Richard, I interpreted Craig's message a little differently. As Russ put it, this is a message integrity problem, not a confidentiality one. Yet, unless I have completely misunderstood, much of the conversation has been about methods that were designed for privacy protection using encryption with integrity protection being nothing but a necessary side-effect. Carsten spoke of a window of opportunity. While I can see lots of reasons for addressing the issues that Craig raised and doing so sooner rather than later (especially if they are real, which several people seem to doubt), I don't see that window closing on us in the near future. I do see a risk, one that I think others have mentioned in this thread but that is certainly under discussion in other fora, of our losing the battle, at least in some places, to keep encryption available across the Internet and I assumed that was the window Carsten was referring to (and that set me off). thanks, john --On Monday, June 8, 2020 15:29 -0400 Richard Barnes <rlb@xxxxxx> wrote: > The upshot of the message that started this thread is that if > you don't put your eggs in that basket, then the Internet > doesn't work. > > > On Mon, Jun 8, 2020 at 3:09 PM John C Klensin > <john-ietf@xxxxxxx> wrote: > >> >> >> --On Monday, June 8, 2020 20:39 +0200 Carsten Bormann >> <cabo@xxxxxxx> wrote: >> >> > ... >> > We now have the opportunity to make pervasive use of >> > security; nobody knows how long that window of opportunity >> > will stay open. Instead of working on changing checksums, >> > we should go for it. >> >> <mini-rant> >> While you are going for it just be sure that if the window >> closes again, and closes sufficiently hard in some places to >> ban the use of encrypted message flows entirely, the >> community is not faced with a choice among no Internet, a >> highly fractionated Internet with no communications between >> "crypto ok" and "crypto prohibited" countries, or trying to >> limp along using protocols that are known to be defective >> because we decided to ignore the problems with them in favor >> of putting all of our proverbial eggs in the pervasive >> security and encryption basket. </mini-rant> >> >> john >> >>
