[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on latest IPSP drafts



   Date: Mon, 1 May 1995 13:36:08 -0700 (PDT)
   From: Everett F Batey WA6CRE <efb@suned1.Nswses.Navy.Mil>

   I think I heard the majority opinion at the IETF IPv6 Review (try pretty
   nearly UNANIMOUS) at InterOP was on the same wavelength as Mr Freedman,
   below.  If it is not secure for all .. it is not part of the work of a
   secure standards body for all.  Did I say that so it was clear ? 

But it *can* be secure for all; it's just that U.S. companies won't be
able to provide the security for European customers, that's all.  People
keep forgetting the the IETF is an international organization, and there
*are* companies that are located outside of the bounds of the U.S.
borders, who would be more than happy to supply products to customers
who can't receive them from U.S. manufacturers due to U.S. export
regulations.

Seems to me that the argument is mostly being made by U.S. companies who
are too lazy to do the necessary lobbying to protect their interests ---
actually, it probably has nothing to do with being lazy.  They just
clearly believe that it would be easier to lobby the IETF to compromise
on our standards than it is to lobby the government to do the right
thing.  That's a rational decision, assuming that they believe that it
is easier to make the IETF cave in.  However, I believe we need to
design what is in the best interests of the Internet, and that should
take priority over what might be in the best interests of some companies
who happen to be located in the United States of America.

Jeff Schiller took a poll during his security session at Interop, and
the conensus there was apparently (I wasn't there) in favor of making
encryption a requirement, no matter what the export regulations might
say.  I *was* there when Jeff took a similar poll at the Security Area
Advisory Group, and then at the IESG open meeting, and at the IESG open
meeting, it was fairly clear that the overwhelming majority, even more
so than at the SAAG meeting, favored requiring encryption, although
there was a significant (and vocal) minority who believed otherwise.

							- Ted

P.S.  At least at one point, it was illegal to export any device the
could do dynamic routing --- on the theory that it could be used by an
enemy (read: Iraq) to make it more difficult for U.S. forces to deny
them their command and control ability by bombing out communications
links.  Hence, any sort of device which could do dynamic network routing
was on the controlled munitions list.  Does that mean that the IETF
therefore shouldn't have done any standards works on the Router
Requirements RFC while that was true?!?


References: