IETF Logo Mail Archive

Re: @EXT: RE: United Nations report on Internet standards

Fred Baker <fredbaker.ietf@gmail.com> Thu, 02 April 2020 16:54 UTC

Return-Path: <fredbaker.ietf@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7B9F3A086B for <ietf@ietfa.amsl.com>; Thu, 2 Apr 2020 09:54:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eN1q1HEHD8Z6 for <ietf@ietfa.amsl.com>; Thu, 2 Apr 2020 09:54:52 -0700 (PDT)
Received: from mail-wm1-x32e.google.com (mail-wm1-x32e.google.com [IPv6:2a00:1450:4864:20::32e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4DE073A0884 for <ietf@ietf.org>; Thu, 2 Apr 2020 09:54:51 -0700 (PDT)
Received: by mail-wm1-x32e.google.com with SMTP id a81so4432887wmf.5 for <ietf@ietf.org>; Thu, 02 Apr 2020 09:54:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc:message-id:references :to; bh=bTfXa9mXzAFhKfzzvb7Ia71ARLP/wEU3ha91EOZU3ng=; b=LFvDHYVsn+5xhxANgjR3jKmv/dkG7KaaVRqYq1VGUuCHARVd40JO4iPMwqsdxd9VJc g95kzbtTIAQKsOKU4BS5JN/zBvGD86wAGcSxrDpOnmTcC7OqTfkQ2wKWT6Rm42qGok/F YvvzEzShs/YlBlGXuGcYl8vjrTyP2JDlMCvms+tl2IDbntoAdRGlQacWspNubQAU6TH6 AkL7CP+G8FofgiLWO+tK6z2igs5lphtS1vslPqLgDl1ZskWkGCXcppx4NdT+QpSoGVEi ja9J8vXLFIu/h5bfLweBZiBqBvNClja29zUdZAz+MHa0EunczP5Rta/xDx2GG6C0xcN5 AX/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=bTfXa9mXzAFhKfzzvb7Ia71ARLP/wEU3ha91EOZU3ng=; b=tMuHtSIMz+bS9V17QTwg+Y3TIm1XYuP3vj9xl+S/Hvv2xTfvTYj2oWTqpBj2lLri3+ rR48cq91tRgGSwx6eStxOYeaKlUJ7SdY55s1JtosU+mRiwD73Onxed8+oYz2WIEA5kTD VfmAN8An/DIUDiH46nfisPJXlqGBPmELm8cszMiqC2sVB8RX9Jf3MKL9jVs/Towe6/6z wPyoSqY4WfcFB+0IoLOS/8Pp04HvLdlsvmh5Kb0fDvL/wwvq3GKIWHuH1Z06upIUlFaK UWbqJrX7VkaLL2d9XML829Pzm11UJyPhSCJ2zAJtr0Rznjkc8FWBs2WvVCxwsd2uzbP+ Q17Q==
X-Gm-Message-State: AGi0Pub1zka0zTY6rBvpHFTJsYy0dgG6mAtTQIaVKnsr66r0YYtwkglj Ha6gM0hJUdDbfK5p2bHZFSrw9EXb
X-Google-Smtp-Source: APiQypK0dxFOi12IgWzBsEsCIkRK07WuLy5hDTn8ArjThYLZ9TU0QegSJ9/jU5h7QwPdjUafGEx+xA==
X-Received: by 2002:a7b:c8cd:: with SMTP id f13mr4352742wml.138.1585846489662; Thu, 02 Apr 2020 09:54:49 -0700 (PDT)
Received: from ?IPv6:2600:8802:5900:13c4::1022? ([2600:8802:5900:13c4::1022]) by smtp.gmail.com with ESMTPSA id g2sm8008597wrs.42.2020.04.02.09.54.47 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 02 Apr 2020 09:54:48 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_8243B9EB-547C-4F30-82FF-55AA1454CB58"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Subject: Re: @EXT: RE: United Nations report on Internet standards
From: Fred Baker <fredbaker.ietf@gmail.com>
X-Priority: 3
In-Reply-To: <713270061.4157.1585575906743@appsuite-dev-gw1.open-xchange.com>
Date: Thu, 02 Apr 2020 09:54:45 -0700
Cc: Keith Moore <moore@network-heretics.com>, ietf@ietf.org
Message-Id: <17D85408-6815-4E22-ABAF-6037DBF2FB6D@gmail.com>
References: <68ab4f9e057d49b0972f97a907f45ced@elvas.europol.eu.int> <4668b6f7-cf7e-b577-3ece-30d1bdf3a4bc@network-heretics.com> <713270061.4157.1585575906743@appsuite-dev-gw1.open-xchange.com>
To: Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/3G1lIddpx25NftITynCiapiitYY>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Apr 2020 16:54:55 -0000


> On Mar 30, 2020, at 6:45 AM, Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org> wrote:
> 
> No one outside the IETF has problems with the IETF using its own traditional method to make technical choices. However, the concerns arise when the IETF makes policy choices that are de facto binding for the whole Internet. For example, privileging encryption over security is a policy choice. Designing technologies to circumvent national and personal content control points is a policy choice. IETF participants seem to oscillate between claiming that these are objectively good policy choices (as if an "objectively good" policy choice could ever exist) and claiming that these are in fact technical choices (but they are not).

Let me put a finer point on Keith's comment. "...privileging encryption over security" is a fairly interesting statement. The encryption people would, I think, tell you that encryption is a technology whose fundamental purpose is security, so it cannot be privileged over security. Now, on the other hand, in the TLS 1.3 discussion we have had people talking about privileging creating a new security key for every session over being able to debug operational problems in an operational environment, and I would say that is in fact very different; when security prevents people from debugging problems, that's something that I want the security people helping operators to solve.

In your statement, I think the word "security" needs a definition. Encryption got privileged over what, specifically?

A request we have gotten frequently from law enforcement is some form of back door - a way for law enforcement to bypass security technologies including (but not limited to) encryption under appropriate authority. The issue there has been an assumption - that the bypass was something that only law enforcement would or could use. Painful experience tells us that (quoting Europol's recent article on COVID-19, https://www.europol.europa.eu/newsroom/news/how-criminals-profit-covid-19-pandemic) organized crime is "very quick to adapt well-known ... schemes to capitalise on the anxieties and fears of victims throughout the crisis." One could say "fine, take the data back to the company and have them decrypt it". But we have ample history of organized crime finding ways to get companies to do that for them as well, such as LAPD's LAES engineer that got leaned on by organized crime (1997) with the result that organized crime was wiretapping the police.

I don't see a good way to ensure security that doesn't make law enforcement's job harder. I don't see the value of apologizing for that.

v2.23.0 | Report a Bug | By Email