I confess that I am confused by much of this discussion. As I understand
it, PRISM is not a signals intelligence activity; it only addresses that
data at rest within those organisations who have partnered with the NSA.
As such, improving protocol security will achieve nothing against PRISM;
it is a socio-political issue that is outside of the scope of a technical
standards organisation.
As such the only practical way for a typical user to protect themselves
against PRISM is to switch to other providers based in jurisdictions that
provide the appropriate protections, or agitate to change the applicable
laws within their own jurisdiction, where appropriate.
This is not, of course, an argument not to improve the security of our
protocols for other reasons, but let's please motivate this work
correctly. It will yield a greater probability of success.
Josh.
On 20/09/2013 05:54, "Brian E Carpenter"
<brian(_dot_)e(_dot_)carpenter(_at_)gmail(_dot_)com>
wrote:
I got my arm slightly twisted to produce the attached: a simple
concatenation of some of the actionable suggestions made in the
discussion of PRISM and Bruce Schneier's call for action.
Brian
Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
not-for-profit company which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238