Tony,
On 21/10/2013 23:14, Tony Rutkowski wrote:
> Hi Eliot,
>
> Apropos to your suggestion...
>
> What about MTnI (mandatory to not implement) or MTB (mandatory to break)?
> Public networks and services have been subject to governmental controls on
> encryption by every country in international law since 1850. Individuals and
> small groups may be able to skirt the requirements, but not commercial or
> institutional providers. Seems like a bit of a scaling challenge?
>
I believe that is *exactly* why the IETF endorsed both RFC 1984 and
RFC 2804. It's *our* job to make our specs as secure as reasonably
possible and to not help make them liable to eavesdropping. If that
makes signals intelligence agencies unhappy, or presents implementors
with a conflict between an IETF "MUST" and a jurisdictional "MUST NOT",
that isn't our concern.
Here, I believe we should focus only on specifications that enhance
privacy, and IMHO that certainly includes specifying that implementations
must have strong privacy-protecting default configurations.
Brian
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
