Josh Howlett wrote:
I confess that I am confused by much of this discussion.
Several people in IETF is under control of NSA, maybe.
As I understand
it, PRISM is not a signals intelligence activity; it only addresses that
data at rest within those organisations who have partnered with the NSA.
As such, improving protocol security will achieve nothing against PRISM;
it is a socio-political issue that is outside of the scope of a technical
standards organisation.
Right.
As such the only practical way for a typical user to protect themselves
against PRISM is to switch to other providers based in jurisdictions that
provide the appropriate protections, or agitate to change the applicable
laws within their own jurisdiction, where appropriate.
Not necessarily.
The proper protection is to avoid cloud services and have our
own end systems fully under control of ourselves.
Toward the goal, IETF should shutdown all the cloud related
WGs and never develop any protocol to promote cloud service.
This is not, of course, an argument not to improve the security of our
protocols for other reasons, but let's please motivate this work
correctly. It will yield a greater probability of success.
Using DH could protect us, until USG start deploying active attack.
So, it is important to develop technologies to detect attacks
against DH.
Masataka Ohta