On Sep 6, 2013, at 8:07 AM, Eliot Lear <l...@cisco.com> wrote:

> 
> On 9/6/13 3:04 PM, Martin Sustrik wrote:
>> So, what if an NSA guys comes in and proposes backdoor to be added to
>> a protocol? Is it even a valid interest? Does IETF as an organisation
>> have anything to say about that or does it remain strictly neutral?
>> 
> It's happened before and we as a community have said no.  See RFC 2804.

What if they didn't say they were NSA guys, but just discretely worked a 
weakness into a protocol? What if they were a trusted senior member of the 
community?

That way lies madness -- but it is a madness we must contemplate. Broader REAL 
consensus, rather than apathetic agreement with a single contributor's 
assertions is probably the right way to go.

That means an increasing thrust on educating IETFers, broadly, about security 
issues. Not just the math, but the whole op-sec envelope.

--
Dean

Reply via email to