Ted,
On 07/09/2013 03:32, Ted Lemon wrote:
On Sep 6, 2013, at 2:46 AM, SM <sm(_at_)resistor(_dot_)net> wrote:
At 20:08 05-09-2013, Ted Lemon wrote:
I think we all knew NSA was collecting the data. Why didn't we do
something about it sooner? Wasn't it an emergency when the PATRIOT act
was passed? We certainly thought it was an emergency back in the days of
Skipjack, but then they convinced us we'd won. Turns out they just went
around us.
I would describe it as a scuffle instead of a battle. My guess is that the
IETF did not do anything sooner as nobody knows what to do, or it may be
that the IETF has become conservative and it does not pay attention to the
minority report.
It was definitely a battle. There were threats of imprisonment, massive
propaganda dumps (think of the children!), etc. People broke the law, moved
countries, etc. We just forget it because "we" "won" it, and it seems
smaller in memory than it was when it was happening.
The IETF didn't do anything because the tin foil hat contingent didn't have
consensus, and we had no data to force the point. As you alluded to
earlier, it's historically been very difficult to get people to treat
security and privacy seriously, and frankly it still is.
So this isn't an emergency. It's a teachable moment. We should pay
attention.
Absolutely. I have noted at least 20 messages in the recent flood that
mention useful things the IETF can do, which is exactly what my provocative
message asked for. But (as Bruce's own recent posts show) the main weak spots
are not protocols and algorithms.
Brian