I'd like to snippet Phil's suggestion to an abbreviated version of one
sentence, becaue I think this is right on.
On 09/19/2013 05:37 PM, Phillip Hallam-Baker wrote:
The issue we need to focus on is how to convince our audience that our
specifications have not been compromised
To my mind,
On 20.09.2013 13:20, Harald Alvestrand wrote:
To my mind, the first thing to focus on is making our specs readable, so
that it's possible to understand that they have not been compromised.
Three questions for you Harald:
1) When you say that our documents have to be readable then you have
to
On 09/20/2013 01:38 PM, Hannes Tschofenig wrote:
On 20.09.2013 13:20, Harald Alvestrand wrote:
To my mind, the first thing to focus on is making our specs readable, so
that it's possible to understand that they have not been compromised.
Three questions for you Harald:
1) When you say that
On Fri, Sep 20, 2013 at 6:20 AM, Harald Alvestrand har...@alvestrand.nowrote:
I'd like to snippet Phil's suggestion to an abbreviated version of one
sentence, becaue I think this is right on.
On 09/19/2013 05:37 PM, Phillip Hallam-Baker wrote:
The issue we need to focus on is how to
On Fri, Sep 20, 2013 at 6:20 AM, Harald Alvestrand har...@alvestrand.no wrote:
I'd like to snippet Phil's suggestion to an abbreviated version of one
sentence, becaue I think this is right on.
On 09/19/2013 05:37 PM, Phillip Hallam-Baker wrote:
The issue we need to focus on is how to
On 19/09/13 17:59, Hannes Tschofenig wrote:
I am personally not worried that the standardization work in the IETF
can be sabotaged by governments since our process is open, and
transparent to everyone who cares to see what is going on.
Isn't it the other way round? That exactly because IETF
On Sep 20, 2013, at 9:12 AM, Harald Alvestrand har...@alvestrand.no wrote:
From the stack I'm currently working on, I find the ICE spec to be
convoluted, but the SDP spec is worse, becaue it's spread across so many
documents, and there are pieces where people seem to have agreed to ship
On Sep 20, 2013, at 13:38, Hannes Tschofenig hannes.tschofe...@gmx.net wrote:
2) Are there documents you find non-readable?
I'm not sure you aren't mocking us, but...
*Yes*, there are documents in the IETF that are highly non-accessible.
I could name examples from areas other than security,
On Fri, Sep 20, 2013 at 11:25 AM, Noel Chiappa j...@mercury.lcs.mit.eduwrote:
From: Martin Sustrik sust...@250bpm.com
Isn't it the other way round? That exactly because IETF process is
open
it's relatively easy for anyone to secretly introduce a backdoor
into a
On 9/20/2013 8:25 AM, Noel Chiappa wrote:
Iff enough people are _carefully_ reviewing specs, that ought to find all the
backdoors. An open process does have potential issues, but it's also the one
with the best chance of producing a 'good' product.
As has been said, the premise of open
On 20.09.2013 16:23, Phillip Hallam-Baker wrote:
For example, do we really need 30 different authentication algorithms in
a protocol? Whenever we talk about authentication we end up with a new
framework on the existing frameworks rather than just picking one.
I don't think that there is
--On Friday, September 20, 2013 10:15 -0400 Ted Lemon
ted.le...@nominum.com wrote:
On Sep 20, 2013, at 9:12 AM, Harald Alvestrand
har...@alvestrand.no wrote:
From the stack I'm currently working on, I find the ICE spec
to be convoluted, but the SDP spec is worse, becaue it's
spread across
On 20.09.2013 18:28, Steve Crocker wrote:
Are we conflating back doors in implementations with back doors in
protocol specifications? It's certainly a conceptual possibility for
there to be a back door in a protocol specification, but I don't
recall ever hearing about one.
Of course backdoors
Martin, I have no clue how you come up with that conclusion. Have you
ever worked in organizations that are closed to a small number of
members where decisions are being made behind closed doors? Do you think
that would help to produce better results?
I think the openness and transparency is
,
Kathleen
-Original Message-
From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of Hannes
Tschofenig
Sent: Friday, September 20, 2013 7:38 AM
To: har...@alvestrand.no
Cc: ietf@ietf.org
Subject: Re: Transparency in Specifications and PRISM-class attacks
On 20.09.2013 13:20
I'm glad the process aspects have been brought up again. When a WG is
finished with a draft, there is still a lot more work to do. WG last
call is or should be closer to the middle of a draft's development
trajectory than the end. I would say this is true not just for the
ones that someone
From: Steve Crocker st...@shinkuro.com
Are we conflating back doors in implementations with back doors in
protocol specifications?
Good point, but I was thinking specifically of protocol specs, since that's
what the IETF turns out.
It's certainly a conceptual possibility for
On Fri, Sep 20, 2013 at 10:02 AM, Martin Sustrik sust...@250bpm.com wrote:
On 19/09/13 17:59, Hannes Tschofenig wrote:
I am personally not worried that the standardization work in the IETF
can be sabotaged by governments since our process is open, and
transparent to everyone who cares to
From: Hannes Tschofenig hannes.tschofe...@gmx.net
* Prefer performance over privacy in protocol designs
You forgot:
* Prefer privacy over performance in protocol designs
and its cousin:
* Prefer privacy over usability in protocol designs
both of which, as we have seen
Carsten,
I am not saying all the specifications are great but I wanted to know
first what target audience Harald is talking about.
You are talking about us, guys who have been in the IETF for a long
time, as the target audience. If we find specifications difficult to
read then that's a real
, September 20, 2013 7:38 AM To: har...@alvestrand.no Cc:
ietf@ietf.org Subject: Re: Transparency in Specifications and
PRISM-class attacks
On 20.09.2013 13:20, Harald Alvestrand wrote:
To my mind, the first thing to focus on is making our specs
readable, so that it's possible to understand
The only back door necessary is the BGP4 route flap and private
transport networks do the rest.
Todd
On 09/20/2013 09:02 AM, Noel Chiappa wrote:
From: Steve Crocker st...@shinkuro.com
Are we conflating back doors in implementations with back doors in
protocol
Tschofenig; har...@alvestrand.no; ietf@ietf.org
Subject: Education and Information Sharing ... was Re: Transparency in
Specifications and PRISM-class attacks
Hi Kathleen,
you are responding to the question about the target audience* and I saw your
video. That's an interesting idea to reach out
On Sep 20, 2013, at 10:02 AM, Martin Sustrik sust...@250bpm.com wrote:
Isn't it the other way round? That exactly because IETF process is open it's
relatively easy for anyone to secretly introduce a backdoor into a protocol?
No, this is exactly wrong.
What is important about openness is not
Are we conflating back doors in implementations with back doors in protocol
specifications? It's certainly a conceptual possibility for there to be a back
door in a protocol specification, but I don't recall ever hearing about one.
On the other hand, back doors, both intended and unintended,
From: Martin Sustrik sust...@250bpm.com
Isn't it the other way round? That exactly because IETF process is open
it's relatively easy for anyone to secretly introduce a backdoor into a
protocol?
...
With IETF standard there can very well be several unknown backdoors
At 06:12 20-09-2013, Harald Alvestrand wrote:
By those who implement them, and those who try to understand how it
works to the degree that they feel assured that there are no
non-understood security risks (intentional or otherwise).
Yes.
From the stack I'm currently working on, I find the
One of the biggest problems resulting from the Snowden/PRISM fiasco is that
we now know that the NSA has been spending a significant sum (part but not
all of a $250 million budget) on infiltrating and manipulating the
standards process.
As one of my friends in the civil rights movement from the
Hi Phillip,
I am personally not worried that the standardization work in the IETF
can be sabotaged by governments since our process is open, and
transparent to everyone who cares to see what is going on. I could,
however, see easily how that is a problem with some other organizations
On Thu, Sep 19, 2013 at 11:59 AM, Hannes Tschofenig
hannes.tschofe...@gmx.net wrote:
Hi Phillip,
I am personally not worried that the standardization work in the IETF can
be sabotaged by governments since our process is open, and transparent to
everyone who cares to see what is going on. I
On Sep 19, 2013 12:01 PM, Hannes Tschofenig hannes.tschofe...@gmx.net
wrote:
PS: From my work in the IETF I am more worried about security privacy
unfriendly ideas individuals and companies come up with. Those obviously
help the NSA and others to intercept communication more easily.
Right,
31 matches
Mail list logo