Hi Eliot, Hi Phillip,
On 10/22/2013 06:13 AM, Eliot Lear wrote:
Whether we like it or not, this is now part of the distrust landscape
we have to deal with when designing technical solutions.
I agree with this statement. It reminds me of a famous statement: trust
but verify. The only method we have to deal with the sort of
interference we've read about are our open and transparent processes
(it's one of the reasons draft-resnick-consensus is very important, by
the way). Nobody has anything better to offer, nor will they have.
In context of the cryptographic primitives we certainly have relied a
lot on NIST, which is reflected in the number of presentations at the
SAAG meetings.
We have made too few attempts to reach out to other communities (if
those even exist) to hear other views. I once talked to Bart Preneel,
who is involved in the European crypto community, to attend an IETF
meeting but (for whatever reason) it didn't work out.
Maybe that's something to think about?
If people want technologies like DNSSEC/DANE or RPKI to be deployed in
practice they are going to have to answer the difficult questions
about how cryptography is used to concentrate power over the Internet
infrastructure by a very narrow range of institutions, most of which
are ultimately under US govt. control.
To this we can only say that if the U.S. attempted to exert that
control, it would be widely noticed, and it would quickly lead to changes.
Although I wasn't at the IAB at that time I recall that the RPKI
decision for having a single trust anchor was everything but easy.
Here is the IAB statement from that time:
http://www.ietf.org/mail-archive/web/ietf-announce/current/msg07028.html
Maybe Marcelo, who was at the IAB at that time, can say something about
the discussions.
Ciao
Hannes
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
