On 03/06/15 22:03, Tony Hain wrote:
Stephen Farrell wrote:
I would assert that the existence of the dprive WG is good evidence
that the IETF does not consider data-integrity as the only real
concern for public data.
And I would assert that it shows a group-think knee-jerk overreaction
to threats that hypothetically could be applied in broader contexts
than history documents. We are both free to express our own
assertions.
Disagreeing is of course fine but does not require that those
with whom one disagrees are stuck in a group-think knee-jerk
mixed metaphor;-)
Looking at the actual text of the statement though [1] I could
agree that the 3rd paragraph is maybe more justified on security
grounds, so maybe s/privacy/security&privacy/ would be better there.
That said, there is a real threat to privacy (cf. tempora) when it
is credible to assume that any of our traffic that transits undersea
cables is recorded, and traffic to the IETF is a part of that even
if it's quite unlikely, by itself, to be privacy sensitive.
(Someone else already pointed out that it'd be worth noting that
HTTPS isn't perfect in the face of traffic analysis, so adding
text on that would also make sense just so's we're clear that
we're not claiming that there's a panacea hereabouts, and is
worth a mention here too.)
S.
[1] https://trac.tools.ietf.org/group/iesg/trac/wiki/HttpsEverywhere