Ben,
...
It's all about incentives. Why would anyone care right now whether an
RFC is a standard or not? No-one beats them up for complying with
non-standards. Or even failing to comply with standards.
That does not seem to be uniformly true. Some folks who purchase
equipment have been know to require prospective bidders to
assert that the products being proposed comply with selected RFCs.
If we are proposing to move into a world where we incentivise people
to care, then we need to actually call out people who fail to follow
the standards - and, as well, who fail to follow the secure standards.
I think we gave up on the notion of the IETF packet police a long time
ago, when Jeff Schiller was Sec AD. :-)
Just as now it is at least reasonably well understood by vendors that
TLS is desirable, because it gets pointed out if it isn't used, we
need to do the same for other secure standards.
TLS has been very successful in terms of widespread deployment, and
a lot of web sites mandate its use. But, it is also an example of
a good technology that has often been misunderstood. If I am at home,
making a credit-card purchase, TLS provides me with protection against
the wrong threat. My CC number is at much greater risk of being stolen
once it has arrived (securely) at the server, vs. when it was in transit.
(If I were using WiFi in Starbucks the threat mode would be different.)
The real benefit to me, as a client, is the nominal authentication of
the web
site offered by use of the underlying PKI. Of course, the browser PKI model
is not so great, but it's better than nothing.
Note that TLS for SMTP does not enjoy the same level of security as
TLS for HTTP. Why? I claim it is because it is completely invisible to
users, so there's no incentives for vendors to get it right.
My example above suggests another possible reason; I don't perceive
a serious threat against inter-SMTP server hops for the vast majority of
my e-mail.
We need to make these things visible (and I don't mean "show a
padlock", btw, I mean the kind of visibility we propose for
Certificate Transparency, namely, if it doesn't work right, you don't
connect).
Ben, please stop pushing CT as the solution for everything; it's become
more than tiresome.
Steve
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
