ietf
[Top] [All Lists]

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

2013-09-06 15:27:32
On 09/06/2013 11:46 AM, Ted Lemon wrote:
The threat model isn't really the NSA per se—if they really want to bug you, 
they will, and you can't stop them, and that's not a uniformly bad thing. 

I disagree, or at least, I think that your statement conflates two
different threat models.

One kind of threat is that the NSA will bug you specifically.   And yes,
if they consider it important to do so, they very likely will.  There is
almost certainly some vulnerability in your hardware or software or
physical security, and they have lots of resources that can be invested
in finding it.

The other kind of threat, is that NSA will bug you because it's
currently really easy for them to engage in mass surveillance.   Most
traffic isn't even encrypted; and at least some of what is encrypted is
trivially broken.

I don't think IETF can (or should) do much about the former kind of
threat.   Most of it is out of our scope.    But we should be working
hard to address the latter kind of threat.

Keith

<Prev in Thread] Current Thread [Next in Thread>