Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice2013-12-11 01:35:32Hi, Knives are easily available to anyone, just like encryption....and just like pervasive monitoring? That's a very good thought. Yes, I believe encrpytion and the ability to pervasively monitor are both easily available to everyone. The next step after availability is actual usage, and this is where things get interesting. I believe that where encryption is not actually *used*, pervasice monitoring *will* happen. Or, to state it a bit more in a logic-oriented way: Either the use of encryption proliferates, or the use of pervasive monitoring proliferates. It is a strict XOR: you can't have both, and you can't have none of the two. Thinking more in the mathematic direction, I'd even say: it's an XOR in the fuzzy logic sense: the truth value of the sum of both statements equals 1; i.e. the more you sacrifice on one side, the more will creep in on the other side. As a corollary: if we don't want to enable perpass attakcs, we have to make sure encryption gets *used* wherever possible. For the general internet use, this probably means: since a vast majority of internet users don't know and don't care about security, and will accept whatever is the default unless it's inconvenient - our job is to make encryption the default, and make it as convenient as possible. The convenience may come at the expense of "perfect" security at times; but it's a WG job to weigh that appropriately. Greetings, Stefan Winter In both, the product has already proliferated, and it is not possible to roll back to a state where it hasn't. Also, both of those have proven to have both too numerous and unquantifiable good and bad uses, and both of it in scale; there is no obvious, generally-accepted world-wide agreement that either of the two can only be used for nefarious purposes. So, I feel good comparing knives with pervasive monitoring. http://blogs.wsj.com/digits/2013/12/09/tech-giants-band-together-for-nsa-reform/ the irony of corporations that are profiting from pervasive monitoring - that's how Facebook and Google work - complaining about government pervasive monitoring is not lost on me. What I don't feel good about is perpass-attack, which is going to be at best ignored, or wildly misinterpreted and misused by its intended audience. It's primarily a kneejerk reaction to news events to assuage the consciences of IETF insiders. also, do we get drafts through last call by simply now announcing in the draft that it has been through last call? That does make things easier. Must start writing 'this RFC' in drafts, which will help that benighted state come to pass. Lloyd Wood http://sat-net.com/L.Wood/ -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's key is known to me http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
0x8A39DC66.asc
signature.asc
|
|