Re: Security for various IETF services
Stewart Bryant <stbryant@cisco.com> Mon, 07 April 2014 09:40 UTC
Return-Path: <stbryant@cisco.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94DC61A06CD; Mon, 7 Apr 2014 02:40:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.51
X-Spam-Level:
X-Spam-Status: No, score=-9.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e3yfl0wZm5F0; Mon, 7 Apr 2014 02:40:21 -0700 (PDT)
Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) by ietfa.amsl.com (Postfix) with ESMTP id C72DA1A06CA; Mon, 7 Apr 2014 02:40:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6799; q=dns/txt; s=iport; t=1396863616; x=1398073216; h=message-id:date:from:reply-to:mime-version:to:cc:subject: references:in-reply-to; bh=ZmR/cPumouiWecs8kh5lRDpmAmdtK2n9DA/XArGul8I=; b=k4D0cqMthcjxSjhVJ6st29y/1JOSmID6bRzrfgcDKH+PcARi8bSR6lXl KQ8CIgIdxUeBZ4mZVIISaLMg0+j4UO7Jg1aC6L0JonhZKyt3BBrr5djtw w5SzpBd4JHVZTor9uG3ifVFDG07+GAe8jVWEzqCDuIrggcbxTr59Vao2O A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhgFAAJyQlOQ/khN/2dsb2JhbABZgwaEHMEQgSEWdIIlAQEBAwEjVgULCQIOCgkeAwICDwI1EQYNAQUCAQEWh1cIjQ2cGIVZnD4XjiNOB4JvgUkEmFuGUYtugzE
X-IronPort-AV: E=Sophos;i="4.97,809,1389744000"; d="scan'208,217";a="9741947"
Received: from ams-core-4.cisco.com ([144.254.72.77]) by aer-iport-3.cisco.com with ESMTP; 07 Apr 2014 09:40:14 +0000
Received: from cisco.com (mrwint.cisco.com [64.103.70.36]) by ams-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id s379eD1Y011744 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 7 Apr 2014 09:40:14 GMT
Received: from [127.0.0.1] (localhost [127.0.0.1]) by cisco.com (8.14.4+Sun/8.8.8) with ESMTP id s379e6Z3028735; Mon, 7 Apr 2014 10:40:08 +0100 (BST)
Message-ID: <53427277.30707@cisco.com>
Date: Mon, 07 Apr 2014 10:40:07 +0100
From: Stewart Bryant <stbryant@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Tim Bray <tbray@textuality.com>
Subject: Re: Security for various IETF services
References: <533D8A90.60309@cs.tcd.ie> <533EEF35.7070901@isdg.net> <27993A73-491B-4590-9F37-0C0D369B4C6F@cisco.com> <CAHBU6iuX8Y8VCgkY1Qk+DEPEgN2=DWbNEWVffyVmmP_3qmmmig@mail.gmail.com>
In-Reply-To: <CAHBU6iuX8Y8VCgkY1Qk+DEPEgN2=DWbNEWVffyVmmP_3qmmmig@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------010907060306060300010901"
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/_v0pbSnpc6QdIodtN6CkdjZC5Ew
Cc: The IESG <iesg@ietf.org>, IETF-Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: stbryant@cisco.com
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Apr 2014 09:40:26 -0000
On 05/04/2014 18:29, Tim Bray wrote: > On Sat, Apr 5, 2014 at 1:50 AM, Stewart Bryant (stbryant) > <stbryant@cisco.com <mailto:stbryant@cisco.com>> wrote: > > > Please confirm that "friendly" implies that the user gets to > > choose the degree of security privacy that they consider > > appropriate, and that their applications and devices are not > > encumbered with the overheads unless they choose to invoke > > the privacy and security mechanisms. > > Here, I think, is a key issue. I disagree with Stewart. WHAT?! How > can I possibly disagree with > user choice? Because, a huge majority of people > > (a) aren’t aware that there is a choice to be made, and shouldn’t need > to be > (b) do not understand the technical issues surrounding the choice, and > shouldn’t have to > (c) do not understand the legal/policy issues surrounding the choice, > and shouldn’t have to > > This includes both the people who use online services and the people > who offer them. Thus, the only sane ethical position is to operate in > a mode that is private by default, because the consequences of a > negative failure (the user really didn’t need privacy but got it > anyhow) are immensely less damaging than the consequences of a > positive failure (the user really needed privacy but didn’t get it). I could be persuaded towards "crypto by default", but I hear in these discussions "crypto as an exclusive mode", and I do not think that is an acceptable constraint on implementations. Privacy and authentication always ends up taking CPU, memory and bandwidth, which in turn costs money, silicon, power, weight and complexity. If a specific application requires privacy and or authentication, then fine, but each case needs to be examined on its own merits. Now you may say "ah but we are getting so much better at the engineering that who cares about such things", to which I would point out that such thinking stunts our ability to build things that are orders of magnitude smaller, lighter, cheaper and more power efficient than we can conceive of oday. So please, let's not react to the recent news on spying, by creating a security religion that in the end hurts us even more that the problem we are reacting to. Stewart
- Security for various IETF services Stephen Farrell
- RE: Security for various IETF services l.wood
- RE: Security for various IETF services Randall Gellens
- Re: Security for various IETF services Fred Baker (fred)
- RE: Security for various IETF services ned+ietf
- Re: Security for various IETF services Dave Crocker
- Re: Security for various IETF services Randall Gellens
- Re: Security for various IETF services Pranesh Prakash
- Re: Security for various IETF services Fred Baker (fred)
- Re: Security for various IETF services Douglas Otis
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Fred Baker (fred)
- Re: Security for various IETF services Brian E Carpenter
- Re: Security for various IETF services Randy Bush
- Re: Security for various IETF services Scott Brim
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services ned+ietf
- Re: Security for various IETF services Dave Crocker
- Re: Security for various IETF services Randy Bush
- Re: Security for various IETF services Randall Gellens
- Re: Security for various IETF services Martin Rex
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services t.p.
- Re: Security for various IETF services John C Klensin
- Re: Security for various IETF services Ted Lemon
- Re: Security for various IETF services John C Klensin
- Re: Security for various IETF services Dick Franks
- Re: Security for various IETF services Hector Santos
- Re: Security for various IETF services Dick Franks
- Re: Security for various IETF services Hector Santos
- Re: Security for various IETF services Dick Franks
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Pranesh Prakash
- Re: Security for various IETF services Martin Thomson
- Re: Security for various IETF services John C Klensin
- Re: Security for various IETF services Stewart Bryant (stbryant)
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Hector Santos
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services ned+ietf
- Re: Security for various IETF services Tim Bray
- Re: Security for various IETF services Stephen Farrell
- Re: Security for various IETF services Dick Franks
- Re: Security for various IETF services Stephen Farrell
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services David Morris
- RE: Security for various IETF services Christian Huitema
- RE: Security for various IETF services l.wood
- Re[2]: Security for various IETF services mohammed serrhini
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Randy Bush
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services S Moonesamy
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Brian Trammell
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Stephen Farrell
- Re: Security for various IETF services Ted Lemon
- Re: Security for various IETF services John C Klensin
- Re: Security for various IETF services Spencer Dawkins
- Re: Security for various IETF services Stewart Bryant
- Re: Security for various IETF services Ted Lemon
- RE: Security for various IETF services l.wood
- RE: Security for various IETF services Matthew Kaufman (SKYPE)
- RE: Security for various IETF services Eric Gray
- Re: Security for various IETF services t.p.
- Re: Security for various IETF services Scott Brim
- Re: Security for various IETF services Ted Lemon
- Re: Security for various IETF services Dick Franks
- Re: Security for various IETF services Phillip Hallam-Baker
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Yoav Nir
- Re: Security for various IETF services Stephen Farrell
- RE: Security for various IETF services l.wood
- RE: Security for various IETF services l.wood
- Re: Security for various IETF services Stephen Farrell
- Re: Security for various IETF services Yoav Nir
- Re: Security for various IETF services Noel Chiappa
- Re: Security for various IETF services Phillip Hallam-Baker
- Re: Security for various IETF services Dave Crocker
- Re: Security for various IETF services Ted Lemon
- Re: Security for various IETF services Theodore Ts'o
- Re: Security for various IETF services Tim Bray
- Re: Security for various IETF services Steve Crocker
- Re: Security for various IETF services Dave Cridland
- Re: Security for various IETF services Randall Gellens
- Re: Security for various IETF services Dave Crocker
- Re: Security for various IETF services Phillip Hallam-Baker
- Re: Security for various IETF services Stephen Farrell
- Re: Security for various IETF services Theodore Ts'o
- Re: Security for various IETF services Phillip Hallam-Baker
- Re: Security for various IETF services Ted Lemon
- Re: Security for various IETF services Phillip Hallam-Baker
- Re: Security for various IETF services Phillip Hallam-Baker
- Web of trust at Internet Scale Sam Hartman
- Re: Security for various IETF services Dave Cridland
- Re: Security for various IETF services Dave Cridland
- Re: Security for various IETF services Mark Andrews
- Re: Security for various IETF services Theodore Ts'o
- Re: Security for various IETF services Jelte Jansen
- Re: Security for various IETF services Stephen Kent