On Fri, Dec 13, 2024 at 12:50 PM Randy Bush <[email protected]> wrote: > > Martin Thomson wrote: > >> The archives of [email protected] tell a pretty grim tale of > >> how this institution is incapable of implementing the most trivial > >> change. > > > > There are a lot of people who have mastered using the CIA simple > > sabotage field manual > > > https://www.cia.gov/static/5c875f3ec660e092cf893f60b4a288df/SimpleSabotage.pdf > > charaacterizing folk who disagree with you as saboteurs is neither > polite nor productive. >
That nation state actors have a stake in the development of communications standards is obvious. That certain states engage in bad faith actions to promote their interests in standards processes is a matter of record. I have been in meetings with folk who made some of the decisions when the focus of the US intelligence community was throwing stones to discuss our current problem of living in a great big glass house. They have switched position but there are other countries that have not. A big glass house they can throw stones at suits certain nation state actors just fine. We are not going to fix the mistakes of the past by pretending they didn't happen. Not least because the reason we have ended up with a huge amount of cryptographic technology that nobody can use is we made bad choices in the name of 'security'. IPSEC as defined in the standards is completely useless because it doesn't work through NAT. And I remember the two Security ADs chuckling that it was a feature not a bug. S/MIME delivers solid security for people in organizations but is effectively unusable by individuals. OpenPGP is unusable by anyone who isn't exceptionally determined TLS has an ephemeral key exchange that throws away the shared secret originally negotiated rather than ratcheting it in. DPRIV took the absolutely absurd approach that running over TLS using TCP Fast Start that would require kernel modifications to every O/S was the 'fast route' to getting deployment. It wasn't of course as pretty much everyone realized. But certain people insisted that we had to get something out in 12 months and so we just had to take the doomed to a slow death technical approach. The list goes on. We are not going to fix the problems with Internet Security unless we acknowledge the fact that the perfect is the enemy of the good and sometimes the folk insisting on perfect are doing so to ensure that deployment never happens. And the way operatives work isn't the way most imagine either. The person making the public push for tying a boat anchor to some proposal probably isn't the operative. Those people work the bars and the hallways.
_______________________________________________ rfc-interest mailing list -- [email protected] To unsubscribe send an email to [email protected]
