Hi,
On 8/11/15 6:17 AM, Brian E Carpenter
wrote:
It states an opinion of the IAB and IESG
at that time regarding two very bad suggestions for key management. The right
opinion, IMO, but still just an opinion of a dozen or so individuals.
That isn't so. Trivially, it was more like two dozen people (IAB+IESG)
speaking as bodies put in place by the IETF community, not as individuals.
Non-trivially, we strongly believed at the the time that we were giving
the rough consensus view of the IETF as a whole. There was a vigorous
debate in plenary at IETF 32 (Danvers, April 1995) which made the strength
of opinion in the IETF about the need for strong crypto very clear.
Unfortunately I can't readily find any trace of minutes of that plenary.
The first draft of what became RFC 1984 was circulated and wordsmithed
within the IAB and IESG, starting June 1996. An IAB and IESG Statement
version was released to the media on July 24, 1996 and simultaneously
sent to the IETF list, with a statement of intent to publish it as
an RFC. There was a rush due to US Congressional hearings that week.
The only comments we got on the IETF list were supportive, although
there was no formal last call. The RFC version was posted August 19,
1996.
While I wasn't in leadership, this matches my recollection at the
time. Had the IAB or IESG called for comment, I'm sure they would
have gotten enthusiastic support from the community, which at the
time was galvanized against both export restrictions and the use of
key escrow (keep in mind this was probably the peak of key signing
parties at the IETF).
I think if we reopened 1984 today we'd probably include discussion
of the need for PFS and might even venture to provide references to
high profile examples of some governments' inability to secure THEIR
secure information, much less that of others. On balance, though,
the document stands the test of time.
Eliot
|
Attachment:
signature.asc
Description: OpenPGP digital signature