Re: Hum theatre

Pete Resnick <presnick@qti.qualcomm.com> Thu, 07 November 2013 18:49 UTC

Return-Path: <presnick@qti.qualcomm.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1852A11E81B3 for <ietf@ietfa.amsl.com>; Thu, 7 Nov 2013 10:49:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zjfq2jzp5iKt for <ietf@ietfa.amsl.com>; Thu, 7 Nov 2013 10:49:04 -0800 (PST)
Received: from wolverine02.qualcomm.com (wolverine02.qualcomm.com [199.106.114.251]) by ietfa.amsl.com (Postfix) with ESMTP id A2C5C11E8118 for <ietf@ietf.org>; Thu, 7 Nov 2013 10:49:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qcdkim; t=1383850144; x=1415386144; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=unmZjvKOxqjfq6YCBqP/LEA3jy/4MGcRv50LNPugZvk=; b=W64ZRYzEmU3yzoQd8VrOGgPytdYccH51W9WZ3mzlIjzE0/OT9LQahZh4 ORoyluybr8GaE7RupUcp29uNV4wXhMOdjRrZ5DfP7Rw/eIpCgEA1Lgo9L 6vJ1MpUWZDYLPFdqJUU4RzYE7CZ6OA6JPOq2ldqegxIQvMiFwNvfQZS+O I=;
X-IronPort-AV: E=McAfee;i="5400,1158,7251"; a="85631753"
Received: from ironmsg03-r.qualcomm.com ([172.30.46.17]) by wolverine02.qualcomm.com with ESMTP; 07 Nov 2013 10:49:03 -0800
X-IronPort-AV: E=McAfee;i="5400,1158,7251"; a="580523942"
Received: from nasanexhc07.na.qualcomm.com ([172.30.39.190]) by Ironmsg03-R.qualcomm.com with ESMTP/TLS/RC4-SHA; 07 Nov 2013 10:49:03 -0800
Received: from dhcp-ac44.meeting.ietf.org (172.30.39.5) by qcmail1.qualcomm.com (172.30.39.190) with Microsoft SMTP Server (TLS) id 14.3.158.1; Thu, 7 Nov 2013 10:49:02 -0800
Message-ID: <527BE09E.6050000@qti.qualcomm.com>
Date: Thu, 7 Nov 2013 10:49:02 -0800
From: Pete Resnick <presnick@qti.qualcomm.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.7; en-US; rv:1.9.1.9) Gecko/20100630 Eudora/3.0.4
MIME-Version: 1.0
To: Jari Arkko <jari.arkko@piuha.net>
Subject: Re: Hum theatre
References: <527AF986.4090504@dcrocker.net> <CAHBU6iuDXQok_QRZe7BL__Vmkn447vUCSViDgrVkaedKAHcnfw@mail.gmail.com> <m2bo1w29zw.wl%randy@psg.com> <527B3F62.3030005@qti.qualcomm.com> <CAL02cgRNTCuQWXsZQOKKpMtPa09PYhFj5FncghOmORsZ8hb13A@mail.gmail.com> <527BD0D1.4000708@qti.qualcomm.com> <B0ACC5AB-F87B-4EF5-801F-27BBA7445E98@piuha.net>
In-Reply-To: <B0ACC5AB-F87B-4EF5-801F-27BBA7445E98@piuha.net>
Content-Type: text/plain; charset="windows-1252"; format=flowed
Content-Transfer-Encoding: 8bit
X-Originating-IP: [172.30.39.5]
Cc: IETF Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Nov 2013 18:49:09 -0000

Yay! What he said!

(There will be those who now say, "Wait! I thought Pete disagreed. I 
don't understand." Talk to me offline. Trying to explain on the IETF 
list will be less than productive.)

pr

On 11/7/13 10:09 AM, Jari Arkko wrote:
> I'd actually like to argue that the IETF position on this topic is something bigger, something where the plenary discussion and hums played a supporting role but they are not the sole determination. Here's my take-away from this week:
>
> "The IETF considers pervasive-monitoring as a security issue and is willing to work to address it."
>
> Nothing more, nothing less. Most working groups that I went to were addressing this topic in one way or the other, going through application by application, doing careful work to understand what options we have to improve security, and weighing the various trade-offs in different designs. The proof of the pudding is in the eating. "We need to address it" vs. "We are putting in the cycles to address it". When I look at the discussions throughout the week, it is very clear to me that we are putting in the cycles.
>
> As Carsten said:
>
>    
>> As always, hard work follows, and the devil is in the details.  But that doesn’t take away from the unanimity.
>>      
> And indeed there are a lot of details and trade-offs to worry about. Opportunistic encryption, for instance, has been discussed at length this week and the variants and trade-offs are far from clear.
>
> I think the next steps are what is important. And this is a long term effort. Here are some of the things we should be doing:
>
> - work on the general guidance in this area ("consider it as an attack", "recommended ways to apply opportunistic encryption", "threat model changes", ...)
>
> - work on the specific protocols and application areas (http, xmpp, etc)
>    

-- 
Pete Resnick<http://www.qualcomm.com/~presnick/>
Qualcomm Technologies, Inc. - +1 (858)651-4478