Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

> And that no amount of communication security helps you if you do not the guy > at the other end. Do not *trust* the guy at the other end. Typos, sigh…

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

On 9/6/13 5:11 AM, Phillip Hallam-Baker wrote: > S/MIME is almost what we need to secure email. What is missing is an > effective key discovery scheme. We could add that and add Ben Laurie's > Certificate Transparency and have a pretty good start on a PRISM Proof > email scheme. Not when the key

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

I think we should seize this opportunity to take a hard look at what we can do better. Yes, it is completely correct that this is only partially a technical problem, and that there is a lot of technology that, if used, would help. And that technical issues outside IETF space, like endpoint secur

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

On 9/5/13 8:59 PM, Randy Bush wrote: > side discussion wonders whether bruce may be a bit on the > pollyanna side on this aspect. That's a really interesting question, and I have no idea what the answer is. One reason it's interesting is that until this all broke there was a reasonable assumption

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

> This assumes, of course, that current crypto technology > (ciphers, anyway) is sufficient, which Schneier seems to > think is the case. side discussion wonders whether bruce may be a bit on the pollyanna side on this aspect. randy

Weekly posting summary for ietf@ietf.org

Total of 149 messages in the last 7 days. script run at: Fri Sep 6 00:53:02 EDT 2013 Messages | Bytes| Who +--++--+ 7.38% | 11 | 6.82% |81747 | sm+i...@elandsys.com 5.37% |8 | 4.69% |56229 | brian.e.carp

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

On 6 sep 2013, at 05:39, j...@mercury.lcs.mit.edu (Noel Chiappa) wrote: >> From: Phillip Hallam-Baker > >> S/MIME is almost what we need to secure email. > > If by "secure email" you mean 'render email impervious to being looked at > while on the wire', perhaps. If, however, you mean 'render it

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

On Thu, Sep 5, 2013 at 11:32 PM, Andrew Sullivan wrote: > On Fri, Sep 06, 2013 at 03:28:28PM +1200, Brian E Carpenter wrote: > > > > OK, that's actionable in the IETF, so can we see the I-D before > > the cutoff? > > Why is that discussion of this nailed to the cycle of IETF meetings? It is not.

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

On Thu, Sep 5, 2013 at 11:28 PM, Brian E Carpenter < brian.e.carpen...@gmail.com> wrote: > On 06/09/2013 15:11, Phillip Hallam-Baker wrote: > ... > > S/MIME is almost what we need to secure email. What is missing is an > > effective key discovery scheme. We could add that and add Ben Laurie's > >

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

> From: Phillip Hallam-Baker > S/MIME is almost what we need to secure email. If by "secure email" you mean 'render email impervious to being looked at while on the wire', perhaps. If, however, you mean 'render it secure from ever being looked at by anyone else', no way. Even if it's st

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

On Fri, Sep 6, 2013 at 9:02 AM, Vinayak Hegde wrote: > On Fri, Sep 6, 2013 at 8:41 AM, Phillip Hallam-Baker wrote: > >> >> On Thu, Sep 5, 2013 at 9:36 PM, Brian E Carpenter < >> brian.e.carpen...@gmail.com> wrote: >> >>> I'm sorry, I don't detect the emergency. >>> >>> I'm not saying there's no i

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

On Fri, Sep 06, 2013 at 03:28:28PM +1200, Brian E Carpenter wrote: > > OK, that's actionable in the IETF, so can we see the I-D before > the cutoff? Why is that discussion of this nailed to the cycle of IETF meetings? A -- Andrew Sullivan a...@anvilwalrusden.com

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

On Fri, Sep 6, 2013 at 8:41 AM, Phillip Hallam-Baker wrote: > > On Thu, Sep 5, 2013 at 9:36 PM, Brian E Carpenter < > brian.e.carpen...@gmail.com> wrote: > >> I'm sorry, I don't detect the emergency. >> >> I'm not saying there's no issue or no work to do, but what's new about >> any of this? > > >

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

On 9/5/13 7:19 PM, Brian E Carpenter wrote: > I'm not talking about what implementors and operators and users > should be doing; still less about what legislators should or > shouldn't be doing. I care about all those things, but the question > here is what standards or informational outputs from t

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

On 06/09/2013 15:11, Phillip Hallam-Baker wrote: ... > S/MIME is almost what we need to secure email. What is missing is an > effective key discovery scheme. We could add that and add Ben Laurie's > Certificate Transparency and have a pretty good start on a PRISM Proof > email scheme. OK, that's a

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

On 9/5/2013 8:08 PM, Ted Lemon wrote: they convinced us we'd won We've done quite a sales job on ourselves, also. Remember the IAB tech plenary that declared protocols dead, because the client is downloaded from the server? Think about that, in the light of recent revelations about compro

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

On 06/09/2013 15:08, Ted Lemon wrote: > On Sep 5, 2013, at 9:36 PM, Brian E Carpenter > wrote: >> I'm sorry, I don't detect the emergency. > > I think we all knew NSA was collecting the data. Why didn't we do something > about it sooner? Wasn't it an emergency when the PATRIOT act was passe

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

> From: Dean Willis > The [IETF] .. needs dedicate its next meeting to this task. This is > an emergency, and demands an emergency response. The thing is that I'm not sure how much of this is the NSA 'breaking' protocols/algorithms, and how much is finding ways past/around that secur

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

On Thu, Sep 5, 2013 at 9:36 PM, Brian E Carpenter < brian.e.carpen...@gmail.com> wrote: > I'm sorry, I don't detect the emergency. > > I'm not saying there's no issue or no work to do, but what's new about > any of this? > > Was PRISM a surprise to anyone who knew that the Five Eyes sigint > organ

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

On Sep 5, 2013, at 9:36 PM, Brian E Carpenter wrote: > I'm sorry, I don't detect the emergency. I think we all knew NSA was collecting the data. Why didn't we do something about it sooner? Wasn't it an emergency when the PATRIOT act was passed? We certainly thought it was an emergency ba

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

On Sep 5, 2013, at 8:46 PM, Lucy Lynch wrote: >> I'd like to share the challenge raised by Bruce Schneier in: I thought it was a great call to action. Is Bruce coming to Vancouver?

Re: pgp signing in van

On 9/5/2013 5:45 PM, Randy Bush wrote: is pgp compromised? PGP is a packaging method. Absent grossly incompetent packaging -- and I've never heard claims that PGP or S/MIME were guilty of that -- my sense is that the interesting security mechanisms are the underlying algorithms. Is there

Re: pgp signing in van

On Thu, Sep 5, 2013 at 8:45 PM, Randy Bush wrote: > so, it might be a good idea to hold a pgp signing party in van. but > there are interesting issues in doing so. we have done lots of parties > so have the social protocols and n00b cheat sheets. but that is the > trivial tip of the iceberg. >

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

On Sep 5, 2013 5:17 PM, "Dean Willis" wrote: > > > This is bigger than the "perpass" list. > > I suggested that the surveillance/broken crypto challenge represents "damage to the Internet". I'm not the only one thinking that way. > > I'd like to share the challenge raised by Bruce Schneier in: > >

Re: Last Call: (Retirement of the "Internet Official Protocol Standards" Summary Document) to Best Current Practice

--On Thursday, September 05, 2013 15:20 -0700 Pete Resnick wrote: >> IESG minutes as the publication of record >> > > The only reason I went with the IESG minutes is because they > do state the "pending" actions too, as well as the completed > ones, which the IETF Announce list does not. F

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

I'm sorry, I don't detect the emergency. I'm not saying there's no issue or no work to do, but what's new about any of this? Was PRISM a surprise to anyone who knew that the Five Eyes sigint organisations have been cooperating since about 1942 and using intercontinental data links since 1944)? Wa

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

On Thu, 5 Sep 2013, Dean Willis wrote: This is bigger than the "perpass" list. I suggested that the surveillance/broken crypto challenge represents "damage to the Internet". I'm not the only one thinking that way. an additional call to action can be found here: http://www.newamerica.net/pr

pgp signing in van

so, it might be a good idea to hold a pgp signing party in van. but there are interesting issues in doing so. we have done lots of parties so have the social protocols and n00b cheat sheets. but that is the trivial tip of the iceberg. o is pgp compromised? just because it is not listed in [0

Re: Last Call: (Retirement of the "Internet Official Protocol Standards" Summary Document) to Best Current Practice

At 14:45 05-09-2013, Scott O Bradner wrote: looks good to me except that maybe using the IETF Announce list rather than IESG minutes as the publication of record What draft-resnick-retire-std1-01 says is that the "publication of record" has been the IESG minutes. I read what Scott Bradner wro

Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

This is bigger than the "perpass" list. I suggested that the surveillance/broken crypto challenge represents "damage to the Internet". I'm not the only one thinking that way. I'd like to share the challenge raised by Bruce Schneier in: http://www.theguardian.com/commentisfree/2013/sep/05/gover

Re: Gen-ART review of draft-ietf-geopriv-res-gw-lis-discovery-05

Thanks Peter. I fixed all the nits: https://github.com/martinthomson/drafts/commit/0e7cc6089e96f6b4b2a2cff0d094733b313b8e39 On 31 July 2013 13:50, Peter Yee wrote: > Page 9, section 4.2, 2nd paragraph, 1st sentence: I'll admit my ignorance > of the finer points of the DNS and inquire what this s

Re: Last Call: (Retirement of the "Internet Official Protocol Standards" Summary Document) to Best Current Practice

looks good to me except that maybe using the IETF Announce list rather than IESG minutes as the publication of record Scott On Sep 5, 2013, at 1:10 PM, Pete Resnick wrote: > Having seen no further comments, Jari has asked me to post -01 with the > changes. Done. > > pr > > -- > Pete Resnic

Re: REVISED Last Call: (The Pseudowire (PW) & Virtual Circuit Connectivity Verification (VCCV) Implementation Survey Results) to Informational RFC

Abdussalam, Many thanks for your review and comments on the draft. I have some answers inline. On Wed, Sep 4, 2013 at 10:24 PM, Abdussalam Baryun < abdussalambar...@gmail.com> wrote: > The Reviewer: Abdussalam Baryun > Date: 05.09.2013 > I-D name: draft-ietf-pwe3-vccv-impl-survey-results > Recei

Re: Last Call: (Retirement of the "Internet Official Protocol Standards" Summary Document) to Best Current Practice

Having seen no further comments, Jari has asked me to post -01 with the changes. Done. pr -- Pete Resnick Qualcomm Technologies, Inc. - +1 (858)651-4478

Unbearable related to misspellings ideas (was Re: draft-moonesamy-ietf-conduct-3184bis)

On 9/1/13, Eduardo A. Suárez wrote: > What is unbearable to me is that in more than one discussion in a > mailing list someone's opinion is censored because misspell their > ideas or opinions. I don't think that is unbearable, usually in communications between IP devices/machines it happens that

Re: Last Call: (Retirement of the "Internet Official Protocol Standards" Summary Document) to Best Current Practice

I tend to agree with Pete - the minutes are more like an official record, as well. BTW, the IESG Charter (RFC 3710) says: "The IESG publishes a record of decisions from its meetings on the Internet,..." In any case, apart from this detail, I think the draft is good to go. Brian On 06/09/2013

Re: Last Call: (Retirement of the "Internet Official Protocol Standards" Summary Document) to Best Current Practice

I also agree that the minutes are the most complete/official record we have. Jari On Sep 6, 2013, at 1:40 AM, Brian E Carpenter wrote: > I tend to agree with Pete - the minutes are more like an official > record, as well. BTW, the IESG Charter (RFC 3710) says: > > "The IESG publishes a record

Re: REVISED Last Call: (The Pseudowire (PW) & Virtual Circuit Connectivity Verification (VCCV) Implementation Survey Results) to Informational RFC

Thanks Andrew, I am happy to see a survey draft, I never seen one before in IETF, however, if there was a survey done before in IETF, it will be interesting to mention that if you think necessary related. On 9/5/13, Andrew G. Malis wrote: > Abdussalam, > > Many thanks for your review and comments

Re: Last Call: (Retirement of the "Internet Official Protocol Standards" Summary Document) to Best Current Practice

On 9/5/13 2:45 PM, Scott O Bradner wrote: looks good to me except that maybe using the IETF Announce list rather than IESG minutes as the publication of record The only reason I went with the IESG minutes is because they do state the "pending" actions too, as well as the completed ones, wh

Re: "Deprecate"

- Original Message - From: "t.p." To: ; "'Michelle Cotton'" ; "'ietf'" Sent: Thursday, August 29, 2013 4:35 PM > Original Message - > From: "Adrian Farrel" > To: "'Michelle Cotton'" ; "'Dearlove, > Christopher (UK)'" ; "'t.p.'" > ; "'ietf'" > Sent: Thursday, August 29, 2013 4:

Re: New Mailing List: Internet governance and IETF technical work

On 9/5/13 6:01 AM, Abdussalam Baryun wrote: > On 9/4/13, IAB Chair wrote: >> As requested by the community, the IAB has decided to open a mailing list >> to >> discuss topics regarding the intersection of Internet governance and IETF >> technical work. In particular, this list will focus on issu

Re: New Mailing List: Internet governance and IETF technical work

On 9/4/13, IAB Chair wrote: > As requested by the community, the IAB has decided to open a mailing list > to > discuss topics regarding the intersection of Internet governance and IETF > technical work. In particular, this list will focus on issues relating to > Internet governance and regulation,