ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Proposed Statement on "HTTPS everywhere for the IETF"

2015-06-03 22:27:33
from [Brian E Carpenter] [Permanent Link] 
Hi Tony,
On 04/06/2015 15:06, Tony Hain wrote:

Stephen Farrell wrote:

On 03/06/15 22:03, Tony Hain wrote:

Stephen Farrell wrote:


I would assert that the existence of the dprive WG is good evidence
that the IETF does not consider data-integrity as the only real
concern for public data.


And I would assert that it shows a group-think knee-jerk overreaction
to threats that hypothetically could be applied in broader contexts
than history documents. We are both free to express our own
assertions.



Disagreeing is of course fine but does not require that those with whom one
disagrees are stuck in a group-think knee-jerk mixed metaphor;-)

Looking at the actual text of the statement though [1] I could agree that the
3rd paragraph is maybe more justified on security grounds, so maybe
s/privacy/security&privacy/ would be better there.


No, more below.



That said, there is a real threat to privacy (cf. tempora) when it is 
credible to
assume that any of our traffic that transits undersea cables is recorded, and
traffic to the IETF is a part of that even if it's quite unlikely, by 
itself, to be
privacy sensitive.


I never argued that there is not a general threat to privacy due to 
recording, just that it does not apply here. My point was that the IETF does 
not have a general technical REQUIREMENT for privacy. There are many that 
WANT privacy in everything they do, but that does not equate to a real 
requirement for the public content of an open organization. Substituting 
security&pirvacy only makes a bad choice of words worse. The IETF has no 
business case for either, and if there was a case something would have been 
done about it long before now. 


It isn't the content that is private, of course. However, if there are IETF
participants who require a degree of privacy about their use of IETF public
information, it is entirely reasonable for the IETF to support that with a
straightforward measure like HTTPS. As has been pointed out already, that
is insufficient to provide a high degree of privacy.

Try "...the act of accessing public information required for routine tasks
can be privacy sensitive *on the user's side*..."

I don't see anything political about that. It's factual.

    Brian
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Proposed Statement on "HTTPS everywhere for the IETF", Tony Hain
Next by Date:  Re: Proposed Statement on "HTTPS everywhere for the IETF", Yoav Nir
Previous by Thread:  RE: Proposed Statement on "HTTPS everywhere for the IETF", Tony Hain
Next by Thread:  Re: Proposed Statement on "HTTPS everywhere for the IETF", Yoav Nir
Indexes:  [Date] [Thread] [Top] [All Lists]