Re: Proposed Statement on "HTTPS everywhere for the IETF"

"Roland Dobbins" <rdobbins@arbor.net> Mon, 01 June 2015 22:41 UTC

Return-Path: <rdobbins@arbor.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D0271A0687 for <ietf@ietfa.amsl.com>; Mon, 1 Jun 2015 15:41:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9KL5SACsubhl for <ietf@ietfa.amsl.com>; Mon, 1 Jun 2015 15:41:23 -0700 (PDT)
Received: from mail-pa0-x22d.google.com (mail-pa0-x22d.google.com [IPv6:2607:f8b0:400e:c03::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C8421A064C for <ietf@ietf.org>; Mon, 1 Jun 2015 15:41:23 -0700 (PDT)
Received: by padjw17 with SMTP id jw17so46651887pad.2 for <ietf@ietf.org>; Mon, 01 Jun 2015 15:41:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arbor.net; s=m0; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-type; bh=uQrz0HFQUrXdYeFqT6d/+4KUVfbbqFTBJSId341GcMw=; b=fJcqEaKC4kI+OEsDnWDCJ9zpGVclUzSE5nK2LWcimjwA2cqCOOjQACW/emeoI3Vs7U +M8X/dJiZpu1krn8yTDK6WyRKxgORLa0w+9Dd75WGE09r3Da4FUu9hmaCnhe9dRoyIOz eqK+tLS3rZBD1tnfkky3j04SAj457vMCIIuEY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-type; bh=uQrz0HFQUrXdYeFqT6d/+4KUVfbbqFTBJSId341GcMw=; b=UShPqeWibwv/7M2K45sXPQLWgjrMK2wY+iLZeIMvN/klvHFSykOzte0TmuU7lbeEkv q7eJjtsYPhe7sYt5jdGCbhwdaWpW7weQ998+3H+ncRUziB5oWDAmaCGJclK+gr11RV0W GgZ3RzIAhksK460Yppl6THTmN9b5Aoo8i+p8zLSSE3ogTNNqtKEhV2KGKqf2ZmCvtdwA 0sDExJO+QrxVLOoEnVsILM28iyYK/55v0cE+musVnrSyxDPPjthwX8TF5pPcT8P0mQgO jqPRroNQYzAFtnEN0YgmPvOKimlAnpLLVsc4nTw3rE/26deSaZdcsIIjyFiTH4SowHEO UCkw==
X-Gm-Message-State: ALoCoQlvaUoDrdVZfB2CnmxS6IEUpeSJo18s7ROX62vBmTIJcgtS66FNYoJAylQ9f2H6Ix1W6Eut
X-Received: by 10.68.136.161 with SMTP id qb1mr6900886pbb.112.1433198483004; Mon, 01 Jun 2015 15:41:23 -0700 (PDT)
Received: from [172.19.254.136] (202-176-81-112.static.asianet.co.th. [202.176.81.112]) by mx.google.com with ESMTPSA id pw9sm15651942pac.27.2015.06.01.15.41.20 for <ietf@ietf.org> (version=TLSv1 cipher=RC4-SHA bits=128/128); Mon, 01 Jun 2015 15:41:21 -0700 (PDT)
From: "Roland Dobbins" <rdobbins@arbor.net>
To: ietf@ietf.org
Subject: Re: Proposed Statement on "HTTPS everywhere for the IETF"
Date: Tue, 02 Jun 2015 05:41:17 +0700
Message-ID: <FACB397F-15AA-4FE1-ABF2-1545ABBACF31@arbor.net>
In-Reply-To: <alpine.LFD.2.11.1506011720390.12155@bofh.nohats.ca>
References: <20150601164359.29999.35343.idtracker@ietfa.amsl.com> <CAL02cgRPFooA5fVFwvdprb3wPD+Y55pD+7RWjkACDv7T_TBW5Q@mail.gmail.com> <1472054.O9DP0qoCQf@gongo> <alpine.LFD.2.11.1506011720390.12155@bofh.nohats.ca>
MIME-Version: 1.0
Content-Type: text/plain; format=flowed
X-Mailer: MailMate (1.9.1r5084)
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/RUDn6tGXNwMGuMBsWOo2bvZZV_0>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jun 2015 22:41:24 -0000

On 2 Jun 2015, at 4:27, Paul Wouters wrote:

> We had to cater to governments banning encryption for its users, and 
> we now see what that got them.

They just go around the encryption and compromise the endpoints.  
They're *governments*, so they have the resources to do that (not 
debating whether or not they should, just stating observed fact).

Also, universal or near-universal encryption is a serious problem in 
terms of detection, classification, traceback, and mitigation of 
application-layer DDoS attacks.  It drastically limits the scaling 
capacity of defenders, and results in even more cost asymmetry between 
defenders and attackers (in favor of the attackers).

My guess is that those who make bold, sweeping statements about how 
everything ought to be encrypted all the time are rarely those who have 
to deal with the unintended consequences of overencryption.

In the final analysis, there are no technical solutions for social ills. 
  The entire issue of unwanted surveillance by government entities is a 
social and political problem; it seems pretty clear that since the 
social/political side of things aren't proving to be easily resolved, 
that some folks are advocating doing *something*, *anything*, 
irrespective of whether it will actually make a positive impact on the 
conditions to which they object and without regard to the non-trivial 
side-effects of what they're advocating.

The IESG and the IETF in general should concentrate on technical issues, 
and work on solving social and political problems should take place in 
other, more appropriate appropriate fora, IMHO.

-----------------------------------
Roland Dobbins <rdobbins@arbor.net>