at the
| |
at the |
|
or - What I saw at the November 1999 IETF
Harald Tveit Alvestrand, EDB Maxware
In many ways, this was a strange IETF for me.
For the first time in four years, I was neither area director nor local host.
Stepping back a little from the flow of events, I could perhaps spare a little more
thought for the processes going on, the people I passed by, and the community I was a part
of.
But not much. Being IAB, I feel obliged to also participate in the technical discussions and opinion formation of the community - having come here, I've made my voice heard in such diverse matters as:
And many, many other "little" discussions.
But these were not the parts of the IETF that made the mainstream press this week.
Consider these known facts:
You can see that asking the IETF whether or not there should be options for wiretapping in protocols is asking for, if not trouble, at least a very large amount of noise.
The growing prominence of the IETF is shown not only by the media presence, resulting in articles in places like the New York Times, but also in the fact that in the week before the meeting, such disparate entities as the American Civil Liberties Union, a director of the FBI, and an US Senator weighed in on various sides of the issue.
It had been discussed for some weeks on an IETF mailing list called "raven", created specially for the issue at hand, with much heat and little light being generated. And at this meeting, it was expected that the IETF would come to a decision, or reasonable facsimile thereof.
End result: In the plenary, like on the list, a majority of the people polled do not
think the IETF should add protocol features whose sole purpose is to facilitate
wiretapping.
A few people think we should, and quite a lot think it's a tough question and abstained
from the poll.
Given IETF rules about "no voting" and "rough consensus", this translates to "we know how people feel - now we have to formulate a policy", and the ball is solidly back in the lap of the IESG and IAB.
One of the most frustrating matters in the IETF is dealing with security.
We all know that in order for a protocol to be reasonably secure, it must be designed with security in mind from the beginning; one must know what one expects to have to trust, and why one trusts it.
Yet it is incredibly hard for people who design protocols to remember that; it is so tempting to just say "let's get the spec done and deal with security later" - even though we know this leads to broken protocols.
This time it was the IMPP guys who triggered the outburst; a milestone list that said "version 1 - without security; version 2 - with security" didn't exactly inspire confidence in the soundness of the security design.
In the end, all said that they agreed that security design must be part of the initial functional design; we'll see what they come up with.
These guys have other problems - they're trying to devise a protocol to replace AOL's "instant messaging" protocol (the one that's open to anyone to implement as long as it's not Microsoft); expected profits are high in this area, and many people want to maintain position at least as much as they want a standard.
after all, this is version 0.01 of the report
You might want to check out some other views, including those of: