RE: [v6ops] Last Call: (Internet Protocol Version 6 (IPv6) Profile for 3GPP Mobile Devices) to Informational RFC

Hi Ray, Please see inline. Cheers, Med >-Message d'origine- >De : v6ops-boun...@ietf.org [mailto:v6ops-boun...@ietf.org] De la part de >Ray Hunter >Envoyé : vendredi 6 septembre 2013 16:33 >À : Gert Doering >Cc : v6...@ietf.org WG; IETF Discussion >Objet : Re: [v6ops] Last Call: 04.txt>

Re: pgp signing in van

Subject: RE: pgp signing in van Date: Mon, Sep 09, 2013 at 05:28:55AM +0100 Quoting l.w...@surrey.ac.uk (l.w...@surrey.ac.uk): > There is no upside. > > By signing your mail you lose plausible deniability, remove legal doubt as to > what you said... Thinking twice about what to state has some b

Re: decentralization of Internet (was Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

I am wondering about the proposals made during this discussion. 1) It appears that some of the suggestions in this thread are about not using the existing Internet infrastructure to route packets but rather to either use local communication technology (e.g., short range radio) or adhoc network

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

So, has Bruce Schneier actually been invited to speak at the Technical Plenary (or elsewhere) during the Vancouver IETF? I recall him giving an informative talk at least one previous Tech Plenary, and in light of his 'proposal', if would be interesting to hear what he believes to be broken, and

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

We're talking. Eliot On 9/9/13 10:20 AM, Ross Finlayson wrote: > So, has Bruce Schneier actually been invited to speak at the Technical > Plenary (or elsewhere) during the Vancouver IETF? I recall him giving an > informative talk at least one previous Tech Plenary, and in light of his > 'pro

Re: pgp signing in van

hi Hector, Peter, all, On 9 Sep 2013, at 1:09, Hector Santos wrote: > > On 9/8/2013 6:21 PM, Peter Saint-Andre wrote: >> On 9/8/13 3:50 PM, Ted Lemon wrote: >>> >>> What's the upside to signing my email? I know why I want >>> everybody I know to sign my email, but what's the upside for me if

Re: Conclusions of Last Call for draft-ietf-spfbis-4408bis

On Sep 7, 2013, at 6:31 AM, Pete Resnick wrote: > Below is the list of issues brought up during Last Call of > draft-ietf-spfbis-4408bis. I have tried to collect together the common issues > and tease out the ones that are slightly different. Below each issue, I've > given what I take to be t

Re: Teachable moment

> Absolutely. I have noted at least 20 messages in the recent flood that > mention useful things the IETF can do, which is exactly what my provocative > message asked for. But (as Bruce's own recent posts show) the main weak spots > are not protocols and algorithms. Yes. Jari

Re: [v6ops] Last Call: (Internet Protocol Version 6 (IPv6) Profile for 3GPP Mobile Devices) to Informational RFC

On Wed, Sep 4, 2013 at 10:25 AM, Lorenzo Colitti wrote: > I'm just saying it here so that everyone in the community can see it. If > it's an IETF document it has to have IETF consensus, and since I feel that > the arguments were not properly taken into account in the WG (read: > ignored), I think

Re: pgp signing in van

On Sun, Sep 08, 2013 at 03:13:39PM -0400, John C Klensin wrote: > On the CA side, one of the things I think is needed is a rating > system (or collection of them on a "pick the rating service you > trust" basis) for CAs, with an obvious extension to PGP-ish key > signers. In itself, that isn't a

Re: [v6ops] Last Call: (Internet Protocol Version 6 (IPv6) Profile for 3GPP Mobile Devices) to Informational RFC

Browsing through the document I am not sure how much weight is carries when an IETF working group defines what 3GPP networks should be doing, particularly when talking about protocols the 3GPP has not really expressed an opinion about. From the document it is unclear to me what requirements ar

Re: [v6ops] Last Call: (Internet Protocol Version 6 (IPv6) Profile for 3GPP Mobile Devices) to Informational RFC

On Mon, Sep 9, 2013 at 7:19 PM, Dave Cridland wrote: > I'm not sure the consensus requirement you're suggesting actually exists. > This is aiming at Informational, and as such: > >An "Informational" specification is published for the general >information of the Internet community, and doe

RE: [v6ops] Last Call: (Internet Protocol Version 6 (IPv6) Profile for 3GPP Mobile Devices) to Informational RFC

Lorenzo, The document explicitly says "This document is not a standard." since version -00. What additional statement you would like to see added? Cheers, Med De : Lorenzo Colitti [mailto:lore...@google.com] Envoyé : lundi 9 septembre 2013 13:01 À : Dave Cridland Cc : BOUCADAIR Mohamed

Re: [v6ops] Last Call: (Internet Protocol Version 6 (IPv6) Profile for 3GPP Mobile Devices) to Informational RFC

On Mon, Sep 9, 2013 at 8:06 PM, wrote: > The document explicitly says “This document is not a standard.” since > version -00. > > ** ** > > What additional statement you would like to see added? > > I think the high-order points are: 1. The text "This document defines an IPv6 profile for 3GPP mo

RE: [v6ops] Last Call: (Internet Protocol Version 6 (IPv6) Profile for 3GPP Mobile Devices) to Informational RFC

Re-, Please see inline. Cheers, Med De : Lorenzo Colitti [mailto:lore...@google.com] Envoyé : lundi 9 septembre 2013 13:24 À : BOUCADAIR Mohamed IMT/OLN Cc : Dave Cridland; v6...@ietf.org WG; BINET David IMT/OLN; IETF Discussion Objet : Re: [v6ops] Last Call: (Internet Protocol Version 6 (IPv6

Re: pgp signing in van

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 9/8/13 10:28 PM, l.w...@surrey.ac.uk wrote: > There is no upside. > > By signing your mail you lose plausible deniability, remove legal > doubt as to what you said... Why do you think that cryptographic doubt = legal doubt? I've heard that claim m

Re: pgp signing in van

Ted Lemon wrote: > On Sep 8, 2013, at 5:33 PM, Michael Richardson >> To all the people who posted to this thread about how they don't know >> what a PGP key signature means, and who did not PGP or S/MIME their >> email: > What's the upside to signing my email? I know why I

Re: pgp signing in van

>Why do you think that cryptographic doubt = legal doubt? I've heard >that claim many times, but I've never heard an argument for it. Having attempted to explain technology in court as an expert witness, I find the assertion risible. R's, John

Re: pgp signing in van

On Sep 9, 2013, at 1:31 AM, Brian Trammell wrote: > I must say at least that GPGMail (on the Mac) has gotten _much_ better in the > intervening decade. +1 So far, it just works, and pretty much transparently. I've made my donation. Regards, -drc signature.asc Description: Message signed wi

Re: pgp signing in van

On Sep 9, 2013, at 8:43 AM, Michael Richardson wrote: >> What's the upside to signing my email? I know why I want everybody I >> know to sign my email, but what's the upside for me if I do it? Until >> there's a clear win, it's not going to happen. > > It's what establishes the reputation of th

Re: Conclusions of Last Call for draft-ietf-spfbis-4408bis

On 9/9/13 4:24 AM, Douglas Otis wrote: On Sep 7, 2013, at 6:31 AM, Pete Resnick wrote: Below is the list of issues brought up during Last Call of draft-ietf-spfbis-4408bis. [...] 7. Clarifications are needed regarding the number of lookups to do in 4.6.4. - This will be review

Re: High-volume benchmark (was Re: [apps-discuss] cbor-05)

On Sep 9, 2013, at 17:44, "Pierre Thierry" wrote: > Carsten, > > in draft-bormann-cbor-05, you mention that "The format must be > applicable to (…) high-volume applications." in section 1.1. > > Do you already have a benchmark in place to measure the volume that a > CBOR implementation is able

Re: pgp signing in van

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 9/9/13 11:02 AM, Cyrus Daboo wrote: > Hi Peter, > > --On September 8, 2013 at 5:19:51 PM -0600 Peter Saint-Andre > wrote: > >>> But until the MUAs across the board support it out of the box, >>> I believe most people don't know about it or know

Re: pgp signing in van

It also makes it obvious to everyone that Peter is using PGP. Which serves a pedagogical function, I guess. :) On Mon, Sep 9, 2013 at 1:12 PM, Peter Saint-Andre wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 9/9/13 11:02 AM, Cyrus Daboo wrote: > > Hi Peter, > > > > --On Septemb

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

On 9/5/13 8:28 PM, Brian E Carpenter wrote: What we lack is not the technology, it is demand for deployment. Exactly, and that is not actionable in the IETF. Brian, Some years back when we saw the lack of IPv6 deployment we started with some IPv4-free plenary time slots - eating our own do

High-volume benchmark (was Re: [apps-discuss] cbor-05)

Carsten, in draft-bormann-cbor-05, you mention that "The format must be applicable to (…) high-volume applications." in section 1.1. Do you already have a benchmark in place to measure the volume that a CBOR implementation is able to manage? Do you plan to compare CBOR implementations to implemen

AUTO: Lindsay S Reiser is out of the office on maternity leave. (returning 09/30/2013)

I am out of the office until 09/30/2013. For assistance regarding Sockets contact: Ashley Good (aag...@us.ibm.com) For assistance regarding TCP contact: Brian Jongekryg (b...@us.ibm.com) For any other issues needing immediate attention, please contact my manager Jim Effle (ef...@us.ibm.com) N

Re: pgp signing in van

If anyone advise me on using gmail and PGP/GPG (unicast, don't spam the list), I'd appreciate it. There's a plugin but it won't let me import my keyring.

Re: [IETF] Re: pgp signing in van

On Sep 9, 2013, at 1:12 PM, Peter Saint-Andre wrote: > Signed PGP part > On 9/9/13 11:02 AM, Cyrus Daboo wrote: > > Hi Peter, > > > > --On September 8, 2013 at 5:19:51 PM -0600 Peter Saint-Andre > > wrote: > > > >>> But until the MUAs across the board support it out of the box, > >>> I belie

Re: pgp signing in van

Hi Peter, --On September 8, 2013 at 5:19:51 PM -0600 Peter Saint-Andre wrote: But until the MUAs across the board support it out of the box, I believe most people don't know about it or know what it means. So that's an opportunity to educate people. For instance, perhaps the Internet Socie

What real users think [was: Re: pgp signing in van]

On 10/09/2013 01:58, Ted Lemon wrote: ... > Seriously, this perfectly illustrates the reason why PGP hasn't seen > widespread deployment: it doesn't address a use case that anybody understands > or cares about, True story: Last Saturday evening I was sitting waiting for a piano recital to start

Re: pgp signing in van

Chop? Sent from my BlackBerry® Smartphone, regret typo's! -Original Message- From: Ted Lemon Sender: ietf-boun...@ietf.org Date: Mon, 9 Sep 2013 13:58:34 To: IETF discussion list Subject: Re: pgp signing in van On Sep 9, 2013, at 8:43 AM, Michael Richardson wrote: >> What's the u

Re: What real users think [was: Re: pgp signing in van]

On 9/9/2013 1:09 PM, Brian E Carpenter wrote: I've just discovered that when you forward or reply to a message, you can just change the other person's text by typing over it! You'd have thought they would make that impossible." Yes, they should have made that impossible. Yeah, the pragmatics

Re: pgp signing in van

On Sep 9, 2013, at 4:11 PM, Dan York wrote: > Even in the groups where PGP was (and is) being used, usage is inconsistent > in part because people are now accessing their email using different devices > and not all of them have easy access to PGP/GPG. If you receive an encrypted > message... b

Re: What real users think [was: Re: pgp signing in van]

--On Tuesday, September 10, 2013 08:09 +1200 Brian E Carpenter wrote: >... > True story: Last Saturday evening I was sitting waiting for a > piano recital to start, when I overheard the person sitting > behind me (who I happen to know is a retired chemistry > professor) say to his companion "Em

Re: What real users think [was: Re: pgp signing in van]

On Sep 9, 2013, at 4:27 PM, Steve Crocker wrote: > Actually, I interpret the chemistry professor's comment in a different light. > It would be possible to design a system where: > > o the standard end user software doesn't facilitate editing the other > person's text, and > > o each piece of

Re: What real users think [was: Re: pgp signing in van]

On 9/9/2013 1:27 PM, Steve Crocker wrote: Actually, I interpret the chemistry professor's comment in a different light. It would be possible to design a system where: o the standard end user software doesn't facilitate editing the other person's text, and o each piece of text is signed. The r

Re: What real users think [was: Re: pgp signing in van]

On 9/9/2013 4:09 PM, Brian E Carpenter wrote: > On 10/09/2013 01:58, Ted Lemon wrote: > ... >> Seriously, this perfectly illustrates the reason why PGP hasn't seen >> widespread deployment: it doesn't address a use case that anybody >> understands or cares about, > > True story: Last Saturday e

Re: What real users think [was: Re: pgp signing in van]

On Sep 9, 2013, at 4:48 PM, Brian E Carpenter wrote: > Indeed. How one achieves such a fresh start is unclear. G+, Facebook, etc. There's no shortage of fresh starts in the personal communication space. They just don't typically look like typical SMTP/rfc822 email. And of course, they su

Re: What real users think [was: Re: pgp signing in van]

Yes, I am speaking of what would be possible today with a fresh start. The fresh start would also include signatures and encryption as a required part of the design. (If everyone has to have a key, the key management problems would be greatly reduced.) Steve On Sep 9, 2013, at 4:36 PM, Dave

Re: pgp signing in van

On Mon, 9 Sep 2013, Ted Lemon wrote: > It might be worth thinking about why ssh and ssl work so well, and PGP/GPG > don't. Umm, I question a conclusion that either ssh or ssl work well. ssh works reasonably well around me because I can help everyone get the details aligned. Even knowing all t

Re: [v6ops] Last Call: (Internet Protocol Version 6 (IPv6) Profile for 3GPP Mobile Devices) to Informational RFC

Owen, do you have any technical objection to raise about this document, or are you just replying because you like the sound the keys make as you type? The working group adopted the document, so it's too late to object that the working group shouldn't be working on it. You can object by pointin

Re: What real users think [was: Re: pgp signing in van]

Hi Brian, At 13:48 09-09-2013, Brian E Carpenter wrote: (Excuse my ignorance, but do existing MUAs allow one to edit a body part that arrived with a PGP signature?) Yes. Somebody would write a MUA to do it if it wasn't possible. Regards, -sm

Re: What real users think [was: Re: pgp signing in van]

Indeed. How one achieves such a fresh start is unclear. G+, Facebook, etc. There's no shortage of fresh starts in the personal communication space. They just don't typically look like typical SMTP/rfc822 email. And of course, they substitute central control for a distributed key model.

Re: What real users think [was: Re: pgp signing in van]

Actually, I interpret the chemistry professor's comment in a different light. It would be possible to design a system where: o the standard end user software doesn't facilitate editing the other person's text, and o each piece of text is signed. The result would be a system where a recipient

Re: pgp signing in van

On Sep 9, 2013, at 5:19 PM, David Morris wrote: > On Mon, 9 Sep 2013, Ted Lemon wrote: > >> It might be worth thinking about why ssh and ssl work so well, and PGP/GPG >> don't. > > Umm, I question a conclusion that either ssh or ssl work well. It's in widespread use. Hence, it works well.

Re: pgp signing in van

On Sep 9, 2013, at 9:58 AM, Ted Lemon wrote: > Seriously, this perfectly illustrates the reason why PGP hasn't seen > widespread deployment: it doesn't address a use case that anybody understands > or cares about, and it appears to address a use case that people actually > would like to avoid.

Re: What real users think [was: Re: pgp signing in van]

On 10/09/2013 08:39, Steve Crocker wrote: > Yes, I am speaking of what would be possible today with a fresh start. The > fresh start would also include signatures and encryption as a required part > of the design. (If everyone has to have a key, the key management problems > would be greatly r

Re: not really pgp signing in van

On Monday, September 09, 2013 21:36:15 John Levine wrote: > >> Yes, they should have made that impossible. > > > >Oh my, I _love_ this! This is actually the first non-covert use case I've > >heard described, although I'm not convinced that PGP could actually do > >this without message format twea

Re: What real users think [was: Re: pgp signing in van]

To be clear, what I would like to see in an MUA that addresses the use case Brian described is that it is just a new mime encoding that allows a message to be pieced together from a collection of signed attachments. So in this message, the mail would be encoded as two parts. The first would b

Re: What real users think [was: Re: pgp signing in van]

On Sep 9, 2013, at 5:25 PM, Dave Crocker wrote: > 1. Starting fresh means ceasing to interoperate (well) with Internet Mail. > We had quite a lot of exemplars of this when the Internet was starting to be > commercial; semantics matching was often awkward. To be clear, what I would like to se

Re: not really pgp signing in van

On Sep 9, 2013, at 5:36 PM, John Levine wrote: > Sounds like we're on our way to reinventing S/MIME. Other than the > key signing and distribution (which I agree is a major can of worms) > it works remarkably well. Right. That's the reason I don't use it. Completely naively, may I ask why w

Re: What real users think [was: Re: pgp signing in van]

On Sep 9, 2013, at 5:21 PM, SM wrote: > Yes. Somebody would write a MUA to do it if it wasn't possible. What they do not, however, do, is to fix up the signature so that it still validates after the editing has been done.

Re: not really pgp signing in van

>> Yes, they should have made that impossible. > >Oh my, I _love_ this! This is actually the first non-covert use case I've >heard described, >although I'm not convinced that PGP could actually do this without message >format tweaks. Sounds like we're on our way to reinventing S/MIME. Other t

Re: pgp signing in van

On 9/9/13 5:17 PM, Ted Lemon wrote: > It might be worth thinking about why ssh and ssl work so well, and PGP/GPG > don't. Because normally with SSL and SSH the complexity is in the server, not the client. When the client needs to verify the identity of some site with SSL we have the backgrou

Re: pgp signing in van

On Sep 9, 2013, at 5:51 PM, Arturo Servin wrote: >Because normally with SSL and SSH the complexity is in the server, > not the client. When the client needs to verify the identity of some > site with SSL we have the background browser process to check it (that > in fact it is another weakness

Re: What real users think [was: Re: pgp signing in van]

On Mon, Sep 9, 2013 at 4:27 PM, Steve Crocker wrote: > Actually, I interpret the chemistry professor's comment in a different > light. It would be possible to design a system where: > > o the standard end user software doesn't facilitate editing the other > person's text, and > > o each piece of

Re: not really pgp signing in van

>> Sounds like we're on our way to reinventing S/MIME. Other than the >> key signing and distribution (which I agree is a major can of worms) >> it works remarkably well. > >Which sounds kind of like, "Other than that Mrs. Lincoln, how was the play?" Yes, and no. PGP and S/MIME each have their o

Re: What real users think [was: Re: pgp signing in van]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >Believe it or not Ted Nelson had a similar idea when he invented Xanadu >Hypertext. He was obsessed by copyright and the notion that it would be >wrong to copy someone else's text to another machine, hence the need for >links. Well, yes, but he's nev

Re: not really pgp signing in van

On Sep 9, 2013, at 9:07 PM, John Levine wrote: > Yes, and no. PGP and S/MIME each have their own key distribution > problems. With PGP, it's easy to invent a key, and hard to get other > people's software to trust it. With S/MIME it's harder to get a key, > but once you have one, the software i

Re: [v6ops] Last Call: (Internet Protocol Version 6 (IPv6) Profile for 3GPP Mobile Devices) to Informational RFC

It has been pointed out to me that I went overboard in my response to you. I will state what was obvious to me as I wrote my response, but may not have been obvious to other readers: I am not the responsible AD for v6ops. My response was that of a participant in v6ops. I didn't find what yo

Re: not really pgp signing in van

> Yes, and no. PGP and S/MIME each have their own key distribution > problems. With PGP, it's easy to invent a key, and hard to get other > people's software to trust it. With S/MIME it's harder to get a key, > but once you have one, the software is all happy. That's a bug, not a feature. Th

Re: not really pgp signing in van

On Sep 9, 2013, at 9:26 PM, John R Levine wrote: > Um, didn't this start out as a discussion about how we should try to get > people using crypto, rather than demanding perfection that will never > happen? Yes. > Typical S/MIME keys are issued by CAs that verify them by > sending you mail with a

Re: not really pgp signing in van

Typical S/MIME keys are issued by CAs that verify them by sending you mail with a link. While it is easy to imagine ways that could be subverted, in practice I've never seen it. The most obvious way that it can be subverted is that the CA issues you a key pair and gives a copy of the private k

Re: What real users think [was: Re: pgp signing in van]

On 09/09/2013 05:48 PM, Brian E Carpenter wrote: > On 10/09/2013 08:39, Steve Crocker wrote: >> Yes, I am speaking of what would be possible today with a fresh start. The >> fresh start would also include signatures and encryption as a required part >> of the design. (If everyone has to have a

Re: pgp signing in van

On 09/09/2013 05:17 PM, Ted Lemon wrote: > On Sep 9, 2013, at 4:11 PM, Dan York wrote: >> Even in the groups where PGP was (and is) being used, usage is >> inconsistent in part because people are now accessing their email >> using different devices and not all of them have easy access to >> PGP/GP

Re: pgp signing in van

On Sep 9, 2013, at 11:36 PM, Paul Wouters wrote: > Related (does not take away the full pain): Nice. I think section 4.2 is slightly too pessimistic, but not harmfully so. It might be worth talking about leap-of-faith validation as well as web-of-trust validation.

Re: [v6ops] Last Call: (Internet Protocol Version 6 (IPv6) Profile for 3GPP Mobile Devices) to Informational RFC

On 9/9/13 4:24 AM, Lorenzo Colitti wrote: > On Mon, Sep 9, 2013 at 8:06 PM, > wrote: > > The document explicitly says “This document is not a standard.” > since version -00. > > __ __ > > What additional statement you would like to see added?

RE: [v6ops] Last Call: (Internet Protocol Version 6 (IPv6) Profile for 3GPP Mobile Devices) to Informational RFC

Hi Joel, Please see inline. Cheers, Med >-Message d'origine- >De : joel jaeggli [mailto:joe...@bogus.com] >Envoyé : mardi 10 septembre 2013 06:42 >À : Lorenzo Colitti; BOUCADAIR Mohamed IMT/OLN >Cc : v6...@ietf.org WG; IETF Discussion; BINET David IMT/OLN >Objet : Re: [v6ops] Last Call:

Re: [v6ops] Last Call: (Internet Protocol Version 6 (IPv6) Profile for 3GPP Mobile Devices) to Informational RFC

On Tue, Sep 10, 2013 at 3:27 PM, wrote: > Having consent form all vendors is valuable but I'm afraid this is not the > goal of this document. > If not "all vendors", then what about "some vendors"? Is it a goal of this document to have consensus from some implementors? Or is consensus from imple

Re: [v6ops] Last Call: (Internet Protocol Version 6 (IPv6) Profile for 3GPP Mobile Devices) to Informational RFC

On Mon, Sep 9, 2013 at 9:16 PM, wrote: > * > NEW:* > > * * > > NOTE WELL: This document is not a standard, and conformance with > > it is not required in order to claim conformance with IETF > > standards for IPv6. It uses the normative keywords defined in the** > ** >

Re: not really pgp signing in van

On 10 Sep 2013, at 3:53, John R Levine wrote: >>> Typical S/MIME keys are issued by CAs that verify them by >>> sending you mail with a link. While it is easy to imagine ways that >>> could be subverted, in practice I've never seen it. >> >> The most obvious way that it can be subverted is tha

RE: [v6ops] Last Call: (Internet Protocol Version 6 (IPv6) Profile for 3GPP Mobile Devices) to Informational RFC

Re, I have considered that Lorenzo. "is not required to deploy IPv6" would be accurate if this document is dealing only with dual-stack, but this is not true for the IPv6-only mode. The set of SHOULD recommendations are targeting that deployment model. Cheers, Med De : Lorenzo Colitti [mailt