IETF Logo Mail Archive

Re: [rtcweb] Alternative decision process in RTCWeb

Phillip Hallam-Baker <hallam@gmail.com> Wed, 04 December 2013 16:11 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44D251AE2F8 for <ietf@ietfa.amsl.com>; Wed, 4 Dec 2013 08:11:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dV53o_M_Ouzs for <ietf@ietfa.amsl.com>; Wed, 4 Dec 2013 08:11:01 -0800 (PST)
Received: from mail-wi0-x234.google.com (mail-wi0-x234.google.com [IPv6:2a00:1450:400c:c05::234]) by ietfa.amsl.com (Postfix) with ESMTP id 7883B1AE2F5 for <ietf@ietf.org>; Wed, 4 Dec 2013 08:11:01 -0800 (PST)
Received: by mail-wi0-f180.google.com with SMTP id hn9so4014700wib.1 for <ietf@ietf.org>; Wed, 04 Dec 2013 08:10:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=ItE4mjq/ULiOIRMsl9sK1n9KQTe0PhYLu1/BWeqhuwE=; b=wkMe6PhZhm0cspMnm5hRPmfJot4ysQzJ8HDLAK8QukiTg8Q/9C4v3tudWIg0VYVHDY zukFIFgw17m8VDLE09XlIQ8e5riDcYsUiG6pt0hzj9yW/pr94BDDXZsR/DctHo2EK0QS vrlKOjn5bN9sS3BI8Fmc8IUJCji30gyEP4O8IWUoiYN4fegdKGGgdh3Ntasuwwme0m/N llpXZOlhVisJjlfXTYNbEzZUj6fhoR4uee31XtWvDa6fOps+MW35YRonbKEYVhjt4OUk 9epA9qUyp39g2oL7331Rng8ydH3J7XxsXQCkIntJCKV8basxVjbWJjs5rKdvpUVK6b7j 86bw==
MIME-Version: 1.0
X-Received: by 10.194.78.77 with SMTP id z13mr57198309wjw.27.1386173457988; Wed, 04 Dec 2013 08:10:57 -0800 (PST)
Received: by 10.194.243.136 with HTTP; Wed, 4 Dec 2013 08:10:57 -0800 (PST)
In-Reply-To: <A988CA2E-FE8B-469C-9C55-ECF9CDF4B436@piuha.net>
References: <DUB127-W23531D0E8B15570331DB51E0EE0@phx.gbl> <52974AA8.6080702@cisco.com> <1F79045E-8CD0-4C5D-9090-3E82853E62E9@nominum.com> <52976F56.4020706@dcrocker.net> <3CD78695-47AD-4CDF-B486-3949FFDC107B@nominum.com> <949EF20990823C4C85C18D59AA11AD8B0EF1B8@FR712WXCHMBA11.zeu.alcatel-lucent.com> <D45703FF-109A-4FFF-92E9-1CC7767C52F7@nominum.com> <CAP+FsNc=cGhOJNTwXY1z-5ZjisOOvX=EOYEf3htGXGcWRKBf6g@mail.gmail.com> <529CF5F1.9000106@dcrocker.net> <CAMm+LwjCvzDgWTi9mqgvWCoCyRhB+4c8QoaaPQtk=xkBcXMtZA@mail.gmail.com> <98962934-340C-400C-AB30-573C52D13F61@nominum.com> <74FD1382-D5B0-4C70-9AD5-D92150D784AD@standardstrack.com> <CAGhGL2AK2QhNEoahSrFepzcsY9DHsW4Hbk-Kkv1-+gftOCSFSw@mail.gmail.com> <CAMm+LwjLTC_BEo4nqUi0ZyDWhrWyVqnh+wZ8xxzsuW_rv=E2kQ@mail.gmail.com> <A988CA2E-FE8B-469C-9C55-ECF9CDF4B436@piuha.net>
Date: Wed, 04 Dec 2013 11:10:57 -0500
Message-ID: <CAMm+LwiBHgbdwFt4ZRSOMcFFiXJMi92YeUgpUTq3T9O2q_uZAQ@mail.gmail.com>
Subject: Re: [rtcweb] Alternative decision process in RTCWeb
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Jari Arkko <jari.arkko@piuha.net>
Content-Type: multipart/alternative; boundary="047d7bfcfc988f825f04ecb7a858"
Cc: IETF Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Dec 2013 16:11:04 -0000

On Wed, Dec 4, 2013 at 4:16 AM, Jari Arkko <jari.arkko@piuha.net> wrote:

>
> > I find the defeatism quite depressing. If we know the reason the
> previous efforts have failed, all we need to do is to address them and try
> again.
>
> FWIW, I agree with this. We should not believe we can make all projects
> succeed. Or that without a deep understanding of a field we can succeed. Or
> that we can succeed without understanding and getting the support of the
> world around us. But the Internet is evolving, the users have real needs
> and when we know what to do we should do it - you can succeed even in
> difficult situations.
>

I agree except on the requirement for 'deep understanding'.

The only way that deep understanding can be reached in many of these cases
is to try repeatedly and learn from the failures. Or to be willing to 'make
a fool of yourself' by making a statement that might turn out to be false
or incomplete.

People who are worried about making a fool of themselves don't write crypto
protocols. It takes an enormous quantity of ignorance or ego or both to
propose a network crypto protocol. The chances are that someone will take
your beautiful creation and smash it up in front of your eyes and then
dance on all the little pieces.


In particular, I don't think the lectures of the form, 'who are we to
attempt this' are helpful in the slightest. But we always get one from at
least one of two individuals whenever we attempt something new. I don't
think we should abandon hope on S/MIME quite yet but I am quite ready to
dump SMTP just to be rid of the 'you are not worthy' lectures.

Nobody understands this stuff completely. There is no cavalry ready to ride
in with the answers. The academic field of security usability is not yet an
engineering field, it is barely managing to do science.


There are three inescapable lessons of Snowdonia:

1) The insider threat can bring down any organization.

2) Security controls that are too difficult to be used will not be used
even in the most security sensitive organizations.

3) We need usable data level security protections now.


I would certainly encourage people to read the security usability
literature just as I encourage people to read on semiotics, hermeneutics
and many other sources that are outside the narrow field of network
engineering. But don't expect those sources to provide the answers because
they won't. All that you can expect from deeper understanding is to perhaps
ask better questions.
-- 
Website: http://hallambaker.com/

v2.23.0 | Report a Bug | By Email