So: is it a consensus or not? Does Mr. Igoe consider PM an "attack", even though his own employer does it?
I'm having trouble reconciling the two.
Also, from a political perspective, the effort to replace Igoe was hamstrung by the lack of anyone in the universe raising their hand and saying "I'm a respected cryptographer AND I want to punch myself in the face continuously for several years by chairing CFRG".
The less reverence the Internet has for the cryptographic wisdom of the IETF, the better off I think we all are.
JOSE also includes RSA PKCS1v1.5 signatures, which are deprecated (you should use RSA-PSS, which JOSE also documents).
It includes naive nondeterministic DSA, which should be deprecated in favor of deterministic DSA or something like Ed25519.
It doesn't include details you actually want about curve selection. (Also, P-521?!)
It includes encryption under RSA PKCS1v1.5 (encryption with v1.5 is even worse than signing under it) and AES-CBC, which is disfavored by cryptographers.
(My understanding of JOSE is cursory, at best, so I wouldn't be surprised to be corrected on any of these).
That said, the very fact that the RFC was published sends a very strong message to those contingents about the IETF's priorities, and I for one am very happy to hear it.
Why? It's extremely common for industry/standardization groups like the IETF to come to conclusions that are contrary to the position of one of its members, and it usually doesn't result in said member being expelled or falling on their sword.
Actually I agree with your statement.
Update: Formatting. (can't we get a preview, please?)
Amateur radio is explicitly not for traffic that needs to remain private. It exists for limited purposes not including routine communication that can be served by other means (e.g. a phone or ordinary internet connection). It is chiefly for education and research/experimentation in radio. It is not for general personal communications or commercial use.
The applicable rule in the US says:
"(a) No amateur station shall transmit: [...] messages encoded for the purpose of obscuring their meaning"
This serves to ensure the amateur radio service is not used in violation of its rules and purpose.
The rule has exceptions elsewhere in the rules. For example, remote control of satellites and model aircraft. And FCC rules as a whole pretty much go out the window when transmissions are for the purpose of protecting the immediate safety of life or property.
The rules are also susceptible of a particular interpretation: You can use encryption, provided the algorithm is documented, and you keep a record of the keys used. This has been used to block non-amateur access to WiFi access points operating within the ordinary WiFi band, but under Part 97 rules (e.g. non-FCC-approved equipment, or higher power than allowed for unlicensed users).
The rule also does not in any way prevent use of authentication and message integrity mechanisms, e.g. HMAC, because they are not intended to obscure the meaning of the message, merely authenticate it.
If you need private communication, there are other avenues available than the amateur radio service. And if you want greater freedom for unlicensed use of the airwaves than now exists, you'll have my support in principle (there are real problems with a free-for-all, but there are myriad ways FCC rules and spectrum allocation practices could be greatly improved in this regard). But this rule is not a bug, it is a deliberate feature of the amateur radio service.
Personally I'd like to see the regulations adopt special rules for highly directional or low-power limited-range signals in the SHF+ bands where there is plenty of spectrum which basically drops all the content rules beyond requiring cleartext contact information. Without competition for spectrum the balance of interests is different and it would be nice to be able to lawfully backhaul community internet access over some chunks of spectrum up at 3cm. Since no one would likely notice or care you could already use crypto in these places, so it might as well be made permitted.
The amateur radio community is not universal in their dislike for this rule. I don't personally see any way in which the rule could be removed without altering the fundamental character of the amateur radio service.
You simply should not be making transmissions in the amateur radio service that require privacy. Permitting unrestricted encryption makes that basically impossible to enforce.
Right now strong encryption and authentication are where most of the efforts in the field seem to be focused. It should be at the forefront of the experimentation being done by amateur radio operators.
Not that I really have an answer to the problem of bandwidth abuse. I completely understand how this would be a problem and have no doubt that it would be abused.
The only thing we really need is for a protocol to have some way for us to transmit a callsign in cleartext (otherwise there would have to be a break in data exchange every ~10 minutes for transmission of a callsign unencrypted). On WiFi this gets accomplished by setting the SSID to our callsign.
The actual data could be encrypted, but we would have to record (and arguably publish) any keys (including session keys) used in the process.
So far, the disclosures have involved the NSA and GCHQ: intercepting hardware and modifying it; strong-arming companies into "coöperating"; pushing weaknesses known only to them into standards; and spending tens of billions to copy most of the Internet and have server farms sort it.
None of that seems amenable to this RFC.
The time it took from 'common knowledge' to a formal proposal makes me a little worried. If the IETF isn't really a "council of wise folks" then in the long term, doesn't their effectiveness get eroded?
As anti-NSA, pro-snowden as I am(I proudly wear my Snowden t-shirts)... I think it's important for formal steps to make sure they've filtered out the hype and not just react while the general public is on fire about the issue. Waiting about 6 months to a year after Snowden did his thing I think is fast enough. Gives folks enough time to digest the info and for anyone else out there thinking about "leaking" more info that (dis)proves Snowden enough time to weigh consequences 'n such. This way when formal steps begin to happen nobody can complain that they didn't have enough time to respond/defend themselves, etc. USGov has been given plenty of time to quell concerns and haven't done a particularly good job so I feel that Snowden is mostly, if not completely, correct and I can confidently consider the USGov/NSA as the real villains in the world attempting to misdirect everyone else with allegations of boogieman terrorists & spying from Russia/China/Nigeria/whatever.
Not that I ever believed otherwise... just that this gives me more talking points in future debates with friends/family/random-online-comments.
I guess ultimately though, that's the only way to go. We knew years before Snowden that something fishy was up, but it took the leaks to really make people care at a level that could facilitate change.
But that's the GP's exact point: this wasn't a media-driven RFC -- if it had been driven by media, it would have been published last summer. As it stands now, the body has carefully deliberated on the facts and yet still published a very strongly-worded RFC.
This pro-Snowden programmer is pretty happy to see the IETF step forward and take on a leadership role here. Let's not forget that the IETF was founded by a consortium of US government agencies and only when private in the 1990s.
With this RFC, they are asserting their independence in a surprisingly direct manner (for a standards body).