ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Last Call: Recognising RFC1984 as a BCP

2015-08-11 01:23:06
from [Eliot Lear] [Permanent Link] 
Hi,

On 8/11/15 6:17 AM, Brian E Carpenter wrote:


    It states an opinion of the IAB and IESG
    at that time regarding two very bad suggestions for key management.  The 
right
    opinion, IMO, but still just an opinion of a dozen or so individuals.

That isn't so. Trivially, it was more like two dozen people (IAB+IESG)
speaking as bodies put in place by the IETF community, not as individuals.
Non-trivially, we strongly believed at the the time that we were giving
the rough consensus view of the IETF as a whole. There was a vigorous
debate in plenary at IETF 32 (Danvers, April 1995) which made the strength
of opinion in the IETF about the need for strong crypto very clear.
Unfortunately I can't readily find any trace of minutes of that plenary.

The first draft of what became RFC 1984 was circulated and wordsmithed
within the IAB and IESG, starting June 1996. An IAB and IESG Statement
version was released to the media on July 24, 1996 and simultaneously
sent to the IETF list, with a statement of intent to publish it as
an RFC. There was a rush due to US Congressional hearings that week.

The only comments we got on the IETF list were supportive, although
there was no formal last call. The RFC version was posted August 19,
1996.



While I wasn't in leadership, this matches my recollection at the time. 
Had the IAB or IESG called for comment, I'm sure they would have gotten
enthusiastic support from the community, which at the time was
galvanized against both export restrictions and the use of key escrow
(keep in mind this was probably the peak of key signing parties at the
IETF). 

I think if we reopened 1984 today we'd probably include discussion of
the need for PFS and might even venture to provide references to high
profile examples of some governments' inability to secure THEIR secure
information, much less that of others.  On balance, though, the document
stands the test of time.

Eliot

Attachment: signature.asc
Description: OpenPGP digital signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tld-00.txt> (The .onion Special-Use Domain Name) to Proposed Standard, Andrew Sullivan
Next by Date:  Re: Last Call: Recognising RFC1984 as a BCP, Joseph Lorenzo Hall
Previous by Thread:  Re: Last Call: Recognising RFC1984 as a BCP, Brian E Carpenter
Next by Thread:  Re: Last Call: Recognising RFC1984 as a BCP, John C Klensin
Indexes:  [Date] [Thread] [Top] [All Lists]