SM: > Hi Dean, > At 10:12 13-09-2013, Dean Willis wrote: >> So unless we have widespread review, from people likely to be in the >> influence of multiple and conflicting actors, we really haven't had a >> review. How widespread? I'm not exactly sure -- but it means more than >> one review, from more than one company, from more than one sector, and >> from more than one nation-state at a minimum. Trust is really hard; >> our best substitute is a very widespread consensus. >> >> Arguably, the mode that we've operated in for many years has given us >> a rather bad current situation. Perhaps we should reassess "good enough". > > The IETF has been operating in "good enough" mode since a long time. > Some proposals do not get widespread review. There are variations of > RFC 6302 in the IETF RFCs. When I raised a "privacy issue" some time > back the only person who supported the argument was Stephen Farrell. > The amount of effort to raise a "privacy issue" is discouraging. >
Seems like that isn't a problem now, right? Water under the bridge, perhaps? I have also seen a lot of IETF privacy and security weirdness but it is clear that things are improving now. > It's difficult to ensure review from more than one nation-state when the > majority is from one nation-state. It is not always clear what the > company or sector ties are. I don't think that this is a problem at all. I see people from a dozen countries on this list. > > There is a report of a Tor exit node being compromised. It's unlikely > that the problem could have been avoided with better encryption. The > architectural aspect of the problem was mentioned in 2005. > (Tor Developer here...) What are you referring to with regard to a Tor exit node being compromised? All the best, Jacob _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
