Hi, Stephen,
On Thu, Aug 20, 2015 at 10:43 AM, Stephen Farrell <stephen.farrell@xxxxxxxxx> wrote:
On 20/08/15 16:30, John Curran wrote:
> On Aug 20, 2015, at 10:47 AM, Randy Bush <randy@xxxxxxx> wrote:
>>
>>> It’s quite possible that the appropriate tradeoff for society
>>> continues to be that as documented in RFC1984, but it should be
>>> recognized as an actual tradeoff and not an an approach without any
>>> impact to lawful enforcement activities (as might be implied from your
>>> comments above.)
>>
>> sorry, i can't resist
>>
>> We should not be building surveillance technology into standards. Law
>> enforcement was not supposed to be easy. Where it is easy, it's called a
>> police state. -- Jeff Schiller
>
> Randy -
>
> Actually, that is a perfect example of my point - Jeff’s quote (with respect
> to not including surveillance technology) actually acknowledges that there
> is an impact as a result that choice; i.e. ‘LE not supposed to be easy.’
>
> That’s quite different than some of the assertions on this list implying that
> RFC1984 has no impact to LEA activities… If the IETF is going to make
> a statement, it should be an intellectually honest one and acknowledge
> that there could be an LEA impact, but even so, that outcome is still the
> desirable tradeoff in the circumstances.
RFC1984 is about export and mandatory key escrow. That is related
to but not the same as so-called lawful intercept. RFC2804 does
deal with the latter explicitly. So I don't think that we need to
modify 1984 to talk about what is covered by 2804.
Some folks did make the point earlier that we ought "promote" both
1984 and 2804 to become one new BCP, which could be done. I only
so far saw two folks in favour of that, I assume on the basis that
both RFCs are today in a similar state and the topics, while different,
are related. The argument so far raised against was that there was
at the time (and still seems to be now) much better support for
what 1984 says (which is different to it being a BCP or not) than
was the case for 2804 was that was written.
For me, I think they're different enough that they'd be better
handled separately but if there are more arguments those would be
good to hear.
That sounds about right to me.
Even if RFC 1984 and RFC 2804 do end up in the same BCP, they don't have to fate-share in discussions about whether to advance the two documents, and if RFC 2804 turns out to need changes, handling them as a bundle would just slow down advancing RFC 1984 to BCP (if it turns out we have consensus to do that).
Spencer