IETF Logo Mail Archive

Re: Ten years after Snowden (2013 - 2023), is IETF keeping its promises?

Dave Taht <dave.taht@gmail.com> Wed, 04 January 2023 14:59 UTC

Return-Path: <dave.taht@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1D2DC136156; Wed, 4 Jan 2023 06:59:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OBJz9cXMOF71; Wed, 4 Jan 2023 06:59:28 -0800 (PST)
Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com [IPv6:2a00:1450:4864:20::434]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C54CC136154; Wed, 4 Jan 2023 06:59:28 -0800 (PST)
Received: by mail-wr1-x434.google.com with SMTP id w1so21130805wrt.8; Wed, 04 Jan 2023 06:59:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=bjaGX1iOWK7j6ljxBccyAmkkrCT26ZQ9hM/FgsebLF4=; b=W1wau27Kg5rwfrWgHIfmYF4qxx60alcCumAXRr5wZMbps8A6EgvmBbAVPzFWccSL9Y EICIyu+jXRcAGH7zzwAq0eq+aETs/mHpgPclB/ie2Rnq11DTswsM54YJzyf80Tm1r1Sa f5y8k/3qL1wiW18fySwEeNX/Eb/AOvH1XvqTMN79LkZOezUsZHCDWbq/SRVbvni3OQbS h+SaEtNyiPeBha3tlioGSz/zrJB37okZTb83zWACHiYFdZwZAKdb7JpdgrhXorxypdzV /27PE4t+KpsBzMYV0wxo41HtORMRB6Z5VDog+u7LRYw6UVZZoF+zRc6cziFkYtRiefN9 mW/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bjaGX1iOWK7j6ljxBccyAmkkrCT26ZQ9hM/FgsebLF4=; b=pmd6+K+Zn095bov1E/zk11YvZ00jNmmhpO1oEjPuP08ih3qYuPYbGIGp9ru9iPf2kT vQN+RrnRZ3o7uzl5InBTPhk8+rJibKmOuoKHDZGFoglOZp0Gtw6k/umXVHaBI3vWvYFF CzAjDg6cREG1qEDFwHEgj9OGj0FEZWIskBU2zI/CL2jjiCBRvhge7eK52seh13PjL8tE akpIf2utCrprwVMejP6zzzsLuB41TtnsdSQPPUEWyrK4OKdGPjcPp3GJ6hso61266J1K GZdB7Z/7In/YSj5sWPXrJ2v67qzWxaodqdbzajyp7CFIzyjAqVH3kMS7omcI/68efbsX cTWw==
X-Gm-Message-State: AFqh2ko1dR44VKgB0RMoLlI101FeHRhmfzCKXUrM8joFKVP1tZE6g19O au1x2r3CPRwwizDr6fB6DA/YGEG863ANnvlVyFVO2qMN
X-Google-Smtp-Source: AMrXdXtpoXSzXsvOz47FCTCZCxfzD22FnUEn3Apiccf7cJm2VWYZDEdV2kpc/e/k4O1MiAsihHh7QKL3aE0e0fnHTvQ=
X-Received: by 2002:a5d:590c:0:b0:27c:33bc:5879 with SMTP id v12-20020a5d590c000000b0027c33bc5879mr1365552wrd.500.1672844366531; Wed, 04 Jan 2023 06:59:26 -0800 (PST)
MIME-Version: 1.0
References: <HE1PR0701MB305098F652DBC34E3C40810B89F49@HE1PR0701MB3050.eurprd07.prod.outlook.com> <764163366.39904.1672842828297@appsuite-gw2.open-xchange.com>
In-Reply-To: <764163366.39904.1672842828297@appsuite-gw2.open-xchange.com>
From: Dave Taht <dave.taht@gmail.com>
Date: Wed, 04 Jan 2023 06:59:16 -0800
Message-ID: <CAA93jw4gsZxs_WzNTr5e9TdvV9q9mQ_Ey_47qSEdE4nLktHMHw@mail.gmail.com>
Subject: Re: Ten years after Snowden (2013 - 2023), is IETF keeping its promises?
To: Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>
Cc: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "hrpc@irtf.org" <hrpc@irtf.org>, "pearg@irtf.org" <pearg@irtf.org>, saag <saag@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/Je-OKkBVhLH-B5po0qUGPJjBOck>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IETF-Discussion. This is the most general IETF mailing list, intended for discussion of technical, procedural, operational, and other topics for which no dedicated mailing lists exist." <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jan 2023 14:59:33 -0000

On Wed, Jan 4, 2023 at 6:34 AM Vittorio Bertola
<vittorio.bertola=40open-xchange.com@dmarc.ietf.org> wrote:
>
>
>
> Il 03/01/2023 11:27 CET John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org> ha scritto:
>
> - Threat Model: The IETF has failed to update the Internet Threat Model to include compromised endpoints, misbehaving endpoints, and large centralized information sources. This is very disappointing as these things were, and still are major enablers for pervasive monitoring. Assuming compromise is an essential zero trust principle. The excellent IAB document RFC 7624 that talks about compromise and exfiltration deserve much more citations.
>
> There were attempts to do this, and even a dedicated IAB program and mailing list, which was wrapped up without results just a few months ago. I still think this was a big fail; in fact, this implies that counteraction against surveillance capitalism practices can only happen elsewhere, at the regulatory level, as the IETF community either does not know what to do about it, or does not want to do anything about it.

What bothers me most today are that "modern" OSes, like chromebooks,
android, ios, have no way to do a packet capture of "their side" of
your computer. Not even being able to know what IPs my own device is
talking to (or blocking some) makes me a tad... paranoid.

Privacy and control for whom?

> --
>
> Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
> vittorio.bertola@open-xchange.com
> Office @ Via Treviso 12, 10144 Torino, Italy



-- 
This song goes out to all the folk that thought Stadia would work:
https://www.linkedin.com/posts/dtaht_the-mushroom-song-activity-6981366665607352320-FXtz
Dave Täht CEO, TekLibre, LLC

v2.23.0 | Report a Bug | By Email