[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Raven] The principled and the practical
- To: raven@ietf.org (IETF Electronic Wiretapping Discussion)
- Subject: [Raven] The principled and the practical
- From: "Jon 'tex' Boone" <tex@delamancha.org>
- Date: 12 Oct 1999 11:12:26 -0400
- List-Id: Raven Discussion List <raven.ietf.org>
- Sender: raven-admin@ietf.org
Folks,
I think it is important to air two points of view: the principled and
the practical. I have been involved, on and off, with the IETF since
1992. My personal leaning is toward the principled point of view.
In Danvers, a passionate debate raged between these two points of
view, particularly over the issue of the IPv6 specification requiring
the use of (then) non-exportable cryptographic algorithms for security
purposes. The rough consensus at that point was that the better
engineering design was to have security designed in from the
beginning, and to work in other forums to make products that complied
with the standard exportable.
Of course, some may judge this decision as naive and ineffective,
given the fact that IPv4 (which lacks built-in security) is still
widely deployed and the Internet standard.
THE PRINCIPLED
The IETF represents the collective knowledge and engineering acumen
of the individual members. Unlike other standards bodies, such as
ISO, IETF participants represent themselves - not their countries
and not their employers. The goal is get the best engineering
design possible, without unnecessarily watering the design down due
to the desires of special interest groups (governments,
corporations).
It has been demonstrated, time and again, that designing in back-door
access to systems (ala "debug" in Sendmail) invites non-governmental
organizations and/or individuals to take advantage of these same
back-doors to the detriment of system administrators and users.
The fact that the U.S. government wants to wiretap individuals on a
global basis is irrelevant to the best engineering design. Even
assuming the legitimacy of this desire, the risk of abuse is too
high to make this an acceptable compromise to the design. Further,
back-doors expose systems to a "Pandora's box" effect - one can't be
sure exactly what will come of it.
THE PRACTICAL
The point of IETF standards is to promote interoperability among
devices produced by different vendors. If these standards ignore
business requirements, such as limitations on what is exportable
and/or minimum functionality requirements, then they will lose their
relevancy in the marketplace.
From the IETF point of view, the worst case would be that different
vendors will violate existing IETF standards in non-interoperable
ways in order to meet these business requirements. From the vendor
point of view, the worst case is that they will ship a product that
is compliant to IETF standards and it will be unacceptable for
deployment.
By actively engaging in the work of re-engineering existing
standards to allow for this type of back-door access, it affords the
IETF a larger measure of control over how the protocols evolve to
accommodate these new requirements. Further, it offers the
opportunity to address known deficiencies in existing protocols.
Finally, it reassures both governmental and business entities that a
move toward using Internet technologies as the basis for everyday
uses such as IP Telephony is a safe one. Without this assurance,
vendors will hesitate to replace existing infrastructure and adopt
IP technology wholesale, only to have perform some sort of fork-lift
upgrade 18 months later due to increased governmental regulation.
-tex
--------------------------------------------------
Jon 'tex' Boone (610) 466-0477
tex@delamancha.org http://delamancha.org
--------------------------------------------------
_______________________________________________
raven mailing list
raven@ietf.org
http://www.ietf.org/mailman/listinfo/raven