ietf
[Top] [All Lists]

Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

2013-09-20 06:29:00


On 09/20/2013 10:59 AM, Josh Howlett wrote:
I confess that I am confused by much of this discussion. As I understand
it, PRISM is not a signals intelligence activity; it only addresses that
data at rest within those organisations who have partnered with the NSA.
As such, improving protocol security will achieve nothing against PRISM;
it is a socio-political issue that is outside of the scope of a technical
standards organisation.

As such the only practical way for a typical user to protect themselves
against PRISM is to switch to other providers based in jurisdictions that
provide the appropriate protections, or agitate to change the applicable
laws within their own jurisdiction, where appropriate.

This is not, of course, an argument not to improve the security of our
protocols for other reasons, but let's please motivate this work
correctly. It will yield a greater probability of success.

Brian I think nicely summarised the discussion that happened.

The way I think of it is that PRISM is just one label that's
being used to reflect the whole set of recent disclosures and
ensuing discussions. Phill has also talked about PRISMproofing
which seemed to resonate with some people. I've started using
the term Snowdonia for all this stuff, but we really shouldn't
get hung up on the labels since that's all they are.

As you say, what we need to do in the IETF is figure out what
we should be doing about it all, and then go do that. That is
a work in progress and will undoubtedly be for a while to
come, but folks are working at it, which is good.

S.



Josh.

On 20/09/2013 05:54, "Brian E Carpenter" 
<brian(_dot_)e(_dot_)carpenter(_at_)gmail(_dot_)com>
wrote:

I got my arm slightly twisted to produce the attached: a simple
concatenation of some of the actionable suggestions made in the
discussion of PRISM and Bruce Schneier's call for action.

  Brian


Janet(UK) is a trading name of Jisc Collections and Janet Limited, a 
not-for-profit company which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238



<Prev in Thread] Current Thread [Next in Thread>