Re: [perpass] politics and the ietf

Stephen Kent <> Fri, 06 December 2013 15:10 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 9F8A51ADF6E for <>; Fri, 6 Dec 2013 07:10:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.302
X-Spam-Status: No, score=-2.302 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id OWe54iT4k1Io for <>; Fri, 6 Dec 2013 07:10:53 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 5C4AF1AE03B for <>; Fri, 6 Dec 2013 07:10:53 -0800 (PST)
Received: from ([]:59539 helo=comsec.home) by with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <>) id 1Vox3J-000EFb-1K for; Fri, 06 Dec 2013 10:10:49 -0500
Message-ID: <>
Date: Fri, 06 Dec 2013 10:10:48 -0500
From: Stephen Kent <>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.1.1
MIME-Version: 1.0
References: <20131205072546.2740.2142915422.0@crow> <> <> <>
In-Reply-To: <>
Content-Type: multipart/alternative; boundary="------------050509080200060007050704"
Subject: Re: [perpass] politics and the ietf
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 06 Dec 2013 15:10:56 -0000


> ...
> In the "early days" of the Internet, to my knowlege, the Internet was 
> more of a research project amongst co-operative researchers at places 
> like MIT, SRI, and CERN with the Web so security and privacy concerns 
> were minimal at best. I'm not sure what else can explain early RFCs :) 
> Obviously this has changed, and now folks have to retro-fit these 
> security on top the system.
As one who has been actively involved since "the early days" I have to 
disagree with your characterization. Internet R&D was funded primarily 
by the U.S. DoD, and thuis security was a consideration. Moreover, the 
sort of passive and active wiretapping attacks that we're discussing, 
ones that can be carried out by nation states, were a concern. The
technical approach to dealing with such attacks was to employ 
encryption, on an end-to-end basis, for realtime communication. Sound 

BBN built a basic e-t-e encryption device (the PLI) in the mid-1970's, 
for use in the ARPANET. Later in the 70's we worked with ARPA (now 
DARPA) to develop a more sophisticated system, one that worked with 
TCP/IP, provided per-connection security associations, and which used a 
KDC. (This was a few years before the MIT Kerberos project began and 
long before public key crypto was considered practical.)

All of this was well before development of the Web, even before DNS, in 
a simpler
environment. My point is that technology was developed to provide protection
against passive and active wiretapping of Internet protocols. It was not 
developed for
the software implementations that we see in OSes, because the DoD 
understood the vulnerabilities that arise in a software-based 
implementation. The solutions focused on external, hardware crypto, 
inline between a computer (or a gateway) and the Internet. That made the 
solutions developed for the DoD environment unattractive for typical 
commercial, much less, residential users.