Re: IESG meeting thoughts

Stephen Farrell <> Tue, 17 May 2016 22:57 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2404C12D53D for <>; Tue, 17 May 2016 15:57:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5.727
X-Spam-Status: No, score=-5.727 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Uqna8BSWtVV6 for <>; Tue, 17 May 2016 15:57:56 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 7EE8C12D538 for <>; Tue, 17 May 2016 15:57:56 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id B690FBE2C; Tue, 17 May 2016 23:57:54 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ySULfmgGOJRl; Tue, 17 May 2016 23:57:53 +0100 (IST)
Received: from [] ( []) by (Postfix) with ESMTPSA id ACE16BDF9; Tue, 17 May 2016 23:57:52 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=mail; t=1463525873; bh=EcEJsYe88H6uY1AaIYQH6tEc83KIPEb3We41zGJJeSY=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=T8PfOdTHB0x6CGhuAqmCm5OtDXvRHS3odbek4ONYEas8jzyq1W6atUSCiMXxzD3wf kbH2Xl+kKLdvWWO+9GN22ofRlhOyjo20HfNPToBH7eNo8IZe45fP9tuL/p6kFnSEwd UejrlhBpUClX7LJDtFZBReOJwRZAoF8jTSwBLEnk=
Subject: Re: IESG meeting thoughts
To: Brian E Carpenter <>, Michael Richardson <>
References: <> <> <> <> <>
From: Stephen Farrell <>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <>
Date: Tue, 17 May 2016 23:57:52 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms050904010303050304010004"
Archived-At: <>
Cc: " list" <>
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 17 May 2016 22:57:59 -0000


On 17/05/16 23:15, Brian E Carpenter wrote:
> On 18/05/2016 03:11, Michael Richardson wrote:
>> Stephen Farrell <> wrote:
>>     > No pointers to the talk, sorry - Jeff was kind enough to speak without
>>     > notes or slides, (which was great:-). He recounted the 1990's era
>>     > history of crypto export controls, the issues covered in their "keys
>>     > under doormats" report, [1] and some consideration of more recent
>> yes, It's important to remember that not everyone lived through that period
>> of time.
>> A TED talk or something about that history might be neat to have to help
>> socialize millenials about not repeating history.
> Well, it seems to me that it's the NSA and their friends in the US Congress,
> and equivalent forces in other countries, that are trying to repeat history.
> On the other hand, we shouldn't fall over our own feet in our enthusiasm.

Sure. However, I think this community have in fact been
quite properly active but also very responsible in what we've
done in the last 3 or so years since the latest iteration
of all this kicked off. That is a little boring of course
but we're (lots of us) doing the right things IMO in carefully
trying to find the places where we can enable real improvements
to be made by implementers and those deploying stuff.

> As Kamp says, "More Encryption Means Less Privacy":
> And as Gutmann says, "Crypto Won't Save You Either":

Well, I'm not sure if anyone has ever wondered if either PHK or
Peter might ever have possibly overegged an argument just a tad:-)
Both do do very good work of course, as well, but I think the
content at both URLs are good examples of focusing too much on
the (real) negative aspects of what is an overall positive.

If we (the IETF) can provide RFCs that implementers and people
deploying consider can partly mitigate pervasive monitoring then
use of those same tools will also likely be very effective against
less capable attackers, of whom there are very many.

Personally I totally buy the argument in RFC7435 [1]- let's do the
best we can now, (which isn't necessarily at all easy) and then
iterate and improve that over time. I hope that's one of the high
level longer term take-aways from Snowdonia anyway.



>     Brian