Re: Transparency in Specifications and PRISM-class attacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 09/20/2013 01:38 PM, Hannes Tschofenig wrote:
On 20.09.2013 13:20, Harald Alvestrand wrote:
To my mind, the first thing to focus on is making our specs readable, so
that it's possible to understand that they have not been compromised.

Three questions for you Harald:

1) When you say that our documents have to be "readable" then you have to say readable by whom? Of course, most of our documents are tailored to those who implement rather than to, let's say, someone who has little understanding of Internet technology in general.

By those who implement them, and those who try to understand how it works to the degree that they feel assured that there are no non-understood security risks (intentional or otherwise).


2) Are there documents you find non-readable?

From the stack I'm currently working on, I find the ICE spec to be convoluted, but the SDP spec is worse, becaue it's spread across so many documents, and there are pieces where people seem to have agreed to ship documents rather than agree on what they meant.
I have not found security implications of these issues.


3) Do you have any reasons to believe that there are documents that have been compromised?

I have no evidence that they have intentionally been compromised. I think we manage to make specs unreadable without deliberate obfuscation - but the reader can't know that.






[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]