Josh,
On 12/05/2013 10:53 AM, Josh Howlett wrote:
I fully support action to increase security, where it responds to the
prevailing threat environment. But it will be a perpetuation of the
naivety that has characterised this debate to think that this alone will
halt pervasive monitoring, because the threat is not technical in nature.
Personally, I think anyone using the argument that "you can't solve
the problem therefore do nothing" is talking about the same amount
of nonsense as anyone who says "the IETF can halt pervasive monitoring."
You don't quite say either of those above, but neither do you
acknowledge that the draft in question, and all the sensible discussion
(which is far from all the discussion;-) around that fully acknowledges
that the technical things that can and should be done are only part
of the story.
The technical response must be coordinated with a political response, or
else the perpetrators will find political means to route around the
technical measures.
I disagree with "must be coordinated" for various reasons.
Given the time it takes for us to do our part, which is measured
in years before we get good deployment, imposing a requirement
to start with coordination would mean doing nothing ever.
Secondly, with whom would we coordinate? Again, trying to impose
a requirement for coordination with a non-existent Internet-wide
political entity is tantamount to doing nothing.
If some other folks outside the IETF are working on the same
issues that'll be good or bad, and for some such activities it'll
be useful for us to know about and consider them. And maybe it'll
be useful for others to know what we're up to, but we should
not wait.
The political response shouldn't be organised within the IETF, but it does
need to liaise with those responsible for doing that.
"The" political response? You expect only one? Again, I don't
think we should hang around waiting - we should document the
consensus from Vancouver and then follow that through in our
normal work within working groups and elsewhere - considering
threats, including this one, as we develop protocols.
Unfortunately I am
not observing any movement by any of the other parties within our
wonderful multi-stakeholder system that you would think would be
notionally responsible for this. My fear is that they are opting to drink
the technology Kool-Aid, to avoid grasping the political nettle. That is
what should be concerning us right now.
Fully disagree. Its us should be grasping nettles and working
to improve the security and privacy properties of our protocols.
Regards,
S.