ietf
[Top] [All Lists]

Re: Last Call: Recognising RFC1984 as a BCP

2015-08-12 16:03:20
On Aug 11, 2015, at 4:52 AM, Stephen Farrell 
<stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie> wrote:
On 10/08/15 23:53, Roy T. Fielding wrote:
That doesn't change the content of the text, which is not expressing
a BCP in any shape or form.

RFC1984 says:

 "Security mechanisms being developed in the Internet Engineering Task
  Force to meet these needs require and depend on the international use
  of adequate cryptographic technology."

I read that use of "require... adequate" (and the rest of the text) as
defining a class of crypto that we do not accept for use with IETF
protocols so I think there is real BCP here even if there are no MUST
statements.

That's a great example of selectively misreading a poorly written text
that would not have passed through a normal last call period, let alone
the IESG review, if it were not for the fact that everyone was reviewing
it as an opinion piece instead of a formal spec.

I read it as "That international commercialization of the Internet stuff
we are doing is based on the premise of strong cryptography being generally
available to provide confidentiality both within and across national borders."

The reason I read it that way is because, in fact, none of the protocols
we developed at that time actually required strong cryptography.  They
just assumed you would layer the right amount of cryptography underneath,
using one of the (at that time) non-IETF security protocols with appropriate
patent and export licensing.

....Roy