Re: [saag] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?
Eric Rescorla <ekr@rtfm.com> Wed, 04 January 2023 19:33 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65EAAC1522CF for <ietf@ietfa.amsl.com>; Wed, 4 Jan 2023 11:33:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.896
X-Spam-Level:
X-Spam-Status: No, score=-6.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cLvxa_6CTVeB for <ietf@ietfa.amsl.com>; Wed, 4 Jan 2023 11:33:38 -0800 (PST)
Received: from mail-pj1-x102d.google.com (mail-pj1-x102d.google.com [IPv6:2607:f8b0:4864:20::102d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D83C3C151712 for <ietf@ietf.org>; Wed, 4 Jan 2023 11:33:38 -0800 (PST)
Received: by mail-pj1-x102d.google.com with SMTP id z9-20020a17090a468900b00226b6e7aeeaso2597845pjf.1 for <ietf@ietf.org>; Wed, 04 Jan 2023 11:33:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=/euiXhwJOHqxCjSgDYS/OZAzaIXWp0yZQ5R1Y5R419I=; b=Fd0gJZsF3vl/MirM5rDp3qdbyJyYz5xF3sXlrWsNGLQINb6mr5h9rc0/FuOs8s3CO7 Zpj29XLCgmwV11gE5ZjzWWEVCS3iqvzDczmX0hrZt4MJjLi91KPnclOmnO7tH8++RNaG UR85EEPq11JIsFJlzOUxMor0WpglK9EDsRKskff/wgKsrCI/x/ONOft4du0Be3Q3gKyK l/Ts4U+Wx+b9GhdqR5KYV8c8lXY0snkA+92Nwj9hXVLQ9TmQoPTKQnVr+sTEuTdBvjCX euFFzHkbu8G0tIQicM/TZZ64SdnXiSvHfnhjTSWwVgz0Zw2xK2apMKj6+X/IOzaVjM4B MC+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=/euiXhwJOHqxCjSgDYS/OZAzaIXWp0yZQ5R1Y5R419I=; b=OE7BD1R3FXso1qi0slS3fzAb15aTeRf+WrmAjksnDl7mWPtPrHd0V3BHGzLlrnmglA t931IoOz6ZVDiN7xROyhAxzqAAjdo/LANehCDI/juOZT6foSQCb4O/OSe7axXWcRkDp1 E1c+JpIividR6NWaQ1K8AjMp/pf7Ly7WBnzoJFsPV07zG/4Zm8pFec6I4iNTl7RYuAEB nS5+x5V4LPqmuhxJxuCoC44YyF/11+p+sRNFBvqPwvRbbutp1OFgJ6UapRTK6l0cKryu BTDhGoZbN09nIcBGmy9ehdkURZJQ8rRuPS87RwBozVsVVCuHzZKWIGNSWjgY9tEj1gT9 89VA==
X-Gm-Message-State: AFqh2ko3833m8eDUDkn1/wF+Og9B0gne+SygV9jsS1u6lY9UwmvFHwiv C2C+IfMMhWFfnmJSSAX/z9PrryB8iM8o8UX274liVbOkU+woRA==
X-Google-Smtp-Source: AMrXdXsVj9Eohhkvbdl8WqJiVGISTY6ZYcGoo7W8EEhKlFtpgqj4qqpSIvfBiB3B+UVizbu7FsTtGTwDsXrFTgecCWQ=
X-Received: by 2002:a17:903:4294:b0:192:7e73:f21c with SMTP id ju20-20020a170903429400b001927e73f21cmr2161908plb.23.1672860818338; Wed, 04 Jan 2023 11:33:38 -0800 (PST)
MIME-Version: 1.0
References: <HE1PR0701MB305098F652DBC34E3C40810B89F49@HE1PR0701MB3050.eurprd07.prod.outlook.com> <764163366.39904.1672842828297@appsuite-gw2.open-xchange.com>
In-Reply-To: <764163366.39904.1672842828297@appsuite-gw2.open-xchange.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 04 Jan 2023 11:33:02 -0800
Message-ID: <CABcZeBNA_nJ2waQVENUvEXro91wAYOcH0ZxWqbLH4hoKcGkosw@mail.gmail.com>
Subject: Re: [saag] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?
To: Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>
Cc: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "hrpc@irtf.org" <hrpc@irtf.org>, "pearg@irtf.org" <pearg@irtf.org>, saag <saag@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d60f4905f1754200"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/GI1ncmNRfwTGsHBG40XRvnHnMn4>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IETF-Discussion. This is the most general IETF mailing list, intended for discussion of technical, procedural, operational, and other topics for which no dedicated mailing lists exist." <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jan 2023 19:33:39 -0000
On Wed, Jan 4, 2023 at 6:34 AM Vittorio Bertola <vittorio.bertola= 40open-xchange.com@dmarc.ietf.org> wrote: > > > Il 03/01/2023 11:27 CET John Mattsson <john.mattsson= > 40ericsson.com@dmarc.ietf.org> ha scritto: > > - Threat Model: The IETF has failed to update the Internet Threat Model to > include compromised endpoints, misbehaving endpoints, and large centralized > information sources. This is very disappointing as these things were, and > still are major enablers for pervasive monitoring. Assuming compromise is > an essential zero trust principle. The excellent IAB document RFC 7624 that > talks about compromise and exfiltration deserve much more citations. > > There were attempts to do this, and even a dedicated IAB program and > mailing list, which was wrapped up without results just a few months ago. > Yes. > I still think this was a big fail; in fact, this implies that > counteraction against surveillance capitalism practices can only happen > elsewhere, at the regulatory level, as the IETF community either does not > know what to do about it, or does not want to do anything about it. > I don't think this is true at all. First, the IETF *is* working on issues around privacy and preventing various forms of surveillance capitalism. That's in part what initiatives like DoH, QUIC, TLS 1.3, ECH, OHAI, MASQUE etc. are about. Second, many of the forms of surveillance that people are subject to just happen at a layer above where the IETF works, and more relevant to W3C, and of course many people in the IETF community participate there. -Ekr
- Ten years after Snowden (2013 - 2023), is IETF ke… John Mattsson
- Re: Ten years after Snowden (2013 - 2023), is IET… Lloyd W
- Re: Ten years after Snowden (2013 - 2023), is IET… Brian E Carpenter
- Re: Ten years after Snowden (2013 - 2023), is IET… Phillip Hallam-Baker
- Re: Ten years after Snowden (2013 - 2023), is IET… Christian Huitema
- Re: [saag] Ten years after Snowden (2013 - 2023),… Dino Farinacci
- Re: Ten years after Snowden (2013 - 2023), is IET… Dave Taht
- Re: [hrpc] Ten years after Snowden (2013 - 2023),… Adrian Gropper
- Re: [saag] Ten years after Snowden (2013 - 2023),… Stewart Bryant
- RE: [saag] Ten years after Snowden (2013 - 2023),… Antoine FRESSANCOURT
- Re: [saag] Ten years after Snowden (2013 - 2023),… Lloyd W
- Re: Ten years after Snowden (2013 - 2023), is IET… Masataka Ohta
- Re: [saag] Ten years after Snowden (2013 - 2023),… George Michaelson
- Re: [hrpc] Ten years after Snowden (2013 - 2023),… Niels ten Oever
- Re: Ten years after Snowden (2013 - 2023), is IET… Vittorio Bertola
- Re: Ten years after Snowden (2013 - 2023), is IET… Dave Taht
- Re: [saag] Ten years after Snowden (2013 - 2023),… Phillip Hallam-Baker
- Re: [hrpc] Ten years after Snowden (2013 - 2023),… Paul Wouters
- Re: Ten years after Snowden (2013 - 2023), is IET… Viktor Dukhovni
- Re: [saag] Ten years after Snowden (2013 - 2023),… Eric Rescorla
- Re: [saag] Ten years after Snowden (2013 - 2023),… Dino Farinacci
- Re: [saag] Ten years after Snowden (2013 - 2023),… Dino Farinacci
- Re: [saag] Ten years after Snowden (2013 - 2023),… Dino Farinacci
- Re: [saag] Ten years after Snowden (2013 - 2023),… Brian E Carpenter
- Re: [saag] Ten years after Snowden (2013 - 2023),… Phillip Hallam-Baker
- Re: [saag] Ten years after Snowden (2013 - 2023),… Tony Rutkowski
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Vittorio Bertola
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Ted Hardie
- Re: [Pearg] [saag] Ten years after Snowden (2013 … John Mattsson
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Brad Chen
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Kyle Rose
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Eric Rescorla
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Brad Chen
- RE: [Pearg] [saag] Ten years after Snowden (2013 … Antoine FRESSANCOURT
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Alan DeKok
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [EXT] Re: [Pearg] [saag] Ten years after Snow… Vittorio Bertola
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Alan DeKok
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dave Taht
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [hrpc] Ten years after Snowden (2013 - 2023),… Stephen Farrell
- Re: [saag] Ten years after Snowden (2013 - 2023),… Dino Farinacci
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Deen, Glenn (NBCUniversal)
- Re: [hrpc] [saag] [Pearg] Ten years after Snowden… bzs
- Re: [saag] Ten years after Snowden (2013 - 2023),… Phillip Hallam-Baker
- Re: [saag] Ten years after Snowden (2013 - 2023),… Dino Farinacci
- Re: [hrpc] [saag] [Pearg] Ten years after Snowden… Laurence Lundblade
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Mark Nottingham
- Re: [hrpc] Ten years after Snowden (2013 - 2023),… Abdussalam Baryun
- Re: [hrpc] [saag] [Pearg] Ten years after Snowden… Abdussalam Baryun
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Brad Chen
- Re: [hrpc] [saag] [Pearg] Ten years after Snowden… Laurence Lundblade
- Re: [saag] Ten years after Snowden (2013 - 2023),… Stewart Bryant
- Re: [saag] Ten years after Snowden (2013 - 2023),… Stewart Bryant
- Re: [saag] Ten years after Snowden (2013 - 2023),… Stewart Bryant
- Re: [saag] Ten years after Snowden (2013 - 2023),… Brian E Carpenter
- Re: [saag] Ten years after Snowden (2013 - 2023),… Kyle Rose
- Re: [saag] Ten years after Snowden (2013 - 2023),… Phillip Hallam-Baker
- Re: [saag] Ten years after Snowden (2013 - 2023),… Phillip Hallam-Baker
- Re: [hrpc] [Pearg] [saag] Ten years after Snowden… Adrian Gropper
- Re: [saag] Ten years after Snowden (2013 - 2023),… Dino Farinacci
- Re: [saag] [hrpc] [Pearg] Ten years after Snowden… Tony Rutkowski
- times square 15 sec delay new years Dave Taht
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Vittorio Bertola
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Alec Muffett
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Alec Muffett
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Mark Nottingham
- Re: [hrpc] [Pearg] [saag] Ten years after Snowden… Vittorio Bertola
- Re: [hrpc] [Pearg] [saag] Ten years after Snowden… Ted Lemon
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [hrpc] [Pearg] [saag] Ten years after Snowden… Phillip Hallam-Baker
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] times square 15 sec delay new years Jens Finkhaeuser
- Re: [Pearg] times square 15 sec delay new years Jens Finkhaeuser
- Re: [saag] Ten years after Snowden (2013 - 2023),… Kyle Rose
- Re: [Pearg] times square 15 sec delay new years Lloyd W
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Lloyd W
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Keith Moore
- Re: [saag] [hrpc] [Pearg] Ten years after Snowden… Masataka Ohta
- Re: Re: [saag] [hrpc] [Pearg] Ten years after Sno… wanzerbusi
- Re: [saag] Ten years after Snowden (2013 - 2023),… Masataka Ohta
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Fernando Gont
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Luigi Iannone