Tony .. Always wonderful to hear from you! The point we clearly agree on is that a productive discussion on this subject would be the usability and deployability of security protocols. I there has been a failure it lies there.
I totally agree the concepts of risk management and ultimately reputation management are central to mitigating the problems we now see. -----Original Message----- From: perpass-boun...@ietf.org [mailto:perpass-boun...@ietf.org] On Behalf Of Tony Rutkowski Sent: Thursday, October 10, 2013 10:52 AM To: Richard Shockey; 'Stephen Farrell'; 'Christian Huitema'; 'Peterson, Jon'; 'perpass' Subject: Re: [perpass] mandatory-to-implement vs. more? ++1, Rich. Furthermore, it's fairly clueless. Anyone seeking a secure universe isn't going to find it in this one. Any given instantiation of anything has n to the nth vulnerabilities waiting to be discovered and exploited by someone. Governments are among the lesser of the threat actors. Most of the real world has moved to risk management conceptualizations - as is pretty obvious on this list. Along those lines, is the new NIST SP800-53 Rev. 4 useful, and shouldn't the discussion be shifted in that direction? --tony On 10/10/2013 10:36 AM, Richard Shockey wrote: > Personally I find IETF discussions of Government behavior distasteful. > Frankly we have met the enemy and it is us. The IETF ended up > designing security protocols that are very very difficult to deploy at scale. > > E-Mail encryption is the obvious problem. Oh gee I'm really going to > turn that on if it ends up defeating the anti-spam measures. Good > luck with that. _______________________________________________ perpass mailing list perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass _______________________________________________ perpass mailing list perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass
