Re: [arch-d] Time to reboot RFC1984 and RFC2804?

"Joel M. Halpern" <> Tue, 13 October 2020 13:47 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0B1AE3A0FD2 for <>; Tue, 13 Oct 2020 06:47:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.311
X-Spam-Status: No, score=-2.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.213, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Gbvm5UtHomls for <>; Tue, 13 Oct 2020 06:46:58 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8C4723A0CDB for <>; Tue, 13 Oct 2020 06:46:58 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4C9cKZ3BZHz6G84t; Tue, 13 Oct 2020 06:46:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=2.tigertech; t=1602596818; bh=B6Ch73RV+5ja+2/e4T8G6xIrSHXvU7Tra1jARedrOv8=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=EbjCKaF6Tu+pVWl/e19D9F9by2Uzy8uZ208hJkoosk4SarTdFq2pGYHlf2BLAjzPL GxG+pukKF+EHOBIaHvzEKTMU4FL7YhPalrZ3MdL4jjkkwqFUeG6YccWWhAv0EAj704 Pc2egBBLlpayfWc5B1zR2pAkeMg41MjZ0xM5M52s=
X-Quarantine-ID: <Q4T4fC0F4j4O>
X-Virus-Scanned: Debian amavisd-new at
Received: from [] (unknown []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 4C9cKY6Dg6z6G8pk; Tue, 13 Oct 2020 06:46:57 -0700 (PDT)
To: Stewart Bryant <>
Cc: "" <>
References: <> <975E28FE326C22E8CD32DCC8@PSB> <> <LO2P265MB05736C784B36942C7ECF71ECC2070@LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM> <> <> <> <>
From: "Joel M. Halpern" <>
Message-ID: <>
Date: Tue, 13 Oct 2020 09:46:56 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.12.1
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <>
Subject: Re: [arch-d] Time to reboot RFC1984 and RFC2804?
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 13 Oct 2020 13:47:00 -0000

Stewart, please do not describe this as "allowing people to do bad 
things to innocent people".  We are not "allowing"anything.  We are 
trying to properly protect communication, without regard to the content.

Recasting it as the IETF allowing harm misrepresents almost all aspects 
of the problem.

As for squaring teh circle, I tend to trust the many crypto 
professionals who have repeatedly looked at this trying to find 
compromises, and the many reports they have produced about it.


On 10/13/2020 9:34 AM, Stewart Bryant wrote:
>> On 13 Oct 2020, at 14:17, Stephen Farrell <> wrote:
>> Hiya,
>> On 13/10/2020 13:48, Stewart Bryant wrote:
>>> Stephen,
>>> Those governments are looking for ways to stop real harm to real
>>> people.
>> Some are, yes. That is not all they are interested in doing
>> of course (they all do like a bit of spying here and there:-)
>> and all that varies enormously from one to another government.
>> Some governments want these changes in order to do what I would
>> call harm.
> Engineering calls for a pragmatic balance of results and costs.
>>From where I sit, I see a significant downside in allowing bad people to do bad things to innocent people.
>>> We have to accept that we have unintentionally played a part in
>>> causing some of that harm.
>> And a lot of good. IMO, on balance, and after having done
>> this stuff for >3 decades, I'm happy that we've done overall
>> far more good (with crypto in protocols) than harm. (That
>> doesn't include surveillance capitalism, but that isn't the
>> same issue.)
>>> So the problem that we have a moral responsibility to address is to
>>> find methods that stop or minimise those harms.
>> I don't accept that. The "we" isn't clear, but what
>> does seem clear is that meeting the requirements posed
>> is (IMO anyway) likely to do more harm. I've never
>> seen any proponent of borked crypto do a proper analysis
>> of the damage that would be done - they almost always
>> seem to approach it as mostly a PR exercise and so go
>> straight to the "think of the children" and "what about
>> the terrorists" talking points.
> Well I am certainly concerned about those two groups.
> So the interesting question is whether there is any other way of addressing the requirement without borking the crypto, at least for the majority of applications used by those causing the harm.
>>> The problem may be hard but so were many other problems that we now
>>> take for granted as solved.
>> I didn't say "hard." I said "squaring the circle." The
>> latter isn't possible and is much more like the "magic"
>> that is being asked for, and has been asked for since
>> the Clipper days, without any technical progress at all
>> in those 25 years.
> Are, but that is my point. Maybe we cannot exactly square the circle, but perhaps, if we look at the problem in the right way we can create a sufficiently close approximation that it satisfies the requirement?
> Stewart
>> S.
>>> Stewart
>> <0x5AB2FAF17B172BEA.asc>
> _______________________________________________
> Architecture-discuss mailing list