ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Last Call: Recognising RFC1984 as a BCP

2015-08-12 16:03:57
from [Eliot Lear] [Permanent Link] 
Hi,

On 8/12/15 10:21 PM, Roy T. Fielding wrote:


I think you completely missed my point. The document says it is an
opinion piece by the IAB and IESG. Everything in it is phrased as such
to avoid pissing off the people in the IETF who believe the
institution should not be playing politics. The result is fine in the
context of an informational RFC. It is not fine for a BCP, even if
that document is brought to the IESG with full consensus of all
working groups. 


This is not simply politics, although we cannot deny that there are
some.  But to put it only in those terms demonstrates a misunderstanding
of RFC 1984.  The document represents what was and is, I believe, a
strong consensus view that key escrow, key length limitations, and
export restrictions are technically harmful to Internet users for all
the reasons stated in the draft.  The points made in the draft were
technically indisputable then and are indisputable now.  If we had to
open up 1984 we simply wouldn't change much, but we *would* make it a
BCP.  So why not just do so?


BTW, I think the choice of 1984 as an RFC number was atypically
juvenile. I don't think anyone outside the echo-chamber has taken
RFC1984 seriously, regardless of its status; instead, the opinions it
described have been adopted because the alternatives it argues against
are inherently stupid. ....Roy 


That didn't stop governments from imposing export restrictions or
proposing key escrow and other bad ideas.  That we are here again now is
disheartening.

 But I'll say one more thing about this: there is, I think, value in
delving into the substance of the law enforcement is raising.  Today
there was an editorial by Cyrus Vance, Jr. amongst others in the New
York Times that called out Apple and Google on their approach.[1]  Last
week there was an article in that same paper about how wiretapping
brought down a huge scam at Brazilian oil producer Petrobras.[2] 
Applying the sound logic of 1984 to these new examples probably would be
very helpful.  In addition, there have been massive security failures
involving escrowed keys.  Highlighting that would also be helpful.  All
of these points would emphasize just how timeless RFC 1984 truly is, and
so should be recognized as a BCP.  Doing so may also facilitate a very
much needed dialog between law enforcement and the technical community.

As to any process issues, we have the ability as a community to make
exceptions, if we believe a process exception is needed.  Rough
consensus gives us that freedom.

Eliot

[1]
http://www.nytimes.com/2015/08/12/opinion/apple-google-when-phone-encryption-blocks-justice.html
[2]
http://www.nytimes.com/2015/08/09/business/international/effects-of-petrobras-scandal-leave-brazilians-lamenting-a-lost-dream.html

Attachment: signature.asc
Description: OpenPGP digital signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Last Call: Recognising RFC1984 as a BCP, Roy T. Fielding
Next by Date:  Re: [saag] Fwd: Last Call: Recognising RFC1984 as a BCP, John C Klensin
Previous by Thread:  Re: Last Call: Recognising RFC1984 as a BCP, Roy T. Fielding
Next by Thread:  Re: Last Call: Recognising RFC1984 as a BCP, Stewart Bryant
Indexes:  [Date] [Thread] [Top] [All Lists]