ietf
[Top] [All Lists]

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

2013-09-06 10:21:08

There are a lot more threats to privacy than just the NSA

We currently do not have a concise catalog the basic 'privacy' threats and their typical mitigations, appropriate for concern with IETF protocols. In effect, every new protocol effort must start with a blank sheet, and invent its own list of threats and possible protections against them.

One common outcome from this is that we tend to think of very localized mechanisms, rather than end-to-end. So we assume a model of things being one-hop or we implicitly trust intermediaries. (Hint, the web is often not 1-hop, what with proxies, etc...)

We need privacy templates for protocol design.

d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net