Hi Dean,
At 10:12 13-09-2013, Dean Willis wrote:
So unless we have widespread review, from people likely to be in the
influence of multiple and conflicting actors, we really haven't had
a review. How widespread? I'm not exactly sure -- but it means more
than one review, from more than one company, from more than one
sector, and from more than one nation-state at a minimum. Trust is
really hard; our best substitute is a very widespread consensus.
Arguably, the mode that we've operated in for many years has given
us a rather bad current situation. Perhaps we should reassess "good enough".
The IETF has been operating in "good enough" mode since a long
time. Some proposals do not get widespread review. There are
variations of RFC 6302 in the IETF RFCs. When I raised a "privacy
issue" some time back the only person who supported the argument was
Stephen Farrell. The amount of effort to raise a "privacy issue" is
discouraging.
It's difficult to ensure review from more than one nation-state when
the majority is from one nation-state. It is not always clear what
the company or sector ties are.
There is a report of a Tor exit node being compromised. It's
unlikely that the problem could have been avoided with better
encryption. The architectural aspect of the problem was mentioned in 2005.
Regards,
-sm
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
