Re: IESG meeting thoughts

Phillip Hallam-Baker <phill@hallambaker.com> Wed, 18 May 2016 00:04 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C349212D517 for <ietf@ietfa.amsl.com>; Tue, 17 May 2016 17:04:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.4
X-Spam-Level:
X-Spam-Status: No, score=-2.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.198, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AKCKZKS_1Gua for <ietf@ietfa.amsl.com>; Tue, 17 May 2016 17:04:18 -0700 (PDT)
Received: from mail-qk0-x232.google.com (mail-qk0-x232.google.com [IPv6:2607:f8b0:400d:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86A2A12D1A9 for <ietf@ietf.org>; Tue, 17 May 2016 17:04:18 -0700 (PDT)
Received: by mail-qk0-x232.google.com with SMTP id r184so18444904qkc.1 for <ietf@ietf.org>; Tue, 17 May 2016 17:04:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc; bh=IT5Nu4K5KXrD75MHI1eoV+pu18Wc/ufK/6kKDmtWpKE=; b=mDs1FQ8oVKMBhiKTO3qoz+rd+UWbAfA0EWUquTWOt+pele1BFe15QgoyNUppUJQkvP ZUWi6rm0YVa0sxn++v+Pt7VeH2ojg/8GY75tVEmaMH1TzEkeRC+J79Cm6S2rOJ+2B9s1 zhYQCMcbwGQo7ZA/hnfFIHk16TeUXBS2dKm0xj7YcmT0flGKJrS7f1lnM1OPge2hUOoX acrpyU149EMOJPx/IPlii/rZIApL5yxHtjIYwqj0D5ch1dpObE8/jn2qq1hMwy4JsRvo IS58HJ69XRejyTqce4jjg6r3IEcOtZyiQmxOEkvHTtpkO8xS091TeXGHS+xUQO5553e3 hdiQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc; bh=IT5Nu4K5KXrD75MHI1eoV+pu18Wc/ufK/6kKDmtWpKE=; b=mMie+kR4/+JY0YXyi1KULSeqjsxSa0cynEu1jiZ+ShK6v+gmgT8npqX6U4ZUEboAgE uxNAigUC9ebmQjtJJDox6Qtg9M9X4iRmNvIKD90HlbLMzf34j9IIl31eds4zaXyFBk84 BPaK/u/duE+afpvw/w35Ba397XipWPJ0MBeVa9jSGTPfftHSWtp3FCjVy6XRqzPVkHhE zTLoBYRblPX9Oa8ZcKnpGFnKFBbZFZv42gVA7R+3xNnH0+lEJ5aHqgeDGVRgtz8dM2Y5 FAfh0gGiKiJu9kzsqMfJj3/JBbLEiXHOxuFcE0oIrVxhiPSRKpSWI96MEp3xzC8GDVgN ynVw==
X-Gm-Message-State: AOPr4FUw5YHy6OklVk2SyFPIwPumfm3GNz5xEIddFG0KH40udDiT6QyrB8FZs6GawGw+WLHFzq61jpLap8yzWA==
MIME-Version: 1.0
X-Received: by 10.233.232.213 with SMTP id a204mr4917615qkg.25.1463529857705; Tue, 17 May 2016 17:04:17 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.55.25.105 with HTTP; Tue, 17 May 2016 17:04:17 -0700 (PDT)
In-Reply-To: <573BA1F0.7000408@cs.tcd.ie>
References: <1F81DAB9-AEE8-4250-B10D-C50E2FA66C3E@ietf.org> <573AE765.4010807@bwijnen.net> <573AEAFA.3000905@cs.tcd.ie> <5625.1463497891@obiwan.sandelman.ca> <ccc46108-1bad-02bd-4c38-bc111bbc8445@gmail.com> <573BA1F0.7000408@cs.tcd.ie>
Date: Tue, 17 May 2016 20:04:17 -0400
X-Google-Sender-Auth: YAki9rhUnxtTpe0a8lns8GFXqIw
Message-ID: <CAMm+Lwjmj6YVv=0xgtpQOcacpz78ou+=wOVYErt2R3k12p+DJg@mail.gmail.com>
Subject: Re: IESG meeting thoughts
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/alternative; boundary=94eb2c035418497fec05331299a4
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/RrXOHey38ark00F6_9LqyP7EZqc>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, "ietf@ietf.org list" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 May 2016 00:04:22 -0000

Responding to Stephen.

Crypto doesn't actually solve any of your security problems. Not one,
zilch, zero.

What cryptography does is to reduce the size of your information security
problem. It can reduce it in size from megabytes or even terrabytes to a
128 bit key or deciding whether or not to trust one of millions of Web
sites to whether or not to trust the 50 WebPKI CAs (or ICANN if you are
feeling really brave). But that is all cryptography does for you. It
reduces the size of your security problem.

You still have to work out how to keep that key secure or make sure you
have the right trust anchor. Reducing problems in size is good but you
still have to solve them.