Re: Transparency in Specifications and PRISM-class attacks

John C Klensin <john-ietf@jck.com> Fri, 20 September 2013 14:34 UTC

Return-Path: <john-ietf@jck.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B6DF21F9A57 for <ietf@ietfa.amsl.com>; Fri, 20 Sep 2013 07:34:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.557
X-Spam-Level:
X-Spam-Status: No, score=-103.557 tagged_above=-999 required=5 tests=[AWL=0.042, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7KPh2A07WMf1 for <ietf@ietfa.amsl.com>; Fri, 20 Sep 2013 07:34:48 -0700 (PDT)
Received: from bsa2.jck.com (bsa2.jck.com [70.88.254.51]) by ietfa.amsl.com (Postfix) with ESMTP id 1352321F9A3D for <ietf@ietf.org>; Fri, 20 Sep 2013 07:34:47 -0700 (PDT)
Received: from [198.252.137.115] (helo=JcK-HP8200.jck.com) by bsa2.jck.com with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1VN1nB-000HTU-Aw; Fri, 20 Sep 2013 10:34:45 -0400
Date: Fri, 20 Sep 2013 10:34:40 -0400
From: John C Klensin <john-ietf@jck.com>
To: Ted Lemon <ted.lemon@nominum.com>, Harald Alvestrand <harald@alvestrand.no>
Subject: Re: Transparency in Specifications and PRISM-class attacks
Message-ID: <2ED4A2EE7863AE25545BA1FE@JcK-HP8200.jck.com>
In-Reply-To: <3442CB64-F609-417B-80B2-7D2435172CEE@nominum.com>
References: <CAMm+LwiYy1xVGFvcKNbmLEEWcnHns70CS6aH9zV4B0Xqg-OWOw@mail.gmail.com> <523C216A.8030305@alvestrand.no> <523C339F.9080205@gmx.net> <523C49A0.8020405@alvestrand.no> <3442CB64-F609-417B-80B2-7D2435172CEE@nominum.com>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Cc: IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Sep 2013 14:34:54 -0000

--On Friday, September 20, 2013 10:15 -0400 Ted Lemon
<ted.lemon@nominum.com> wrote:

> On Sep 20, 2013, at 9:12 AM, Harald Alvestrand
> <harald@alvestrand.no> wrote:
>> From the stack I'm currently working on, I find the ICE spec
>> to be convoluted, but the SDP spec is worse, becaue it's
>> spread across so many documents, and there are pieces where
>> people seem to have agreed to ship documents rather than
>> agree on what they meant. I have not found security
>> implications of these issues.
> 
> This sort of thing is a serious problem; people do make
> efforts to address it by writing online guides to protocol
> suites, but this isn't always successful, and for that matter
> isn't always done.   We could certainly do better here.

Ted,

Based in part on experience with the specs of, and discussions
in, other standards bodies, the problem with guides (online or
not) is 

(1) They may contain errors and almost always have omissions.
The latter are often caused by the perfectly good intention of
simplifying things and making them understandable by covering
only the important cases.

(2) If they are comprehensible and the standard is not, people
tend to refer to them and not the standard.  That ultimately
turns them into the "real" standard as far as the marketplace is
concerned.   FWIW, the same problem can, and has, happened with
good reference implementations.

I don't know of any general solution to those problems, but I
think the community and the IESG have got to be a lot more
willing to push back on a spec because it is incomprehensible or
contains too many options than has been the case in recent years.

   john