Re: Client and server authentication for email

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I think this begs the question of whether currently known and deployable security technologies are actually adequate to the task of securing our networks and networked protocols.
well, yes, it quite explicitly begs to have such questions discussed, but in their own forum and before Last Call for functions that use them, rather than after.
Well of course we'd like to understand such questions as early as possible. But that problem is hardly limited to security issues.
There's a real conflict here that we keep dancing around - whose job is it to determine the requirements for a protocol design?
It's certainly understandable that WGs and individual submitters don't want to be surprised at the last minute by requirements that they didn't anticipate. But often this is because the WG or individual submitters did not really try to investigate or ameliorate the implications of what they were proposing. And on at least a few occasions a WG or individual has ignored or disregarded information about such implications, apparently because it was easier to ignore the problem and hope it would be overlooked by IESG than to actually understand and solve it.
I don't think this is quite an either-or situation. We as a community certainly need to keep increasing our collective understanding of what it means to do good protocol engineering. But it is also incumbent on WGs (and individual submitters) to make sure that they have done due diligence in their protocol designs to understand the implications of those designs, rather than to place the burden on others to explain every possible risk to each WG. We also need to give WGs earlier feedback so that they can fix problems that they don't discover before they've made a significant investment in the solution. Neither of these will prevent late surprises, but together they should reduce the frequency of such surprises. And a WG that anticipates the problems that might be caused by its proposal will be in a better position to reduce the effects of those problems, and perhaps provide an upgrade path for when a better solution is found, even the problems cannot be entirely solved. 

Keith


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]