On 2016-03-17 02:20, Michael StJohns wrote:
On 3/16/2016 6:33 PM, Tony Hain wrote:
Michael StJohns wrote:
I'm still trying to wrap my head around an "I must not be caught"
protocol designer.
Funny, but I thought the target of the documents was "implementers".
While
it is easy to look around an IETF meeting and start to believe that the
documents are "by and for protocol designers", that should not be the
case.
It should also not be hard to believe in an "I must not be caught"
implementer an app that used IPsec.
There are "participators" (or protocol designers) who would be expected
to go back time and again to the IETF website to grab new stuff
(internet drafts etc), and possibly contribute, and there "implementers"
who are usually coming after the fact and grabbing the final document
for implementation. It's generally not cost effective - unless you're
very involved in the design process - to implement the internet draft
flavor of the week. I think of the IETF website primarily serving the
first group with access to the second group kind of a happy accident.
(I'm not quite as flip about it as that, but keep in mind the target
audience of the ID's and all of the cruft that goes with moving them
through the standards process vs the target audience of RFC's).
So my point was more about there being lots of sources for finished
documents (RFCs) that aren't the IETF (google Request for comments
mirror) where someone with a Tor browser can just grab those without the
IETF doing anything. There are also plenty of ways for others to make
mirrors of IETF content that don't involve intercession by the IETF
staff (you've mentioned setting up a TOR public hidden service - I'd
suggest that its better to have a Tor'ite do it that the IETF) - and
many have done so.
WRT to your example - its really "implementer that built an app that
used IPSec for something that broke some law somewhere". It's not
generally the IPSec per se that's a violation (or for that matter any of
the IETF protocols), but what they get used for. And even then, he's
more likely to be grabbing one of the open source packages that
implement the IETFs protocols than implementing something himself.
I mostly get where you're coming from - but I'm finding it hard to
believe that the size of the intersection of "Tor users", "safety via
anonymity required users" and "IETF participants" is very large - if it
contains any elements at all.
What I've asked for is for data on the size of the problems - and what
I've been told is that no data is to be had. I'm OK with that, but that
turns statements about why things are needed from objectively
evaluatable proposals into subjective positions where either side might
have all or part of the truth. Or put another way, turns good factual
arguments which I can evaluate into simple opinions which each of us
will take with a different grain of salt.
I have an idea: instead of a CAPTCHA, can't we get CF to implement
"proove that you are an IETFer" test that requires you to dive into
an inane thread on the IETF list and identify the precise point where
it jumped the shark.