On Sep 18, 2013, at 1:39 AM, Dean Willis <[email protected]> wrote:
> > On Sep 17, 2013, at 4:12 AM, Stephen Farrell <[email protected]> > wrote: > >> >> Hi, >> >> Jeff raised tcpcrypt [1] in his earlier email. > > I personally thought tcpcrypt was an awesome idea. It was, IIRC, "down > talked" by some of the people who have been more instrumental in blocking > other solid security suggestions, like zRTP. Possibly even for technical > reasons, but that's a debate worth reliving. +1. In doing so, we should also make sure that either the mechanism is applicable to alternate transports under consideration for the HTTP/2 effort, or that those transports have equivalent mechanisms for opportunistic encryption. > Perhaps we could also consider a "policy" level of document, perhaps a BCP, > that sets high goals for security and surveillance resistance in all new > work. A formal declaration that fundamental security IS a priority, that > protocols lacking it "harm the Internet" just as badly as those lacking > congestion control. +n. IMO, this would be an update of RFC 2804, which would say in effect "remember when we said it's not okay for us to work on protocols that allow through their design the surveillance of targeted parties (point 4 of the wiretapping definition in section 3: "...when the third party acts deliberately to target the transmission of the first party, either because he is of interest, or because the second party's reception is of interest")? it's also not okay in the case that everyone is a target." (I was about to say we could just strike point 4 from the definition there, but in the interests of pedantry we should probably rework the definition, since one could say that points 1 and 2 don't hold in the case of pervasive passive surveillance, since post-Snowden/Poitras/Greenwald, everyone has a reasonable suspicion that everything which can be delivered to any third party by any means available.) Cheers, Brian
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
