[Chapter-delegates] IETF proposing sanctioned man-in-the-middle attacks
Peter Koch
pk at ISOC.DE
Mon Feb 24 02:21:49 PST 2014
Elver,
> I just came across this post, which looks at IETF's recent proposal to
> lower privacy and security on the web:
> http://lauren.vortex.com/archive/001076.html
you are (by indirection) referring to an Internet Draft
<http://tools.ietf.org/html/draft-loreto-httpbis-trusted-proxy20>,
which is currently an Individual Submission. Anybody can submit
an Internet Draft with any content any time. While the filename
contains 'httpbis' and the draft itself says "HTTPBis Working Group",
there is no indication <http://tools.ietf.org/wg/httpbis/> that the
respective working group has adopted this as a work item.
Even if it had, adopting a drfat as a work item does not imply
support of the proposed result by the working group, let alone "the IETF".
> Does anyone know why on earth the IETF would propose something insane
"The IETF" did not propose this. Internet Draft are documents of
work in progress, not end results. It is good to give heads up, but
on an ISOC list I'd appreciate if we could approach these topics
making use of our proximity to the standards process.
That said, end to end encryption in (or out of, respectively) corporate networks
has been an issue ever since and the - perceived or real - conflict between
privacy and confidentiality on one hand and the interests of corporate IT
security on the other, has been voiced as soon as the 'encryption everywhere'
theme gained momentum last year.
Now, when this 'argument' would be extended to ISPs who feel the need to 'protect'
their customers (or similarily scary, your friendly government shielding you
from bad content), things get tricky. There is a discussion to happen and the
IETF looks like the right place for the technology aspects. Don't shoot the
venue for the message.
-Peter
More information about the Chapter-delegates
mailing list