hartmans | Entries tagged with ietf

At some point over dinner, I realized that I would be entirely unsurprised if the person sitting across from me was assassinated by the US government in the next couple of years. I kept coming back to that and trying to grasp it, to feel it, to respond to the enormity and horror that my government would probably be quite happy if my dinner companion ended up dead.

I was at the IETF meeting in Berlin. Some subset of the security area had a guest presentation on privacy, talking about recent NSA spying. We focused on how to improve the security of the Internet against passive attack and what we as protocol engineers can do to improve privacy in our protocols. As an example, it seems like ephemeral keys generated with some key agreement such as ECDH are more clearly desirable than they've ever been before.

My last night in town, I had a long conversation and then dinner with one of the presenters. I don't think he's a terrorist; I'd be surprised if he were violent. He's certainly done things the US dislikes including working on software to promote Internet anonymity, supporting people using that sort of software for things like Wikileaks, and file suit against the US government when his privacy and liberty was threatened by the US. If there are crimes he's committed, they should be addressed in a court of law, not with murder and covert operations.

We talked a bit about his legal cases and about how he's been harassed by the US government. Mostly, though, we talked about peoples' reactions to recent revelations about spying and US activity. I talked about how at one level I'm not surprised to find that the US spies on people. At another level, though, knowing not just that people can observe the Internet, but that the whole thing is recorded on an ongoing basis changes how I evaluate risks. I knew that they could; now I know that I can count on passive attacks against everything I do. That changes how I feel; that changes how I approach risk. I talked about feelings of fear and powerlessness because I'm not able to meet my need for privacy in my thoughts and personal affects. Then we talked about forms of coersion that are employed to force people to spy on others or to take other actions demanded by the US government.

One of the most frightening things is that I realized for years, I've been under-estimating the impact. When I first read 1984 I thought about it as an artifact of past fears of totalitarianism. When I saw depictions of a government turning to torture in 90's science fiction, I viewed it as brutish and unrealistic. Even if someone were that evil, they'd never resort to such ineffective mechanisms. then we were confronted of pictures of our soldiers sexually assulting and torturing prisoners. That could never happen here in the US. It kept on. But even when I read Little Brother, I thought it was a bit over the top. It isn't though; I have high confidence that all that happens here, in the US, targeted at American citizens. Perhaps not yet at our kids. Sadly the responses proposed in the book would not be nearly as effective in real life. What will be next? What will I consider too unlikely to happen until I am confronted with it in my daily life?

Somewhere in the dinner, I realized that there are actions I can take--actions I must take to be true to myself. I can live with intent, working with my actions and thoughts and words to create the world in which I choose to live. For me that means I will not allow my conduct to be chilled by what I think possible. I will not bow to threats of greater scrutiny or bullying for being the person I choose to be, for thinking what I choose to think and for speaking my mind.

I don't think it's likely that I'll ever interact with the government or be the recipient of their special attention. I don't collect information on people. The software I write is good security software, but by its nature it's easier for the government to approach the operators of my software to collect information than to coerce me to include a back door. However, if I'm wrong on that and I receive a legal instrument, I'll comply. However I'll draw the line. I will not have my behavior coerced by threats to myself or threats to those I care about. I can do more to protect myself and people I care about by being the kind of person who it is pointless to threaten than I can by being pressured and hoping those pressuring me will play nice and not exert ever-increasing pressure. That said, I realize everyone can be broken both psychologically and physically and I'm no exception. Part of me still feels silly thinking this way: the government doesn't pressure law-abiding citizens; I have nothing to fear. Another part of me realizes that I've been so wrong about the scope of all this in the past and that I do know people for whom these decisions are not at all theoretical. I might as well be prepared.

Somewhere in all this, I came to the realization that it's not a huge step from what my dinner companion has already faced to violence and assassination. Later in the conversation he mentioned that he's received advice to become sufficiently famous for his murder to be unprofitable. Based on the source, I think the advice is delivered with reasonable knowledge of the US's practices and have no evidence the source tends to hyperbole. My dinner companion is someone that several people in the privacy community I know and value have spoken of with respect. Someone who works on software, someone works to try and change peoples' minds through persuasive argument and facts. Someone who for a few accidents and a slightly more conservative political outlook I could have been. having realized all this, I can no longer say I don't know; I'm unaware of what my government is doing. As an American, I must take on my share of responsibility for what's going on here.

to be clear, I am not radical; I believe in the rule of law and reasoned discourse. I'm not even proposing that I significantly change how I live my life. I simply believe I should be mindful of what is going on with privacy, and to help others form their opinions. Someday perhaps I'll have a pro-privacy anti-torture candidate to vote for. Wouldn't that be a desirable change!

I wrote this on the plane back to the US after IETF. It's several days later and I'm pondering posting it. My gut clenches; I'm afraid when I think about posting because I don't have confidence that I can speak my mind without fear of negative consequences. I've decided that I will post this. As someone who has chosen to live a life of intent and to promote love and connection, I want to act as if I live in the world in which I would choose to live. In that world I should say this.

I was talking to Luke this morning about some really neat work he's in the middle of doing. It prompted me to think about how the security projects I've been in over the last 10 years fit together and whether I've accomplished anything. So, we're not really taking over the world, but we have made a difference in it. By the time I joined the IESG, there were a number of things I really wanted to come together: channel bindings, GSS/SASL unification, GSS naming. A group of us started to do that. None of these were my idea alone; I'm not ever sure if I came up with any of the ideas. We worked together. It was so slow; it's always so slow. Of course as what we did was viewed by others, there has been long attempts to educate, people who disagreed, people who didn't see the complexity.

Things have been moving so slow that I didn't really even notice they were moving at all. They are though. Huge chunks are coming together. I'll talk about the technology over the coming months in my professional blog. I want to talk about the emotional impact now. I'm beginning to realize that the work we did is making a difference. The difference started with how we thought about things; now others are changing how they think about things. Technology is starting to be built to reflect this new thinking. It's really starting to hit though that over the past 10 years I've been (and will continue to be) part of something big. I don't know if it will matter in its own right, or if it will matter by shifting the course of things around it. I don't know if it will be big enough that anyone else will be able to see the effects, but I'm beginning to really believe that 30-40 years from now, if I look into computer security, I'll find influences of what we've been doing; even if they have changed enough that few others can recognize them.

This is one of the most wonderful feelings in my life. I love that this has been such a team project; I've enjoyed working with such a wonderful group of people. I love that it's been sufficiently evolutionary that I can't find the edges—either in terms of what technology is part and what is beyond the edge, or in terms of the team of people working together. I love the technical challenge. I love seeing people I've never heard of taking interest in ideas I've been part of. It has been and will continue to be great!

Obviously, there are a lot of people to thank. Nico, both Jeffs, Tom, both Kens, Larry, Luke, Steve, Marshall, and many others. And of course if you asked any of the people on that list who they thought made valuable contributions, they'd have their own partially overlapping list of names. Technology is fun.

Last week I stepped down from the IESG. The week before that was my last telechat. I've had telechats every Thursday for the last three years. It feels kind of empty. I am going to miss the IESG. Especially the most recent IESG was a really wonderful group of people to work with. I'm also going to miss being that involved in the internet standards process. It was interesting to know about all the work proposed for publication in the IETF. I always found I was learning new things.

However I'm also happy with my decision to leave. I want to focus on my family and on my career. I don't think I had quite reached the point of IESG burn out but was beginning to build up frustration with some working groups and authors.

I definitely recommend a term or two on the IESG to anyone who is qualified and interested. It was one of the most rewarding and challenging things I've ever done. be warned though that it is expensive both in terms of time and emotional energy.

Someone was asking how to comment on the draft. As part of their message they asked, "Are professionals and experts even invited/allowed to comment?" It's good to see we're making such a positive impression of our qualifications.

I hope that what is really going on is that he means are professionals outside of the IETF allowed to comment.

I'm shocked at how easy it is for people to be sheep. Last week, I was at the IESG retreat. After the new IESG is seated, we typically have a retreat to get to know each other, show people how to do their job, etc. One of the things that really stuck out at the retreat in my mind was the number of cases where people admitted that they had been uncomfortable with something we were doing but not raised an objection. In several cases it turned out that most of the IESG was uncomfortable with the situation, but we all went forward thinking we were the only one with concerns. Oops. Consensus is hard, let's go shopping.

I may have talked about some of this before, but I cannot find the entry. Back in 2004, I wrote a proposal for how to abstract out Kerberos pre-authentication and how to think about the state model. I gave up on that proposal because it seemed too complicated even for me. I understood what state needed to be captured, but did not understand how you could do anything simple within the framework I created. So I reluctantly gave up on the proposal.

Last year, the issue came up again. Larry Zhu, the lead Kerberos developer from Microsoft wanted to put together some way to accomplish some of the same goals I was talking about in 2004. I told him I'd tried to go down that path and found it too complicated; I sent him my old document so he could see what I ran into. He wrote back and said he really liked what I had written and wanted to work on finishing it. I was dubious that I would like the result.

Now, having reviewed what he's doing and having spent a lot of energy working on the proposal, I think he did find a way around my problems. I'm very excited about what we're doing. Also, working with Larry is a lot of fun. This is more enjoyable because it is creating new technical work. So much of what I do in the IETF is review others' work. It is pleasurable to be working on something of my own from time to time.

Can we all please wake from our collective insanity and learn to treat each other professionally? Really it does work better to treat others professionaly even if they do not extend the same to you.

The IESG—particularly Brian—has got to get over being so confrontational. Dean Anderson filed an appeal with the IESG because he believes his comments on an Anycast BCP have not been addressed. The document is just now entering IETF last call. What does Brian do? He sends Dean a message saying that he doesn't understand what IESG decision Dean is appealing and that unless he explains exactly what he is appealing, then the Brian will not allow the IESG to consider Dean's appeal. It really would have been simpler to either let Dean know that we were interpreting his message as last call comments not as an appeal, or to suggest that it would be simpler for him to send last call comments. Yeah, Dean is a pain to deal with. However writing a message designed to defuse the situation just doesn't take much more effort than the message Brian sent. This sort of problem is endemic of the last year of IESG behavior.

The usual storm is brewing about process reform in the IETF. I keep getting stuck in the middle because I'm too emotionally involved to not care about the process issues and because I try to do a good job of things I care about. I had an intuitive leap Monday night around 4 AM. A few months ago I was comparing IETF process issues to comments from a class Shava was teaching about non-violent social change. I noticed similarities. Monday night I actually managed to understand how that fit the IETF at an intuitive level. This entry is me brainstorming about what is needed and how to tell people. Your comments are welcome, but I'm putting the rest behind a cut to save those who don't care. ( Read more... )

I've just realized that I don't have time or mental bandwith to track all the critical global issues before the IETF. This is insane and I have no idea how we're supposed to deal with the mess. We've got:

The LTRU last call, which will probably turn into an appeal. Very complicated; lots of Jefsey comments. Those comments are hard to understand.
Two appeals against the publication of Sender ID on different grounds. Highly political.
A last call that can be described as a disagreement between Apple and part of Microsoft about how to do multicast DNS to find resources on the local network. Issues are very complicated and go back five years.
All the process stuff.

O, and then there are the non-global issues. You know, things like the documents I'm trying to get approved or am currently blocking.

A while back I commented on concerns about the ISD proposals expressed by the IESG. We've created yet another stir by declining a request to assign an IANA codepoint. I was responsible for the most controversial part of that decision: we went beyond declining the request and actually recommended against bringing the request for IETF review. The reason was simple. We think we know the parties involved well enough to know that the proposal will not be received favorably. We don't think spending years reviewing the proposal and ultimately deciding against will be in anyone's interest.

Putting it mildly, some people are upset. There are a lot of reasons; here I'm going to focus on people who are upset because we made a specific recommendation. What puzzles me is that some of these people would have been happier if we had withheld our belief that the review effort would be a waste of time. It seems misleading to withheld this information: the requester might well assume that we were supportive of the request but just wanted broader review. Such an impression would create great frustration when years later after review, the request was declined. There's an impression that by expressing an opinion, the IESG will not fairly follow the process should the community try to take a different course. Some seem unwilling to believe that if the requester did actually want IETF review the IESG would follow a fair process in seeking that review. I can understand the idea that if the IESG has a strong opinion it might get in the way of fair process. However that's true regardless of whether we actually express the opinion. It seems important to express such opinions; it seems important not to give people the false impression that they should spend a lot of time on a proposal without giving them realistic estimation of their chances of success. We need to find a way to do that without causing those who decide to go against our recommendation to feel that we are being unfair.

Another current frustration is the idea that the IESG is not part of the community. Particularly on process issues, some have expressed the opinion that when looking for consensus the IESG should be discounted. That seems dangerous: you don't want to exclude the opinion of a reasonably large subset of the people active in working with the standards process when deciding how that process should work. Besides leading to bad solutions, it is personally frustrating to be told that no, you aren't worth listening to. I realize it comes with the job. That doesn't mean I have to like it.

Plan to night shift successful. Except that I didn't actually want to night shift. Managed to be in bed for 16 hours today; much of that was actually sleeping; I guess I had some missed sleep to cach up on. I may also be sick although I'm not showing any symptoms.

The upcoming IESG agenda is insane. I don't know how I'm going to manage to do a reasonable job of reviewing things. I think there are 26 ballots; most of them have one document although a few have two or three. Documents range from a few pages to really long and range in clarity from incredibly good to written on a collection of napkins in Klingon and translated through French to English by Google. The Klingon documents tend to also come from the camp that believe acronyms and cryptic diagrams make it all better. I gain a new appreciation for TAs who have to grade lots of papers. At least they have page length limits.

I'm enjoying work and enjoing the IESG job. There is way too much to do but it all is reasonably fun and I can see why it is all important to get done.

Ugh, I hate having a strong dissenting opinion when there is a majority with equally strong beliefs. It sucks to be alone. It sucks to be alone especially when you are in a position where you can force the issue. If I'm right, that's necessary and will hopefully end up producing a better final result. But if I'm wrong or I end up failing to convince people, I waste huge tracts of everyone's time. I don't enjoy this sort of pressure,although I guess it comes for free with much of what I do enjoy.

Apologies to those who couldn't care less about the IETF. Not surprisingly I've spent the last two weeks coming up to speed on how the IESG works. Every organization has its history and that history influences how things are done. The IESG is still evolving to take full advantage of the ID tracker and balloting system. Parts of the telechat and the procedures surrounding evaluations feel somewhat like attending a MITSFS meeting: there are the mail in ballots that get generated and never used, the implied questions that never get asked, and all sorts of other things that evolved over a long time. I was able to find out most of the roots of all these little procedures and how the current practice came to be. I like being able to trace the evolution of organizations. I also like working in evolved organizations: they tend to be the organizations that meet the needs of their communities well enough and over a long enough period of time to build up history. I was pleasantl surprised to find that most of the current procedures were well documented and that you could reasonably tell what was current practice and what was historical.

It looks like I'm going to enjoy being an area director. I'm certainly going to learn a lot about parts of the Internet I have been ignoring. That should be fun and useful. There's a lot of reading and a lot of work. My greatest challenge is going to be avoiding over committing my time, especially if I want to continue spending a fair bit of time on non-IETF Kerberos work. If MIT politics continue in their current direction, I may end up trying to minimize the non-IETF work that I'm tasked with.

One down side of the IESG is that I end up seeing more of the broken parts of the IETF. Apparently, the Kerberos and GSSAPI community has been quite functional compared to some other parts of the organization. We have our technical disagreements, and we sometimes get bogged down trying to solve an issue for a long time. However other parts of the IETF have some really ugly politics. One of the worst forms of politics seems to be jockeying for author credit on RFCs. This has already popped up multiple times in the last two weeks. Those in academia are probably all too familiar with the problem, but I had rarely experienced this before.

Well, it's Monday evening and I'm already tired. I was appointed to replace Steve as one of the two security area directors. The nomcom process is the most grueling and stressful process I've been through in a while; in many ways like applying to college all over again. The nomcom application started with around 10 essay questions back in October; they encouraged complete answers and mentioned no length limit. For me, answering the questions took around 30k of text. The process went on from there, concluding with weeks of nail-biting stress waiting to hear about the decision. I didn't find out until Sunday morning after I had arrived at the meeting. I'm glad I was selected; in order to put together a good application you have to invest a fair bit of effort and be prepared for a significant time commitment. There is bound to be disappointment—probably mixed with relief—associated with not being
selected. I'm starting to figure out what is involved. A lot of work is ahead. I think I'll enjoy things; I hope I do a good job.

Current Mood: happy, excited, drained

Karma is preserved. I had a relatively easy time with IS's layoffs back in January. It didn't matter much to me what happened. I'm getting my payback now. I'm waiting for a decision that is important to me; there's an outcome I want. The decision may have been made as much as a week ago. I'll find out sometime—probably this week. At least with the layoffs there was a well defined date. For the last few days I've been nervous every time I go look at my email; will this be the time? Will I be very happy or very disappointed?

Current Mood: anxious

Last week was IETF 60. Not surprisingly there were several group dinners at IETF.

I remember my first IETF. It was 6 years ago in Chicago. I remember the group dinners; there was a lot of sitting around not really knowing people trying to understand how the IETF worked. There was also a lot of learning and listening to those who were doing the work and making the decisions. We sort of clumped by experience. Well, we actually clumped by who we knew, but that fairly quickly turned into clumping by experience.

AT one of the larger group dinners this week, it hit me that I'm no longer new to the IETF. The group of people I tend to hang out with—mostly a GSSAPI and Kerberos cabal—have become very active and involved. We're actually doing work, helping others and giving back to the process.

While it was nice to realize that I'm making a difference, it was also sad to think about all the people who have moved on and are no longer actively involved. Some of them are still around and working in an advisory role, Others seem to have burned out or had jobs take them in a different direction.