Re: [perpass] perens-perpass-appropriate-response-01

Bruce Perens <bruce@perens.com> Wed, 04 December 2013 22:42 UTC

Return-Path: <bruce@perens.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0C311ACCDC for <perpass@ietfa.amsl.com>; Wed, 4 Dec 2013 14:42:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.177
X-Spam-Level:
X-Spam-Status: No, score=-1.177 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, RP_MATCHES_RCVD=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R2N86TdEc78q for <perpass@ietfa.amsl.com>; Wed, 4 Dec 2013 14:42:41 -0800 (PST)
Received: from alchemy.perens.com (alchemy.perens.com [206.221.219.26]) by ietfa.amsl.com (Postfix) with ESMTP id 217B51AC7EE for <perpass@ietf.org>; Wed, 4 Dec 2013 14:42:41 -0800 (PST)
Received: from [192.168.18.131] (mail.a10networks.com [12.207.16.167]) by alchemy.perens.com (Postfix) with ESMTPSA id 1053150008A for <perpass@ietf.org>; Wed, 4 Dec 2013 14:42:38 -0800 (PST)
Message-ID: <529FAFE2.8060205@perens.com>
Date: Wed, 04 Dec 2013 14:42:42 -0800
From: Bruce Perens <bruce@perens.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20131103 Icedove/17.0.10
MIME-Version: 1.0
To: perpass@ietf.org
References: <E2DA1477-C86E-441E-A33D-D47A0D67AFF3@iab.org> <EF9BD1E4-6EF3-4035-AC4E-1A2D3CADE615@mnot.net> <529E8494.7000806@perens.com> <20131204111309.GB11727@nic.fr> <529F7B3B.5020901@gmail.com> <529F91C9.6060906@perens.com> <529F9E01.2000306@gmail.com>
In-Reply-To: <529F9E01.2000306@gmail.com>
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] perens-perpass-appropriate-response-01
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Dec 2013 22:42:41 -0000

On 12/04/2013 01:26 PM, Brian E Carpenter wrote:
You could certainly argue that the IETF has historically been too lax about security and privacy vulnerabilities in our specifications - I reviewed some of that history in my plenary talk in Vancouver - so what we "handed over" was a network vulnerable to spying and spoofing.
It was incredibly successful. There was a competing stack design in the OSI protocols which went nowhere. IMO the reason for success was the simplicity. Don't abandon that now.

Yes, the IETF protocols are voluntary. But IETF has a certain degree of cachet by now, and there is a very high probability that the industry will follow IETF's lead because of that. Which IMO gives you the same responsibility that you would have if the protocols were not mandatory.

    Thanks

    Bruce