Hi Scott,
On 07/11/2013 10:03, Scott Brim wrote:
In Russ's hums this morning, some had words that were not well defined.
Here are three that were not clear to me, and what I hummed about:
"Is the IETF willing to respond to pervasive surveillance as an attack?" ->
"respond" is not clear. Certainly we have to do something in response to
what we now know. Sam is right, whatever we can imagine is probably already
going on. However, what the response is is not agreed on.
"IETF should include encryption even outside of authentication where
practical" -> "where practical" is not defined. I think each WG will know
what to do with this as long as no one tries to claim that the IETF decided
that we MUST have encryption in all cases.
"The IETF should strive for e2e encryption even when there are middleboxes
in the path" -> "middleboxes" is a full spectrum of devices and functions.
Some of them are quite useful. Until it's clear what the scope is, I hummed
no.
It seems to me that all three are perfecly clear as aspirational goals,
and that they all include some room for interpretation. It's also true that
some of them may be in immediate conflict with other goals (for example,
a web proxy that is blind to the content might be rather bad at content
filtering). But all that will come out in the detailed analysis of each
issue. Guiding principles really have to skate over many details.
Brian