work then you
should speak up. I have not heard about examples of such backdoors in
this discussion yet.
Ciao
Hannes
On 20.09.2013 17:02, Martin Sustrik wrote:
On 19/09/13 17:59, Hannes Tschofenig wrote:
I am personally not worried that the standardization work in the IETF
can be sabotaged by governments since our process is open, and
transparent to everyone who cares to see what is going on.
Isn't it the other way round? That exactly because IETF process is open
it's relatively easy for anyone to secretly introduce a backdoor into a
protocol?
I mean, NSA does security screenings, holds people legally responsible
if they defect etc. So, if I have a NSA-devised protocol, I am almost
sure there's at most 1 backdoor there. If I am afraid of KGB, the
protocol may work well for me. With IETF standard there can very well be
several unknown backdoors introduced by different parties, so it's never
safe.
That being said, wouldn't it make more sense to admit that IETF is not a
good platform for devising, say, crypto protocols and act accordingly
(use 3rd party protocols, make it mandatory for new protocols to enable
pluggable crypto etc.)?
Martin