On Sep 6, 2013, at 8:07 AM, Eliot Lear <lear@xxxxxxxxx> wrote: > > On 9/6/13 3:04 PM, Martin Sustrik wrote: >> So, what if an NSA guys comes in and proposes backdoor to be added to >> a protocol? Is it even a valid interest? Does IETF as an organisation >> have anything to say about that or does it remain strictly neutral? >> > It's happened before and we as a community have said no. See RFC 2804. What if they didn't say they were NSA guys, but just discretely worked a weakness into a protocol? What if they were a trusted senior member of the community? That way lies madness -- but it is a madness we must contemplate. Broader REAL consensus, rather than apathetic agreement with a single contributor's assertions is probably the right way to go. That means an increasing thrust on educating IETFers, broadly, about security issues. Not just the math, but the whole op-sec envelope. -- Dean