Re: Security for various IETF services
Tim Bray <tbray@textuality.com> Sat, 05 April 2014 17:29 UTC
Return-Path: <tbray@textuality.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B29CB1A045A for <ietf@ietfa.amsl.com>; Sat, 5 Apr 2014 10:29:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nA_Xq6ECm2cX for <ietf@ietfa.amsl.com>; Sat, 5 Apr 2014 10:29:41 -0700 (PDT)
Received: from mail-ve0-f171.google.com (mail-ve0-f171.google.com [209.85.128.171]) by ietfa.amsl.com (Postfix) with ESMTP id DCD151A0211 for <ietf@ietf.org>; Sat, 5 Apr 2014 10:29:40 -0700 (PDT)
Received: by mail-ve0-f171.google.com with SMTP id jy13so2386703veb.2 for <ietf@ietf.org>; Sat, 05 Apr 2014 10:29:35 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=4i7mNTbc6ovtyGMwOTeZSwfHepNq/qkNh4c4+2FpxNU=; b=c+6oKxatdUngkFhDlYIwk5BpAXErTYHCV/45F00EtarO85sibx6BRnTZFzocCbbdgE GHBbvYdzU2Wi8GdhupWpCPCOyGYR4xZ6X4N0YBUedPvCz1wrmbcQqJmnMMJApuvb3niQ Mp/vTjJpsT3QRYgRhg7NZ/qlR95zEwyCRAauhrJPftApGpGy4JEhe53uR6RJlLu5Hn8E xvR3hVOr3P9yBsnKDd0KRRPNovmhWA4EFp01VcbRxmejx+UXDst7kOmrD1SkuP3FHt1k SdEWt2eC7eSfQuKjOf5UdrtQEGjIWQCejYmrLPPHVv0RnrfayE6goBchtL1nRsXJJIUy yUsw==
X-Gm-Message-State: ALoCoQn4x6SKRwwAxtpPSyZVAATQ0FudtYCH1vQgnngbuEt6XufOMVnFYxXkTkx6tc4ATbr0wVH/
X-Received: by 10.58.38.166 with SMTP id h6mr951151vek.22.1396718975773; Sat, 05 Apr 2014 10:29:35 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.220.98.73 with HTTP; Sat, 5 Apr 2014 10:29:15 -0700 (PDT)
X-Originating-IP: [24.84.235.32]
In-Reply-To: <27993A73-491B-4590-9F37-0C0D369B4C6F@cisco.com>
References: <533D8A90.60309@cs.tcd.ie> <533EEF35.7070901@isdg.net> <27993A73-491B-4590-9F37-0C0D369B4C6F@cisco.com>
From: Tim Bray <tbray@textuality.com>
Date: Sat, 05 Apr 2014 10:29:15 -0700
Message-ID: <CAHBU6iuX8Y8VCgkY1Qk+DEPEgN2=DWbNEWVffyVmmP_3qmmmig@mail.gmail.com>
Subject: Re: Security for various IETF services
To: "Stewart Bryant (stbryant)" <stbryant@cisco.com>
Content-Type: multipart/alternative; boundary="089e013a0d4067050d04f64efab5"
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/XImAchpYuGIh-2d8nzU9G1SvdUQ
Cc: The IESG <iesg@ietf.org>, IETF-Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Apr 2014 17:29:46 -0000
On Sat, Apr 5, 2014 at 1:50 AM, Stewart Bryant (stbryant) < stbryant@cisco.com> wrote: > Please confirm that "friendly" implies that the user gets to > choose the degree of security privacy that they consider > appropriate, and that their applications and devices are not > encumbered with the overheads unless they choose to invoke > the privacy and security mechanisms. Here, I think, is a key issue. I disagree with Stewart. WHAT?! How can I possibly disagree with user choice? Because, a huge majority of people (a) aren’t aware that there is a choice to be made, and shouldn’t need to be (b) do not understand the technical issues surrounding the choice, and shouldn’t have to (c) do not understand the legal/policy issues surrounding the choice, and shouldn’t have to This includes both the people who use online services and the people who offer them. Thus, the only sane ethical position is to operate in a mode that is private by default, because the consequences of a negative failure (the user really didn’t need privacy but got it anyhow) are immensely less damaging than the consequences of a positive failure (the user really needed privacy but didn’t get it). Yes, it is certainly desirable that for those who are in the unusual position of being confident that they understand the technical and policy issues, they be given the option of choosing to operate in plain-text anyone-can-MITM anyone-can-eavesdrop mode. But saying that the needs of that very small and specialized group of people should trump the interests of the vast majority who shouldn’t have to understand or worry about where privacy is appropriate and how to provide it; that seems bizarre to me. So yeah, please turn the IETF’s public-facing offerings over into private-by-default mode. It’s the only ethical course of action. -T
- Security for various IETF services Stephen Farrell
- RE: Security for various IETF services l.wood
- RE: Security for various IETF services Randall Gellens
- Re: Security for various IETF services Fred Baker (fred)
- RE: Security for various IETF services ned+ietf
- Re: Security for various IETF services Dave Crocker
- Re: Security for various IETF services Randall Gellens
- Re: Security for various IETF services Pranesh Prakash
- Re: Security for various IETF services Fred Baker (fred)
- Re: Security for various IETF services Douglas Otis
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Fred Baker (fred)
- Re: Security for various IETF services Brian E Carpenter
- Re: Security for various IETF services Randy Bush
- Re: Security for various IETF services Scott Brim
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services ned+ietf
- Re: Security for various IETF services Dave Crocker
- Re: Security for various IETF services Randy Bush
- Re: Security for various IETF services Randall Gellens
- Re: Security for various IETF services Martin Rex
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services t.p.
- Re: Security for various IETF services John C Klensin
- Re: Security for various IETF services Ted Lemon
- Re: Security for various IETF services John C Klensin
- Re: Security for various IETF services Dick Franks
- Re: Security for various IETF services Hector Santos
- Re: Security for various IETF services Dick Franks
- Re: Security for various IETF services Hector Santos
- Re: Security for various IETF services Dick Franks
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Pranesh Prakash
- Re: Security for various IETF services Martin Thomson
- Re: Security for various IETF services John C Klensin
- Re: Security for various IETF services Stewart Bryant (stbryant)
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Hector Santos
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services ned+ietf
- Re: Security for various IETF services Tim Bray
- Re: Security for various IETF services Stephen Farrell
- Re: Security for various IETF services Dick Franks
- Re: Security for various IETF services Stephen Farrell
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services David Morris
- RE: Security for various IETF services Christian Huitema
- RE: Security for various IETF services l.wood
- Re[2]: Security for various IETF services mohammed serrhini
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Randy Bush
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services S Moonesamy
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Brian Trammell
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Stephen Farrell
- Re: Security for various IETF services Ted Lemon
- Re: Security for various IETF services John C Klensin
- Re: Security for various IETF services Spencer Dawkins
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Ted Lemon
- RE: Security for various IETF services l.wood
- RE: Security for various IETF services Matthew Kaufman (SKYPE)
- RE: Security for various IETF services Eric Gray
- Re: Security for various IETF services t.p.
- Re: Security for various IETF services Scott Brim
- Re: Security for various IETF services Ted Lemon
- Re: Security for various IETF services Dick Franks
- Re: Security for various IETF services Phillip Hallam-Baker
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Yoav Nir
- Re: Security for various IETF services Stephen Farrell
- RE: Security for various IETF services l.wood
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Stephen Farrell
- Re: Security for various IETF services Yoav Nir
- Re: Security for various IETF services Noel Chiappa
- Re: Security for various IETF services Phillip Hallam-Baker
- Re: Security for various IETF services Dave Crocker
- Re: Security for various IETF services Ted Lemon
- Re: Security for various IETF services Theodore Ts'o
- Re: Security for various IETF services Tim Bray
- Re: Security for various IETF services Steve Crocker
- Re: Security for various IETF services Dave Cridland
- Re: Security for various IETF services Randall Gellens
- Re: Security for various IETF services Dave Crocker
- Re: Security for various IETF services Phillip Hallam-Baker
- Re: Security for various IETF services Stephen Farrell
- Re: Security for various IETF services Theodore Ts'o
- Re: Security for various IETF services Phillip Hallam-Baker
- Re: Security for various IETF services Ted Lemon
- Re: Security for various IETF services Phillip Hallam-Baker
- Re: Security for various IETF services Phillip Hallam-Baker
- Web of trust at Internet Scale Sam Hartman
- Re: Security for various IETF services Dave Cridland
- Re: Security for various IETF services Dave Cridland
- Re: Security for various IETF services Mark Andrews
- Re: Security for various IETF services Theodore Ts'o
- Re: Security for various IETF services Jelte Jansen
- Re: Security for various IETF services Stephen Kent