On 06/09/13 14:45, Scott Brim wrote:
I wouldn't focus on government surveillance per se. The IETF should
consider that breaking privacy is much easier than it used to be,
particularly given consolidation of services at all layers, and take
that into account in our engineering best practices. Our mission is
to make the Internet better, and right now the Internet's weakness in
privacy is far from "better". The mandatory security considerations
section should become security and privacy considerations. The
privacy RFC should be expanded and worded more strongly than just nice
suggestions. Perhaps the Nomcom should ask candidates about their
understanding of privacy considerations.
Scott
I am not sure that the "mandatory security and privacy considerations
section" in every draft would be sufficient. IMHO a number of issues
arise from the combination of various standards/technologies and that we
are sometimes missing a few but important pieces (e.g. stuff WGs said we
do "later" or which were seen as "nice to have" or "optional", and then
never happened...).
So although I think privacy concerns should be addressed in every draft,
I also think this goes into the architecture domain across a number of
technologies.
Best regards, Tobias