Re: The War is on...

John C Klensin <> Mon, 07 July 2014 16:02 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id E21C21A033D for <>; Mon, 7 Jul 2014 09:02:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.251
X-Spam-Status: No, score=-3.251 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id wS1wcXxxzPUS for <>; Mon, 7 Jul 2014 09:02:25 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id AA1E21A0336 for <>; Mon, 7 Jul 2014 09:02:25 -0700 (PDT)
Received: from [] ( by with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <>) id 1X4BJj-000Fho-PJ; Mon, 07 Jul 2014 11:58:59 -0400
Date: Mon, 07 Jul 2014 12:02:19 -0400
From: John C Klensin <>
To: todd <>,
Subject: Re: The War is on...
Message-ID: <>
In-Reply-To: <>
References: <>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Scanned: No (on; SAEximRunCond expanded to false
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IPR-WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 07 Jul 2014 16:02:30 -0000

--On Monday, July 07, 2014 07:54 -0700 todd
<>; wrote:

> Well its happened - the EFF is suing the NSA for 'holes
> engineered' into things.
> r-of-national-intelligence-for-intentionally-leaving-holes-in-
> software-unplugged-2000157
> How long do you all think it will take before the IETF and its
> IPR WG members are by name added as defendants in this matter ?

I can see a number of issues for the IETF in any situation in
which an organization is accused of deliberately inserting
vulnerabilities into protocols or methods or of hiding
vulnerabilities of which it is aware to exploit them.  As as as
the IETF (or any other SDO) is concerned, most of them would be
arise if the SDO or key members of its leadership were somehow
complicit in the actions.  A reasonable person might want to
examine the SDO's review and decision processes to be sure they
provide adequate safeguards against such activities.  

However, I have trouble seeing any of that as an IPR issue
either under current IETF policies or others one might imagine,
especially as long as the SDO explicitly disclaimed warranties
that standards were problem-free.  ...And at least under the IPR
laws of this planet.