ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice

2013-12-11 20:21:35
from [Brian E Carpenter] [Permanent Link] 
Bjoern,

On 12/12/2013 14:56, Bjoern Hoehrmann wrote:

* Stephen Farrell wrote:

I've a question about the relevance of your comment
John:

On 12/11/2013 08:53 PM, John C Klensin wrote:

 if encryption
were pervasive

The draft in question does not call for that. It calls
for proper consideration of the pervasive monitoring
attack and work to mitigate that.

Use of encryption for confidentiality will be a relevant
mitigation for various protocols, but to comment as if
this draft called for ubiquitous confidentiality seems
very odd if one has read the draft.

John - can you say what part of the draft caused you to
incorrectly conclude that "pervasive encryption" (whatever
that means) is even being discussed never mind recommended?


I am not sure what to make of your comments here. Perhaps an example
might help, http://edition.cnn.com/2010/CRIME/12/08/wikileaks.students/

  U.S. agencies have warned some employees that reading the classified
  State Department documents released by WikiLeaks puts them at risk of 
  losing their jobs. But what about students considering jobs with the 
  federal government? Do they jeopardize their chances by reading 
  WikiLeaks?

If surveillance is pervasive, then students must assume someone will
know which sites they visit and assume there will be repercussions. So
they are forced into a constant state of fear where they need to care-
fully consider, say, which headlines on a newspaper website they click.

If your draft is not about removing this fear, then I do not know what
it might be about. 


One of the IETF's difficulties in this type of discussion is separating
technology (where we have some claim to say something) from social
(and economic and political) issues where we may have strong opinions
as individuals but where the IETF has nothing to say.

The fear you describe is not part of the technology; it's part of
how society in one country is using the technology.


If it is, then it would seem to call for "ubiquitous
confidentiality" unless you are making a very fine point.


Indeed it is making a fine point - what it calls for is the
IETF to provide technological mechanisms that allow operators
and users to protect privacy. To what extent those mechanisms
are deployed is not under the IETF's control and will presumably
vary between countries.

   Brian
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice, Bjoern Hoehrmann
Next by Date:  Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice, Scott Brim
Previous by Thread:  Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice, Bjoern Hoehrmann
Next by Thread:  Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice, Scott Brim
Indexes:  [Date] [Thread] [Top] [All Lists]