RE: Security for various IETF services

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



My reaction is also to ask "Why?"  Security and privacy involve
trade-offs where various costs (including operational difficulty) are
weighed against the benefits, such as protecting information from
unauthorized disclosure or modification.  So, I'd suggest that a
blanket statement isn't a good idea, but rather, a service-by-service
decision should be made.  For example, XMPP and document submission
may justify requiring encryption while email and document retrieval
might not.

Bingo. There's a perfectly reasonable case to be made for protecting any sort
of authorization/authentication exchange and not allowing alternatives.

But in the case of document distribution, our primary goal should be to insure
maximum availability and access to the information we provide, including
to those who are unable to whatever reason to use protected services.

And yes, I'm aware of the argument that access to certain standards, especially
ones themselves having to do with security, might be problematic to folks
living under some repressive regime or other. I don't buy it, mostly
because that level of paranoia is going to regard any sort of access to
IETF materials whatsoever as a red flag, especially it was conducted over
TLS/SSL.

				Ned





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]