ietf
[Top] [All Lists]

Re: [rtcweb] Alternative decision process in RTCWeb

2013-12-04 10:11:43
On Wed, Dec 4, 2013 at 4:16 AM, Jari Arkko 
<jari(_dot_)arkko(_at_)piuha(_dot_)net> wrote:


I find the defeatism quite depressing. If we know the reason the
previous efforts have failed, all we need to do is to address them and try
again.

FWIW, I agree with this. We should not believe we can make all projects
succeed. Or that without a deep understanding of a field we can succeed. Or
that we can succeed without understanding and getting the support of the
world around us. But the Internet is evolving, the users have real needs
and when we know what to do we should do it - you can succeed even in
difficult situations.


I agree except on the requirement for 'deep understanding'.

The only way that deep understanding can be reached in many of these cases
is to try repeatedly and learn from the failures. Or to be willing to 'make
a fool of yourself' by making a statement that might turn out to be false
or incomplete.

People who are worried about making a fool of themselves don't write crypto
protocols. It takes an enormous quantity of ignorance or ego or both to
propose a network crypto protocol. The chances are that someone will take
your beautiful creation and smash it up in front of your eyes and then
dance on all the little pieces.


In particular, I don't think the lectures of the form, 'who are we to
attempt this' are helpful in the slightest. But we always get one from at
least one of two individuals whenever we attempt something new. I don't
think we should abandon hope on S/MIME quite yet but I am quite ready to
dump SMTP just to be rid of the 'you are not worthy' lectures.

Nobody understands this stuff completely. There is no cavalry ready to ride
in with the answers. The academic field of security usability is not yet an
engineering field, it is barely managing to do science.


There are three inescapable lessons of Snowdonia:

1) The insider threat can bring down any organization.

2) Security controls that are too difficult to be used will not be used
even in the most security sensitive organizations.

3) We need usable data level security protections now.


I would certainly encourage people to read the security usability
literature just as I encourage people to read on semiotics, hermeneutics
and many other sources that are outside the narrow field of network
engineering. But don't expect those sources to provide the answers because
they won't. All that you can expect from deeper understanding is to perhaps
ask better questions.
-- 
Website: http://hallambaker.com/