On Thursday, November 7, 2013, Fred Baker (fred) wrote:
On Nov 6, 2013, at 6:23 PM, Dave Crocker <dhc(_at_)dcrocker(_dot_)net> wrote:
The IETF needs to press for careful attention to privacy
concerns in its work, including protection against surveillance.
[ ] No
[ ] Yes
[ ] Don't Yet Know
[ ] Don't Care
I guess that as a technologist I need a little more information.
First, as the questions were asked this morning and as you suggested they
might have been reworded, the implication of a "yes" is that we will go
back to each protocol we have deployed or in design and "do something" to
make it more private, including protection against surveillance.
I think the implication is to be how we do things should change, designing
without considering security is wrong and we need more cross WGs to avoid
future problems, making design simple is ok to do parts but not full
work/protocol. We need to UPDATE all protocols. The old designers should
admit that there are mistakes no ones perfect.
. I'm not sure we're likely to, for example, change RFC 791 to make it less
available to surveillance, or for that matter RFC 2640.
May be more options of security techniques not only few security algorithms
which may affect other protocols.
I'm not sure exactly how to change UDP, TCP, SCTP, and so on. Yes, there
are some fields that could probably be encrypted, and doing so using IPsec
ESP has some value in terms of integrity checking end to end. But I'm not
sure that this would have an impact on privacy. ICMP? ARP? ND? OSPF? IS-IS?
We should be sure, and we should update protocols for the best services to
the world.
So if the question is "all protocols", I'm not sure it is appropriate for
all of our protocols to be changed, because I'm not sure that they face
threats that we can effectively mitigate.
IMHO, We need to update all the Internet transport and
application protocols for security focus.
As we get further up-stack, the application of TLS or DTLS, and anything
that would help with pervasive use of OpenPGP-or-whatever, would be a good
thing. Where we have protocols that could usefully use TLS/DTLS and don't,
we can address that, and I suspect it might be appropriate for the relevant
working groups to amend their charters accordingly. In those cases, I would
agree that the IETF SHOULD (not "needs to", this is a question of will and
direction, not necessity) pay careful attention to privacy concerns in its
work, including protection against surveillance.
Agree
After that, it's operational. If a site it deploying http and we might
prefer it used https, running out and changing the protocol isn't going to
fix anything. The operator of the site in question needs to change
protocols to https - or something like that.
At least we report breaks and possible attacks, and do or best updates for
our users. If operators don't fix and update,we then blame them, the
community of users are very intelligent.
So, which protocols are under discussion, and what
security/monitoring/privacy threats does each face? Where our protocols
face legitimate threats, yes, we SHOULD address them.
Why privacy threats were not addressed before users noticed the attacks and
that the designers failed? The IETF way of work and structure needs to
change, I already suggested it in past. Once an AD suggested more cross
area, but I think it is better to have cross WGs and changing structure of
IETF areas.
I'm not sure feel-good statements say much.
Yes, It is easy to say or implement but what matters is what happens and
how we work to adapt and develop quicker than our attackers.
AB