On 19/09/13 17:59, Hannes Tschofenig wrote:
I am personally not worried that the standardization work in the IETF can be sabotaged by governments since our process is open, and transparent to everyone who cares to see what is going on.
Isn't it the other way round? That exactly because IETF process is open it's relatively easy for anyone to secretly introduce a backdoor into a protocol?
I mean, NSA does security screenings, holds people legally responsible if they defect etc. So, if I have a NSA-devised protocol, I am almost sure there's at most 1 backdoor there. If I am afraid of KGB, the protocol may work well for me. With IETF standard there can very well be several unknown backdoors introduced by different parties, so it's never safe.
That being said, wouldn't it make more sense to admit that IETF is not a good platform for devising, say, crypto protocols and act accordingly (use 3rd party protocols, make it mandatory for new protocols to enable pluggable crypto etc.)?
Martin