On 01-Aug-23 00:06, Nick Hilliard wrote:
Ben Laurie wrote on 31/07/2023 12:39:
How about looking at the actual situation, which is that governments
claim two policy obligations, one is around strong encryption (necessary
for security, commerce, etc) and the other is around lawful access? The
technical issue is that these cannot both be satisfied.
Governments often find themselves in a position where somehow they need
to square the circle - which is incidentally, and quite literally, how
the Indiana Pi Bill happened. Providing them with level-headed, neutral
technical advice is often a good approach to mitigating against policy
stupidity.
This is where bodies like the IETF can step in. If the IETF felt that an
Informational RFC or BCP would be a useful reference to document the
incompatibility between strong encryption and lawful access (at least in
transit), don't underestimate how widely quoted this document would be.
I was under the illusion that RFC1984 + RFC2804 made this point quite clear.
Do you think we need an RFC that says more?
Brian
