"secure Dropbox clone" (was: Re: [IAB] IETF88 Technical Plenary hums)

"Eggert, Lars" <lars@netapp.com> Thu, 07 November 2013 13:01 UTC

Return-Path: <lars@netapp.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 24A2621E8183 for <ietf@ietfa.amsl.com>; Thu, 7 Nov 2013 05:01:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.879
X-Spam-Status: No, score=-8.879 tagged_above=-999 required=5 tests=[AWL=1.720, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id h1tFY8tjym9X for <ietf@ietfa.amsl.com>; Thu, 7 Nov 2013 05:01:22 -0800 (PST)
Received: from mx12.netapp.com (mx12.netapp.com []) by ietfa.amsl.com (Postfix) with ESMTP id CC39921E80AD for <ietf@ietf.org>; Thu, 7 Nov 2013 05:01:20 -0800 (PST)
X-IronPort-AV: E=Sophos; i="4.93,652,1378882800"; d="asc'?scan'208"; a="111455539"
Received: from vmwexceht02-prd.hq.netapp.com ([]) by mx12-out.netapp.com with ESMTP; 07 Nov 2013 05:01:20 -0800
Received: from SACEXCMBX01-PRD.hq.netapp.com ([]) by vmwexceht02-prd.hq.netapp.com ([]) with mapi id 14.03.0158.001; Thu, 7 Nov 2013 05:01:20 -0800
From: "Eggert, Lars" <lars@netapp.com>
To: IETF <ietf@ietf.org>
Subject: "secure Dropbox clone" (was: Re: [IAB] IETF88 Technical Plenary hums)
Thread-Topic: "secure Dropbox clone" (was: Re: [IAB] IETF88 Technical Plenary hums)
Thread-Index: AQHO27lz0R+UJJN0hUCvg4cHHUBwaA==
Date: Thu, 07 Nov 2013 13:01:19 +0000
Message-ID: <559FCA81-CC65-437D-AD91-6693E219A991@netapp.com>
References: <D1A50FE6-2A1E-47C9-A440-3A0655B9E188@isoc.org> <50B4387E-8E32-4E73-91F8-44268C5F5865@vigilsec.com>
In-Reply-To: <50B4387E-8E32-4E73-91F8-44268C5F5865@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
x-originating-ip: []
Content-Type: multipart/signed; boundary="Apple-Mail=_7DEBF3FB-5AE2-43EC-B1A0-B33939CFCAD3"; protocol="application/pgp-signature"; micalg="pgp-sha1"
MIME-Version: 1.0
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Nov 2013 13:01:31 -0000


On 06 Nov 2013, at 12:41, Russ Housley <housley@vigilsec.com> wrote:
> 5.  Many insecure protocols are used in the Internet today, and the IETF should create a secure alternative for the popular ones.

since a "secure DropBox alternative" was brought up: the pieces for building such do exist, but some exist outside the IETF. For example, SNIA's CDMI (http://www.snia.org/cdmi) could be useful, and on the IETF side we have of course WebDAV. 

In many cases, the reason that such alternatives don't exist probably isn't because there aren't any open protocols available to build them with, it's that the proprietary services have polished clients that are simple to set up, available for many clients, and that they have a robust and well-managed backend. There's not much the IETF can do about these factors.

In the specific case of DropBox clones, several vendors of storage systems (incl. my employer) are making or will shortly be making mobile clients available that use said storage systems as a backend instead of the public cloud. So at least for that particular application, there are alternatives available.