Re: [arch-d] Time to reboot RFC1984 and RFC2804?
John C Klensin <john-ietf@jck.com> Sun, 11 October 2020 21:20 UTC
Return-Path: <john-ietf@jck.com>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 117243A07AE for <architecture-discuss@ietfa.amsl.com>; Sun, 11 Oct 2020 14:20:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0cAF50oUFRCy for <architecture-discuss@ietfa.amsl.com>; Sun, 11 Oct 2020 14:20:18 -0700 (PDT)
Received: from bsa2.jck.com (bsa2.jck.com [70.88.254.51]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 489793A07A0 for <architecture-discuss@ietf.org>; Sun, 11 Oct 2020 14:20:18 -0700 (PDT)
Received: from [198.252.137.10] (helo=PSB) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1kRilH-0002hd-61; Sun, 11 Oct 2020 17:20:11 -0400
Date: Sun, 11 Oct 2020 17:20:04 -0400
From: John C Klensin <john-ietf@jck.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
cc: architecture-discuss@ietf.org
Message-ID: <975E28FE326C22E8CD32DCC8@PSB>
In-Reply-To: <8fa06d77-e73b-aa15-683d-937e8841566f@gmail.com>
References: <8fa06d77-e73b-aa15-683d-937e8841566f@gmail.com>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Connect-IP: 198.252.137.10
X-SA-Exim-Mail-From: john-ietf@jck.com
X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/AFYWnkVNSE6n5Yw0Hg_3-oK768U>
Subject: Re: [arch-d] Time to reboot RFC1984 and RFC2804?
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Oct 2020 21:20:20 -0000
--On Monday, October 12, 2020 08:27 +1300 Brian E Carpenter <brian.e.carpenter@gmail.com> wrote: > Not to mention RFC 7258. > > Orders from the Top: The EU's Timetable for Dismantling > End-to-End Encryption: > https://www.eff.org/deeplinks/2020/10/orders-top-eus-timetable > -dismantling-end-end-encryption > > Five Eyes and Japan call for Facebook backdoor to monitor crime > https://asia.nikkei.com/Business/Technology/Five-Eyes-and-Japa > n-call-for-Facebook-backdoor-to-monitor-crime Brian, This, plus another variation on the theme [1], is what has been concerning me for some time. It has caused an occasional rant but I'm mostly stayed silent because the IETF consensus (at least when 7258 was published) seemed clear. It seems to me that we (very broadly defined) may be headed into a period in which: (1) We are forced into a choice between encryption and other technical privacy protections against attacks (borrowing the 7258 language) by individuals and attacks by governments (including law enforcement), especially governments who have jurisdiction over the sender, receiver, or other. The default if we don't choose and make the distinction clear to others may be "neither". and/or (2) We are forced into a choice between an open and global Internet and one that is very fragmented with security and privacy protective only within mutually-isolated more local networks. We would have either no communication among those local networks or content filtering, application-level, gateways at politically selected boundaries. Refusing to chose might result in both bad outcomes. I want to stress that I do not advocate or welcome being forced into those choices or any of the outcomes they might imply. But I think it may be where we are headed, with the two pieces you cite above, increased pressure for "law enforcement access" in a variety of places, etc., possibly just being road signs on that path. Sadly, john [1] The other concern that goes with this involves assorted enterprises deciding they need to protect themselves from assorted bad stuff by examination of content crossing their boundaries. For a subset of them (and their firewall, etc.) providers, the shift to "encryption everywhere" creates a challenge that they see no way to deal with other by eliminating client desktop to server (or other end to end) encryption and replacing it with client to middlebox/ middlebox to server mechanisms, preserving encryption across the public Internet at the cost of a single point of failure with access to cleartext at their boundary middleboxes.
- [arch-d] Time to reboot RFC1984 and RFC2804? Brian E Carpenter
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? John C Klensin
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Christian Huitema
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Mo Balaa
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? John C Klensin
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Andrew Campling
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Brian E Carpenter
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Stephen Farrell
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Vittorio Bertola
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Stewart Bryant
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Stephen Farrell
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Stewart Bryant
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Joel M. Halpern
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Stewart Bryant
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Toerless Eckert
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Toerless Eckert
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? John C Klensin
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Stephen Farrell
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Brian E Carpenter
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Andrew Campling
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Toerless Eckert
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Stephen Farrell
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Christian Huitema
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Toerless Eckert
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Stephen Farrell
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Toerless Eckert
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Stephen Farrell
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Toerless Eckert
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Stewart Bryant
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Eliot Lear
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Stewart Bryant
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Andrew Campling
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Stephen Farrell
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Andrew Campling
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Stephen Farrell
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Andrew Campling
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Toerless Eckert
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Brian E Carpenter
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Andrew Campling
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Eliot Lear
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Guntur Wiseno Putra
- Re: [arch-d] Time to reboot RFC1984 and RFC2804? Brian E Carpenter