Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

[Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>]

Mark Nottingham wrote:

>> Then, protocols not have any authoritative specification and
>> should never be standardized and there should be no central
>> authority to manage different versions of the protocols.
> 
> From a PRISM viewpoint, the cost of parsing different formats,
> understanding different wire protocols, etc. is trivial.

That is a reasoning to deny the point of you:

: I draw the opposite conclusion, actually. With good standards,
; we can encourage a larger number of services to exist,
: raising the cost of monitoring them all.

So, denying the point, you agree with me.

Note that "the number of services" != "the number of service
providers".

> The real cost is negotiating with / bullying each provider into
> giving access. Especially if it's not hosted or doing business
> in a country you control.

If only the number of cloud providers were large.

However, as there is some scale merit, there is a tendency that
the number of the providers will be small and all of the providers
naturally have considerable amount of hardware at the central part
of the Internet, that is, in US, which means the providers are
subject to USG control.

And, USG is not the only government we should be protected from.

>>> I should be able to choose my own data sync server, whether
>>> it's one I run, or one run by my paranoid friend, or by a
>>> local company, or a US company that's in bed with the NSA.
>>
>> The only secure way is to run your own.
> 
> That's a very simplistic definition of "secure."

See above how simplistic your view is against so complex
nature of PRISM etc, against which, only the simplest
protection is effective.

						Masataka Ohta