On 5 mrt 2011, at 5:06, Dean Willis wrote:
1) Privacy and Integrity: We believe that intermediaries should be neither
able to understand nor alter the transmitted material without the explicit
consent and awareness of the users.
2) Privacy and Obscurity: We believe that observation of a traffic flow pr
sequence of traffic flows should reveal as little information about the
application or user of the application as possible
Privacy and obscurity are tools that cut both ways. It can protect legitimate
communications from evil regimes, but it can also shield illegal behavior from
the law, or privacy violations commited by applications, or services running in
a browser from the user.
It also makes debugging orders of magnitude harder, uses more overhead and
engergy and slows down the communication. (Especially in mobile networks where
one end is on battery power and the extra round trips required to negotiate
encryption and authentication are typically slow.)
As such, it would be a very big mistake to start encrypting ALL communication.
Whether the applying these mechanisms is sufficiently beneficial to be worth
the numerous downsides should be evaluated on a case-by-case basis. It's not
the IETF's job to force vendors and users to do something that they would
otherwise choose not to do.
You're trying to attack the problem from the wrong side, anyway: you assume
using the large infrastractures that are easy to control by states and then try
to add a layer of protection. It would be better to work around these
infrastructures completely. Why is it that when I email my colleague two meters
away, within easy wireless range, that the message goes through the servers of
Google somewhere (not even sure in which country those are)?
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf