Hiya,
On 12/10/2013 05:56 AM, Eliot Lear wrote:
Jumping down a bit, to what I think is the point...
On 12/9/13 10:56 PM, Stephen Farrell wrote:
Eliot,
On 12/09/2013 07:47 PM, Eliot Lear wrote:
By itself s/where possible/where practical/ might be ok, but given
that your interpretation of "where practical" appears to call for
allowing TLS MITM attack boxes
Where did THAT come from? I never made any such statement or even
alluded to such an idea.
But isn't TEMPORA an "operational reality"? And CALEA?
And aren't TLS MITM attack boxes?
Perhaps that last is not what you had in mind when you use
the term operational reality. And I'd hope that you don't
mean the first. And we had the discussion about the middle
one and got to 2804. But the text you suggested would
appear to call for not considering any of the above as being
part of the pervasive monitoring attack since they are part
of the "operational reality." To me, that's nonsensical.
But even if better phrased, including such ambiguity in
this draft, and especially when that would also create a
conflict with 2804 seems like a really bad idea.
We have developed an entire ecosystem that was
predicated on encryption NOT being in certain places. If we can do
better while not destroying people's ability to operationally manage
their network, great. But I never went into mechanism.
Fair enough. The draft already says that unmanageable networks
wouldn't be an acceptable outcome though, so again I don't
see what change is needed.
What's more:
As I said before the httpbis WG are working through the complex
and involved issues related to HTTP and TLS and proxies. Do you
expect this to short-circuit that WG's efforts? And why would my
particular opinion of that be interesting here? Seriously I've no
idea what answer you expect there as to "how far" *I* "would go
to mitigate".
Quite the opposite, I am concerned that we do not understand the
implications of what happens to a document when it comes out of a
working group and hits the IESG.
I don't know how to answer in a usefully different way, the
draft says that we treat pervasive monitoring in the same way
we treat any other threat. The IESG then apply the discuss
criteria as usual as part of IESG evaluation, but you can't
be asking that that kind of text be added are you?
I'm just not seeing what else needs to be stated in this draft.
Will operational realities still
apply?
See above for why that phrase doesn't help. If the draft is to
call out anything then that has to be done extremely carefully
so as not to effectively neuter the entire thing.
That's why I want to know your thinking in an EXAMPLE I gave
(not for doing the HTTP WG's work - they should be left to do it). And
you seem to be unwilling to answer that question.
Yes, I'm not willing to go there because I'm part of that
discussion as an IETF participant but will also be involved
in the IESG evaluation of the outcome (*) and that's already
a tightrope to walk - asking me to say now how I'll judge
the httpbis outcome that doesn't yet exist against this BCP
which isn't yet final, isn't fair, nor useful, nor, I maintain,
even relevant and that last for the reasons I've explained
a number of times ("just another threat").
And on that, I'd ask that you step back from your concerns
with HTTP and consider how this BCP would be read in say
10 years time. Crafting it specially now so as to lead to
(or avoid) some specific outcomes related to the current
httpbis work seems very short-sighted to me, and that is
how I perceive what you're asking for.
Stephen.
(*) Assuming no recalls etc.:-)
Eliot