W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: SSL/TLS everywhere fail

From: Adrien de Croy <adrien@qbik.com>
Date: Sun, 06 Dec 2015 23:50:28 +0000
To: "Stephen Farrell" <stephen.farrell@cs.tcd.ie>, "Poul-Henning Kamp" <phk@phk.freebsd.dk>
Cc: "Jacob Appelbaum" <jacob@appelbaum.net>, "Mark Nottingham" <mnot@mnot.net>, "Cory Benfield" <cory@lukasa.co.uk>, "Mike Belshe" <mike@belshe.com>, "Amos Jeffries" <squid3@treenet.co.nz>, "httpbis mailing list" <ietf-http-wg@w3.org>
Message-Id: <emf1526309-0995-4a44-8843-eaca910ec930@bodybag>

"Consensus"

It seems odd to me that "consensus" can be reached on things without 
even the knowledge of others.  I don't recall seeing anything about 
BCP188 on this list, so the "consensus" I would have to assume is a 
limited one, which hardly seems worth the claim.

And you wrote it yourself last year.

So that particular reference seems a bit self-serving.

And as far as I'm concerned, we don't really achieve true consensus on 
much.  Witness more recently the DNSOP .onion spec which requires 
building a time-machine to comply with.   The IETF is bigger than DNSOP 
or HTTPBis, so to claim "xx represents the consensus of the IETF 
community" is dubious at best.

And it is a u-turn on previous long-standing IETF "consensus" which is 
that we should not take a partisan stance.

Problem with taking a partisan stance is that when those with the actual 
power of states (e.g. legislature, judiciary, police etc) decide what we 
are doing is illegal, we create problems for our customers.  History is 
full of governments just doing what they want, look how Blackberry was 
blocked in India.  Do we really have the moral right to put users of 
products using our designed protocols at odds with the laws of their 
country "for their own good"?  Seems a bit irresponsible and callous to 
me.

The neutral stance I could live with, but we should not be taking a 
partisan stance, nor trying to state that the IETF thinks monitoring is 
"an attack" which is a highly loaded and pejorative term although I note 
that you attempt to address this in section 1, I don't think that 
message will make it across.

There seems to be a bit of a reality disconnect when denying any 
potential legitimacy to rights which are currently exercised by almost 
every state.  I wonder what the US state dept and many other government 
agencies around the world would think of BCP188 or what this WG is doing 
here.



------ Original Message ------
From: "Stephen Farrell" <stephen.farrell@cs.tcd.ie>
To: "Poul-Henning Kamp" <phk@phk.freebsd.dk>
Cc: "Jacob Appelbaum" <jacob@appelbaum.net>; "Mark Nottingham" 
<mnot@mnot.net>; "Cory Benfield" <cory@lukasa.co.uk>; "Adrien de Croy" 
<adrien@qbik.com>; "Mike Belshe" <mike@belshe.com>; "Amos Jeffries" 
<squid3@treenet.co.nz>; "httpbis mailing list" <ietf-http-wg@w3.org>
Sent: 7/12/2015 6:35:45 a.m.
Subject: Re: SSL/TLS everywhere fail

>
>On 06/12/15 16:58, Poul-Henning Kamp wrote:
>>  Consequently the Danvers Doctrine is an unconditional declaration
>>  of war, against any kind of legal communication intercept, and
>>  therefore it will never be able to collect the signature of a
>>  single minister of justice, nor get endorsed by any legislature.
>
>Such risible rhetoric is frankly puzzling. I've no idea why
>you think that kind of near-gibberish is useful to this wg.
>(By gibberish I specifically mean your odd concept of having
>some selection of the world's ministers for justice or
>legislatures endorse an RFC.)
>
>If, as seems to be the case, you have problems with the IETF
>consensus on how to deal with security and privacy then you
>should write an I-D and see if that garners consensus. I guess
>you do know that this is not the right mailing list for that,
>ietf@ietf.org would be the place to start, not here.
>
>S.
Received on Sunday, 6 December 2015 23:51:05 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC