On 31-Mar-20 03:07, Keith Moore wrote:
> On 3/30/20 9:45 AM, Vittorio Bertola wrote:
>
>> For example, privileging encryption over security is a policy choice.
>
> That's a false dichotomy. Security is not enhanced, but weakened, by
> giving governments back-door access, and there is plenty of technical
> justification for that.
And that is indeed the *technical* point made by RFC1984 and RFC2804.
It's a technical point that has policy implications, and the flow of
information is *from* the technical community *to* civil society and then
on *to* policy makers.
None of this has changed since the original key escrow & wiretap debates,
except that now we have massive scale surveillance and data mining by
both companies and governments to worry about, which of course strengtghens
the civil society case for widespread access to crypto.
Vittorio is 100% right:
> I think that one key problem of this discussion is that we are lumping together two very different things.
>
> One thing is developing technical standards...
> Another thing is choosing between different policies.
The IETF doesn't do policies. Of course, what we do is not always
policy-neutral, but (again) the fact that key escrow intrinsically
reduces security is not a matter of policy. The fact that that social
distancing intrinsically reduces coronavirus transmission is not a
matter of policy. What society and government does with those facts
is another matter entirely.
Brian
