In Russ's hums this morning, some had words that were not well defined.
Here are three that were not clear to me, and what I hummed about:
"Is the IETF willing to respond to pervasive surveillance as an attack?" ->
"respond" is not clear. Certainly we have to do something in response to
what we now know. Sam is right, whatever we can imagine is probably already
going on. However, what the response is is not agreed on.
"IETF should include encryption even outside of authentication where
practical" -> "where practical" is not defined. I think each WG will know
what to do with this as long as no one tries to claim that the IETF decided
that we MUST have encryption in all cases.
"The IETF should strive for e2e encryption even when there are middleboxes
in the path" -> "middleboxes" is a full spectrum of devices and functions.
Some of them are quite useful. Until it's clear what the scope is, I hummed
no.
Scott