IETF Logo Mail Archive

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

Tim Bray <tbray@textuality.com> Fri, 06 September 2013 22:03 UTC

Return-Path: <tbray@textuality.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A816C21E80DA for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 15:03:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.197
X-Spam-Level:
X-Spam-Status: No, score=-3.197 tagged_above=-999 required=5 tests=[AWL=-0.221, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id snhdOC-wOvGU for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 15:02:53 -0700 (PDT)
Received: from mail-ve0-f180.google.com (mail-ve0-f180.google.com [209.85.128.180]) by ietfa.amsl.com (Postfix) with ESMTP id D0D8421E8054 for <ietf@ietf.org>; Fri, 6 Sep 2013 15:02:52 -0700 (PDT)
Received: by mail-ve0-f180.google.com with SMTP id jz11so1997663veb.25 for <ietf@ietf.org>; Fri, 06 Sep 2013 15:02:52 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=pl5hkPun3K9EjnS+GorpBGs0h5NyfcsR+K9hF1sgtHc=; b=Iz7lbEBgP8jgFUS89M0nR9k3OXUHuOIc30t8pWdPFmNuw5aBRUNSkLUZTmw5X0x9n5 0//yNEDRr6xl5e+mGCEw0YBr6qSVtq2BGuzfEtuTlFIGlVYmVhH15DTGttbLz8zLRiGL Cai3rwAug2DpGohZsvJroEvwdSOJTof9pt/MOkAlSQj1y3EKdKQ4zFIJtEjKiLFnUXwE xYgDzk1nK98K90oE/2i1mX1uZvllJeDsNA/OUbD+BKsaiTibauzusSIerxqobrbc64cA l5Mhs1tS7835/RpXPBcjpNXOwE9MOXQWmoVSmLvnC3dCf8Gb1f1Ib4lqNE0mFuSOOGnP jrpQ==
X-Gm-Message-State: ALoCoQnDBiF1L4bl1xbQ1bF56u2/rCe571xsZD2OCB7z4v6khDRmCDTRpma9selOf0rLJDUD9s65
MIME-Version: 1.0
X-Received: by 10.59.8.232 with SMTP id dn8mr4337053ved.8.1378504972194; Fri, 06 Sep 2013 15:02:52 -0700 (PDT)
Received: by 10.221.64.201 with HTTP; Fri, 6 Sep 2013 15:02:51 -0700 (PDT)
X-Originating-IP: [96.49.81.176]
In-Reply-To: <158C3418-AE87-4843-BFD5-3E2AC3495631@virtualized.org>
References: <alpine.BSF.2.00.1309051743130.47262@hiroshima.bogus.com> <52293197.1060809@gmail.com> <5C7FECAB-8A22-4AF1-B023-456458E1B288@nominum.com> <522949C2.8010206@gmail.com> <52294C6D.7090206@gmail.com> <m2ppsmzgs5.wl%randy@psg.com> <5229686A.5090308@gmail.com> <31078634-5AEA-4FC9-80A8-2E77650BA530@piuha.net> <20130906072539.GJ5700@besserwisser.org> <9AC2A86F-250C-4B3C-B9BA-8DF44C937B41@nominum.com> <20130906210638.GC3428@besserwisser.org> <158C3418-AE87-4843-BFD5-3E2AC3495631@virtualized.org>
Date: Fri, 06 Sep 2013 15:02:51 -0700
Message-ID: <CAHBU6itwDc8DiY4B_2GGe0xWZ3Zs_ctx3BkKkzdGTZT2PfgMkA@mail.gmail.com>
Subject: Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA
From: Tim Bray <tbray@textuality.com>
To: David Conrad <drc@virtualized.org>
Content-Type: multipart/alternative; boundary="047d7bd75d5c3067ce04e5be330d"
Cc: Måns Nilsson <mansaxel@besserwisser.org>, "ietf@ietf.org list" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2013 22:03:00 -0000

How about a BCP saying conforming implementations of a wide-variety of
security-area RFCs MUST be open-source?

*ducks*


On Fri, Sep 6, 2013 at 2:34 PM, David Conrad <drc@virtualized.org> wrote:

> On Sep 6, 2013, at 2:06 PM, Måns Nilsson <mansaxel@besserwisser.org>
> wrote:
> >> Right, because there's no way the NSA could ever pwn the DNS root key.
> > It is probably easier for NSA or similar agencies in other countries
> > to coerce X.509 root CA providers that operate on a competetive market
> > than fooling the entire international DNS black helicopter cabal.
>
> Probably the wrong place to apply the paranoia. How much do you trust the
> AEP Keyper HSM tamperproof blackbox hasn't had a backdoor installed into it
> at the factory?
>
> > Audit and open source seem to be good starting points.
>
> Where feasible, sure. Unfortunately, the rabbit hole is deep.  How many
> billions of transistors are there in commodity chips these days?
>
> Regards,
> -drc
>
>

v2.23.0 | Report a Bug | By Email