On 9 October 2013 18:33, Stephen Kent <k...@bbn.com> wrote: > Ben, > ... > >> It's all about incentives. Why would anyone care right now whether an >> RFC is a standard or not? No-one beats them up for complying with >> non-standards. Or even failing to comply with standards. > > That does not seem to be uniformly true. Some folks who purchase > equipment have been know to require prospective bidders to > assert that the products being proposed comply with selected RFCs. > >> If we are proposing to move into a world where we incentivise people >> to care, then we need to actually call out people who fail to follow >> the standards - and, as well, who fail to follow the secure standards. > > I think we gave up on the notion of the IETF packet police a long time > ago, when Jeff Schiller was Sec AD. :-)
Yeah, I don't think that's the answer. I think the answer is more along the lines of products not taking the attitude that they should work around everyone's broken crap, but instead that they should take a hard line. In short, "be liberal in what you accept" was a terrible idea for security and its time we dropped it. >> Just as now it is at least reasonably well understood by vendors that >> TLS is desirable, because it gets pointed out if it isn't used, we >> need to do the same for other secure standards. > > TLS has been very successful in terms of widespread deployment, and > a lot of web sites mandate its use. But, it is also an example of > a good technology that has often been misunderstood. If I am at home, > making a credit-card purchase, TLS provides me with protection against > the wrong threat. My CC number is at much greater risk of being stolen > once it has arrived (securely) at the server, vs. when it was in transit. > (If I were using WiFi in Starbucks the threat mode would be different.) > The real benefit to me, as a client, is the nominal authentication of the > web > site offered by use of the underlying PKI. Of course, the browser PKI model > is not so great, but it's better than nothing. > >> Note that TLS for SMTP does not enjoy the same level of security as >> TLS for HTTP. Why? I claim it is because it is completely invisible to >> users, so there's no incentives for vendors to get it right. > > My example above suggests another possible reason; I don't perceive > a serious threat against inter-SMTP server hops for the vast majority of my > e-mail. But this is exactly the problem: 99% of the time you don't care, so you argue that we should make it impossible to fix your problem in the other 1% of cases. I think the new reality is that you should worry about the 1% of the time you care and put up with whatever slight hardships it brings for your 99% case. _______________________________________________ perpass mailing list perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass