ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

2013-09-05 22:37:44
from [Vinayak Hegde] [Permanent Link] 
On Fri, Sep 6, 2013 at 9:02 AM, Vinayak Hegde <vinayakh(_at_)gmail(_dot_)com> 
wrote:


On Fri, Sep 6, 2013 at 8:41 AM, Phillip Hallam-Baker 
<hallam(_at_)gmail(_dot_)com>wrote:



On Thu, Sep 5, 2013 at 9:36 PM, Brian E Carpenter <
brian(_dot_)e(_dot_)carpenter(_at_)gmail(_dot_)com> wrote:


I'm sorry, I don't detect the emergency.

I'm not saying there's no issue or no work to do, but what's new about
any of this?



As I have suggested to several people, we can turn lemons into lemonade.



While it is nice to do a dedication of this meeting to the SA
surveillance, I do not see us solving any issue here. It is merely a
"feel-good" measure without real impact.

First, the IETF always had a bias for action. We always respect "rough
consensus and running code". So far I have not seen not I-Ds and drafts to
fix the privacy and encryption issues on this thread.

Second, technology can never fix what is essentially a political problem.
for eg. We mandate strong security protocols and end-to-end encryption in
HTTP(S) by default. Lets assume all browsers implement this and do this
perfectly without software flaws. All the NSA has to do is to compromise
the other endpoint (controlled by ACME major corp). ACME gives over the
encryption keys and access to all the unencrypted data to the NSA. So now
what are we going to do. The IETF can make an political statement by taking
a stand but that may mean nothing in reality when the laws are weak.
Another example is when you have encrypted your drive and do not want to
hand over the keys as it has some personal (and possibly incriminating
evidence). In several countries you can be held in jail indefinitely (with
obvious renewals of sentences) until you hand the keys over[1]. So in
summary, technology cannot solve political and legal issues. At best it can
make it harder. But in this case maybe not even that.

-- Vinayak
1. http://www.infoq.com/presentations/HTTP-Performance by Poul
Henning-Kamp



Also when people talk about NSA surveillance, they often talk about servers
and PCs which serve as endpoints. The NSA seems to have figured out that
the weaker points are in the intermediate routers and bugs in the
software[1]. If anything, network engineers and operations should update
their software more regularly[1].

-- Vinayak
1. http://www.wired.com/threatlevel/2013/09/nsa-router-hacking/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA, Andrew Sullivan
Next by Date:  Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA, Noel Chiappa
Previous by Thread:  Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA, Vinayak Hegde
Next by Thread:  Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA, SM
Indexes:  [Date] [Thread] [Top] [All Lists]