On 1/6/2014 10:02 PM, Eliot Lear wrote:
Why do we state that confidentiality is important to pursue in our
protocols? That is a political decision made by the community. We then
layer on top of that decision technical requirements. IMHO it's a very
important and good political decision. We struggle with such decisions
all the time. That there is a single root is both a technical AND a
political decision.
Almost any group decision can legitimately be characterized as
"political". The decision will favor some and work to the detriment of
others. Hence the decision has a component that can be classed as
exercising "power".
But the reference to politics is distinctly unhelpful for the IETF.
Whatever the knowledge and experience of our participants individually,
as a group we lack meaningful, coherent language or practice with it.
What we do have is experience being guided by design criteria stated in
terms of engineering politics, not social politics. We tends towards
greater efficiency, robustness, etc. This include permitting use of
various security-related mechanisms for authentication, confidentiality,
etc. Political language might cast that as saying that the IETF "favors
protection of participant data".
But really we are simply taking directives from those who consume our
work and we are trying to design solutions that satisfy the directives.
There is a community desire to create better participant protections
from pervasive monitoring. To be honest, there is also some community
desire to /permit/ pervasive monitoring. We choose to listen to our
"customers" -- that is, those who buy and use what we produce -- rather
than third-party actors who might favor ensuring that pervasive
monitoring be made easy.
That choice can be classed as political, but really, we're just
listening to our market...
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net