ietf
[Top] [All Lists]

Re: Proposed Statement on "HTTPS everywhere for the IETF"

2015-06-01 18:57:25
+1
On Jun 1, 2015, at 3:41 PM, Roland Dobbins <rdobbins(_at_)arbor(_dot_)net> 
wrote:


On 2 Jun 2015, at 4:27, Paul Wouters wrote:

We had to cater to governments banning encryption for its users, and we now 
see what that got them.

They just go around the encryption and compromise the endpoints.  They're 
*governments*, so they have the resources to do that (not debating whether or 
not they should, just stating observed fact).

Also, universal or near-universal encryption is a serious problem in terms of 
detection, classification, traceback, and mitigation of application-layer 
DDoS attacks.  It drastically limits the scaling capacity of defenders, and 
results in even more cost asymmetry between defenders and attackers (in favor 
of the attackers).

My guess is that those who make bold, sweeping statements about how 
everything ought to be encrypted all the time are rarely those who have to 
deal with the unintended consequences of overencryption.

In the final analysis, there are no technical solutions for social ills.  The 
entire issue of unwanted surveillance by government entities is a social and 
political problem; it seems pretty clear that since the social/political side 
of things aren't proving to be easily resolved, that some folks are 
advocating doing *something*, *anything*, irrespective of whether it will 
actually make a positive impact on the conditions to which they object and 
without regard to the non-trivial side-effects of what they're advocating.

The IESG and the IETF in general should concentrate on technical issues, and 
work on solving social and political problems should take place in other, 
more appropriate appropriate fora, IMHO.

-----------------------------------
Roland Dobbins <rdobbins(_at_)arbor(_dot_)net>



<Prev in Thread] Current Thread [Next in Thread>