IETF Logo Mail Archive

Re: Bruce Schneier's Proposal to dedicate November meeting to savingthe Internet from the NSA

Brian Trammell <trammell@tik.ee.ethz.ch> Fri, 06 September 2013 15:23 UTC

Return-Path: <trammell@tik.ee.ethz.ch>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2987E21F8497 for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 08:23:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PkzNfwfXNcOA for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 08:23:12 -0700 (PDT)
Received: from smtp.ee.ethz.ch (smtp.ee.ethz.ch [129.132.2.219]) by ietfa.amsl.com (Postfix) with ESMTP id AF94821E80B5 for <ietf@ietf.org>; Fri, 6 Sep 2013 08:23:12 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by smtp.ee.ethz.ch (Postfix) with ESMTP id A2D82D9304; Fri, 6 Sep 2013 17:23:10 +0200 (MEST)
X-Virus-Scanned: by amavisd-new on smtp.ee.ethz.ch
Received: from smtp.ee.ethz.ch ([127.0.0.1]) by localhost (.ee.ethz.ch [127.0.0.1]) (amavisd-new, port 10024) with LMTP id v7sJMBBJMCYs; Fri, 6 Sep 2013 17:23:10 +0200 (MEST)
Received: from [10.0.27.100] (cust-integra-122-165.antanet.ch [80.75.122.165]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: briant) by smtp.ee.ethz.ch (Postfix) with ESMTPSA id 56DB2D9300; Fri, 6 Sep 2013 17:23:10 +0200 (MEST)
Content-Type: text/plain; charset="iso-8859-1"
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
Subject: Re: Bruce Schneier's Proposal to dedicate November meeting to savingthe Internet from the NSA
From: Brian Trammell <trammell@tik.ee.ethz.ch>
In-Reply-To: <CAPv4CP9A8an0KipcB2W_rLMk4WXYqi5DXzkz5OMqfAj_qqMBCw@mail.gmail.com>
Date: Fri, 06 Sep 2013 17:23:09 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <21631580-4293-4BEE-89C0-ED3BA2DA7E3B@tik.ee.ethz.ch>
References: <5F053C0B-4678-4680-A8BF-62FF282ADDCE@softarmor.com> <alpine.BSF.2.00.1309051743130.47262@hiroshima.bogus.com> <52293197.1060809@gmail.com> <CAMm+LwjdN478yyU=J7=GTpQxqtdgP8wtdEtna50X+WtA-bV3hg@mail.gmail.com> <52294BDC.4060707@gmail.com> <20130906033254.GH62204@mx1.yitter.info> <CAMm+Lwg9kJymBWaEXwZfQ=P5Uo-UmYoNvvzewnXjUu+mhg+QTQ@mail.gmail.com> <006001ceaad6$61f39640$4001a8c0@gateway.2wire.net> <5229D6B0.1040709@qti.qualcomm.com> <CAPv4CP9A8an0KipcB2W_rLMk4WXYqi5DXzkz5OMqfAj_qqMBCw@mail.gmail.com>
To: Scott Brim <scott.brim@gmail.com>
X-Mailer: Apple Mail (2.1508)
Cc: Pete Resnick <presnick@qti.qualcomm.com>, IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2013 15:23:21 -0000

hi Scott, all,

On Sep 6, 2013, at 3:45 PM, Scott Brim <scott.brim@gmail.com> wrote:

> I wouldn't focus on government surveillance per se.  The IETF should
> consider that breaking privacy is much easier than it used to be,
> particularly given consolidation of services at all layers, and take
> that into account in our engineering best practices.  Our mission is
> to make the Internet better, and right now the Internet's weakness in
> privacy is far from "better".

Indeed, pervasive surveillance is merely a special case of eavesdropping as a privacy threat, with the important difference that eavesdropping (as discussed in RFC 6973) explicitly has an target in mind, while pervasive surveillance explicitly doesn't. So what we do to improve privacy will naturally make surveillance harder, in most cases; I hope that draft-trammell-perpass-ppa will evolve to fill in the gaps.

> The mandatory security considerations
> section should become security and privacy considerations.  The
> privacy RFC should be expanded and worded more strongly than just nice
> suggestions.  Perhaps the Nomcom should ask candidates about their
> understanding of privacy considerations.

Having read RFC 6973 in detail while working on that draft, I'd say it's a very good starting point, and indeed even consider it required reading. We can certainly take its guidance to heart as if it were more strongly worded than it is. :)

Cheers,

Brian

v2.23.0 | Report a Bug | By Email