Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

Vinayak Hegde <> Fri, 06 September 2013 03:32 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 49D1C11E823B for <>; Thu, 5 Sep 2013 20:32:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 4nL1aKuutFJ2 for <>; Thu, 5 Sep 2013 20:32:49 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400e:c01::22a]) by (Postfix) with ESMTP id 6B05D11E8230 for <>; Thu, 5 Sep 2013 20:32:49 -0700 (PDT)
Received: by with SMTP id un15so2671440pbc.1 for <>; Thu, 05 Sep 2013 20:32:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=f+oO3OLgOxO778fcJyHnLYTWAH5bxQppxU7aEuMVDrw=; b=oQrfYCDxhnlgDjW/0q01TSxXY39UxCrMTfqTTu+0KgeXOMkMLOmcRE8dtXyuLJKcjA F4ILgP8i26f/U57qb/gxcHo0ETL8GGgAZEwn8ClxvhXTyXvMqIek4swBEL+tZan4KaQq FxkcdfbIMHl3c0tHSVEXpepdt6VhUQXOG7ZEaSMkJPO51kB57NvcjfCBA5MJ9S30ZIu1 DRJYfSdjuJXCPFY84nbsfHPym0djMUzUigyzj9QdZZWpcDUhtlklALlCV1UfdtMi94fl TzuGXwHVeJA2OujxpnAVttJVX00pzV0kUjtEjadEh24eVXA1zPx870bZzSph5G7Dp05e YwZg==
MIME-Version: 1.0
X-Received: by with SMTP id on1mr370070pbc.107.1378438369186; Thu, 05 Sep 2013 20:32:49 -0700 (PDT)
Received: by with HTTP; Thu, 5 Sep 2013 20:32:49 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <>
Date: Fri, 06 Sep 2013 09:02:49 +0530
Message-ID: <>
Subject: Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA
From: Vinayak Hegde <>
To: Phillip Hallam-Baker <>
Content-Type: multipart/alternative; boundary="047d7b2eda75571de904e5aeb1e2"
Cc: Dean Willis <>, " Discussion" <>
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 06 Sep 2013 03:32:50 -0000

On Fri, Sep 6, 2013 at 8:41 AM, Phillip Hallam-Baker <>wrote:

> On Thu, Sep 5, 2013 at 9:36 PM, Brian E Carpenter <
>> wrote:
>> I'm sorry, I don't detect the emergency.
>> I'm not saying there's no issue or no work to do, but what's new about
>> any of this?
> As I have suggested to several people, we can turn lemons into lemonade.

While it is nice to do a dedication of this meeting to the SA surveillance,
I do not see us solving any issue here. It is merely a "feel-good" measure
without real impact.

First, the IETF always had a bias for action. We always respect "rough
consensus and running code". So far I have not seen not I-Ds and drafts to
fix the privacy and encryption issues on this thread.

Second, technology can never fix what is essentially a political problem.
for eg. We mandate strong security protocols and end-to-end encryption in
HTTP(S) by default. Lets assume all browsers implement this and do this
perfectly without software flaws. All the NSA has to do is to compromise
the other endpoint (controlled by ACME major corp). ACME gives over the
encryption keys and access to all the unencrypted data to the NSA. So now
what are we going to do. The IETF can make an political statement by taking
a stand but that may mean nothing in reality when the laws are weak.
Another example is when you have encrypted your drive and do not want to
hand over the keys as it has some personal (and possibly incriminating
evidence). In several countries you can be held in jail indefinitely (with
obvious renewals of sentences) until you hand the keys over[1]. So in
summary, technology cannot solve political and legal issues. At best it can
make it harder. But in this case maybe not even that.

-- Vinayak
1. by Poul Henning-Kamp