Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

Jari Arkko <jari.arkko@piuha.net> Fri, 06 September 2013 06:04 UTC

Return-Path: <jari.arkko@piuha.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F9C911E8235 for <ietf@ietfa.amsl.com>; Thu, 5 Sep 2013 23:04:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.576
X-Spam-Level:
X-Spam-Status: No, score=-102.576 tagged_above=-999 required=5 tests=[AWL=0.023, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aTVbfxqmr5RY for <ietf@ietfa.amsl.com>; Thu, 5 Sep 2013 23:04:48 -0700 (PDT)
Received: from p130.piuha.net (p130.piuha.net [193.234.218.130]) by ietfa.amsl.com (Postfix) with ESMTP id 6BEE911E8164 for <ietf@ietf.org>; Thu, 5 Sep 2013 23:04:48 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id B37962CC6B for <ietf@ietf.org>; Fri, 6 Sep 2013 09:04:43 +0300 (EEST)
X-Virus-Scanned: amavisd-new at piuha.net
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZlCdMI97Qsu3 for <ietf@ietf.org>; Fri, 6 Sep 2013 09:04:42 +0300 (EEST)
Received: from [127.0.0.1] (p130.piuha.net [IPv6:2a00:1d50:2::130]) by p130.piuha.net (Postfix) with ESMTP id 32AFB2CC48 for <ietf@ietf.org>; Fri, 6 Sep 2013 09:04:41 +0300 (EEST)
Content-Type: text/plain; charset="iso-8859-1"
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
Subject: Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA
From: Jari Arkko <jari.arkko@piuha.net>
In-Reply-To: <5229686A.5090308@gmail.com>
Date: Fri, 06 Sep 2013 09:04:41 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <31078634-5AEA-4FC9-80A8-2E77650BA530@piuha.net>
References: <5F053C0B-4678-4680-A8BF-62FF282ADDCE@softarmor.com> <alpine.BSF.2.00.1309051743130.47262@hiroshima.bogus.com> <52293197.1060809@gmail.com> <5C7FECAB-8A22-4AF1-B023-456458E1B288@nominum.com> <522949C2.8010206@gmail.com> <52294C6D.7090206@gmail.com> <m2ppsmzgs5.wl%randy@psg.com> <5229686A.5090308@gmail.com>
To: "ietf@ietf.org list" <ietf@ietf.org>
X-Mailer: Apple Mail (2.1508)
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2013 06:04:54 -0000

I think we should seize this opportunity to take a hard look at what we can do better. Yes, it is completely correct that this is only partially a technical problem, and that there is a lot of technology that, if used, would help. And that technical issues outside IETF space, like endpoint security, or the properties of specific products or implements affects the end result in major ways. And that no amount of communication security helps you if you do not the guy at the other end.

But it is also obvious to me that we do not have a situation where everything that could be done has been done. I think we can do more. Some examples:

* we're having a discussion in http 2.0 work whether encryption should be mandatory
* the perpass list has talked about understanding better where fingerprinting is an issue with IETF protocols
* maybe it would be time to start having specs say that implementations must refuse older, weak algorithms
* we could do more analysis and review to understand where the weak points and development opportunities are -- too early to say there are none

And please do not think about all this just in terms of the recent revelations. The security in the Internet is still a challenge, and if there are improvements they will be generally useful for many reasons and for many years to come. Perhaps this year's discussions are our ticket to motivate the world to move from "by default insecure" communications to "by default secure". Publicity and motivation are important, too.

So I for one would like to see work to determine what we could do, and some meeting time in the Vancouver agenda to talk about it.

Jari