Re: [Pearg] [saag] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?
Eric Rescorla <ekr@rtfm.com> Wed, 04 January 2023 19:33 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97005C151712 for <pearg@ietfa.amsl.com>; Wed, 4 Jan 2023 11:33:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hdl7ZV63kaPj for <pearg@ietfa.amsl.com>; Wed, 4 Jan 2023 11:33:39 -0800 (PST)
Received: from mail-pj1-x1034.google.com (mail-pj1-x1034.google.com [IPv6:2607:f8b0:4864:20::1034]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14784C1522BF for <pearg@irtf.org>; Wed, 4 Jan 2023 11:33:39 -0800 (PST)
Received: by mail-pj1-x1034.google.com with SMTP id h7-20020a17090aa88700b00225f3e4c992so27274591pjq.1 for <pearg@irtf.org>; Wed, 04 Jan 2023 11:33:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=/euiXhwJOHqxCjSgDYS/OZAzaIXWp0yZQ5R1Y5R419I=; b=Fd0gJZsF3vl/MirM5rDp3qdbyJyYz5xF3sXlrWsNGLQINb6mr5h9rc0/FuOs8s3CO7 Zpj29XLCgmwV11gE5ZjzWWEVCS3iqvzDczmX0hrZt4MJjLi91KPnclOmnO7tH8++RNaG UR85EEPq11JIsFJlzOUxMor0WpglK9EDsRKskff/wgKsrCI/x/ONOft4du0Be3Q3gKyK l/Ts4U+Wx+b9GhdqR5KYV8c8lXY0snkA+92Nwj9hXVLQ9TmQoPTKQnVr+sTEuTdBvjCX euFFzHkbu8G0tIQicM/TZZ64SdnXiSvHfnhjTSWwVgz0Zw2xK2apMKj6+X/IOzaVjM4B MC+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=/euiXhwJOHqxCjSgDYS/OZAzaIXWp0yZQ5R1Y5R419I=; b=i1q5nheMMUXGL8a1ww2l0j5zkNeJU45UaY7XTtO75OWSlpDUq9P1N/2gluaD8l36bl sh/7K8CS49DmJQXTDaoD72jMKWS4EvviE1mUacifDDq5gatrhDDpqwlFtjNUQ3vAXkBx aVnB1I9v40/+J7IB0zB2azAgjKOlIq/Xl19qxn6aRt6Dn8z/4XP/nkuFRiVCT9b8fLUy cpedJv83QI3G4ARoZKvSlSM+/EJA+yte55ng9kPQZSHKzzjYb3dE6DNeGvCktoA1jpbc nxGvHQMgAv5cSubCvd2aD1MatohR2InyPdY8Njv7yg8K1RVOC+Fe8K4NjQvNPuHi9M1i UzRg==
X-Gm-Message-State: AFqh2ko72fuYCls6JqmQJsosuPyR+jDvff79tPJDpZ8PGooeTVawNAmj Yh3mgqCINCwpliX42JauDIXydHqXA6JPoA94q/v62Q==
X-Google-Smtp-Source: AMrXdXsVj9Eohhkvbdl8WqJiVGISTY6ZYcGoo7W8EEhKlFtpgqj4qqpSIvfBiB3B+UVizbu7FsTtGTwDsXrFTgecCWQ=
X-Received: by 2002:a17:903:4294:b0:192:7e73:f21c with SMTP id ju20-20020a170903429400b001927e73f21cmr2161908plb.23.1672860818338; Wed, 04 Jan 2023 11:33:38 -0800 (PST)
MIME-Version: 1.0
References: <HE1PR0701MB305098F652DBC34E3C40810B89F49@HE1PR0701MB3050.eurprd07.prod.outlook.com> <764163366.39904.1672842828297@appsuite-gw2.open-xchange.com>
In-Reply-To: <764163366.39904.1672842828297@appsuite-gw2.open-xchange.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 04 Jan 2023 11:33:02 -0800
Message-ID: <CABcZeBNA_nJ2waQVENUvEXro91wAYOcH0ZxWqbLH4hoKcGkosw@mail.gmail.com>
To: Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>
Cc: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "hrpc@irtf.org" <hrpc@irtf.org>, "pearg@irtf.org" <pearg@irtf.org>, saag <saag@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d60f4905f1754200"
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/eFS4MPfNGiQH8OO4V8jfeMNp_cM>
Subject: Re: [Pearg] [saag] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jan 2023 19:33:39 -0000
On Wed, Jan 4, 2023 at 6:34 AM Vittorio Bertola <vittorio.bertola= 40open-xchange.com@dmarc.ietf.org> wrote: > > > Il 03/01/2023 11:27 CET John Mattsson <john.mattsson= > 40ericsson.com@dmarc.ietf.org> ha scritto: > > - Threat Model: The IETF has failed to update the Internet Threat Model to > include compromised endpoints, misbehaving endpoints, and large centralized > information sources. This is very disappointing as these things were, and > still are major enablers for pervasive monitoring. Assuming compromise is > an essential zero trust principle. The excellent IAB document RFC 7624 that > talks about compromise and exfiltration deserve much more citations. > > There were attempts to do this, and even a dedicated IAB program and > mailing list, which was wrapped up without results just a few months ago. > Yes. > I still think this was a big fail; in fact, this implies that > counteraction against surveillance capitalism practices can only happen > elsewhere, at the regulatory level, as the IETF community either does not > know what to do about it, or does not want to do anything about it. > I don't think this is true at all. First, the IETF *is* working on issues around privacy and preventing various forms of surveillance capitalism. That's in part what initiatives like DoH, QUIC, TLS 1.3, ECH, OHAI, MASQUE etc. are about. Second, many of the forms of surveillance that people are subject to just happen at a layer above where the IETF works, and more relevant to W3C, and of course many people in the IETF community participate there. -Ekr
- [Pearg] Ten years after Snowden (2013 - 2023), is… John Mattsson
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… Christopher Wood
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… Brian E Carpenter
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… Phillip Hallam-Baker
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… Christian Huitema
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dino Farinacci
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… Dave Taht
- Re: [Pearg] [hrpc] Ten years after Snowden (2013 … Adrian Gropper
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Stewart Bryant
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Eliot Lear
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Antoine FRESSANCOURT
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Lloyd W
- Re: [Pearg] [saag] Ten years after Snowden (2013 … George Michaelson
- Re: [Pearg] [hrpc] Ten years after Snowden (2013 … Niels ten Oever
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… Vittorio Bertola
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… Dave Taht
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… John Mattsson
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Stewart Bryant
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Eric Rescorla
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Christian Huitema
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dino Farinacci
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dino Farinacci
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dino Farinacci
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Eliot Lear
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Brian E Carpenter
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Vittorio Bertola
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Ted Hardie
- Re: [Pearg] [saag] Ten years after Snowden (2013 … John Mattsson
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Brad Chen
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Kyle Rose
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Antoine FRESSANCOURT
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Eric Rescorla
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Brad Chen
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Alan DeKok
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] [EXT] Re: [saag] Ten years after Snow… Vittorio Bertola
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Alan DeKok
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dave Taht
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [hrpc] Ten years after Snowden (2013 … Stephen Farrell
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dino Farinacci
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Deen, Glenn (NBCUniversal)
- Re: [Pearg] [hrpc] [saag] Ten years after Snowden… bzs
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dino Farinacci
- Re: [Pearg] [hrpc] [saag] Ten years after Snowden… Laurence Lundblade
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Mark Nottingham
- Re: [Pearg] [hrpc] [saag] Ten years after Snowden… Abdussalam Baryun
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Brad Chen
- Re: [Pearg] [hrpc] [saag] Ten years after Snowden… Laurence Lundblade
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] [hrpc] [saag] Ten years after Snowden… Adrian Gropper
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dino Farinacci
- Re: [Pearg] [saag] [hrpc] Ten years after Snowden… Tony Rutkowski
- [Pearg] times square 15 sec delay new years Dave Taht
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dan Harkins
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Vittorio Bertola
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Alec Muffett
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Alec Muffett
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Mark Nottingham
- Re: [Pearg] [hrpc] [saag] Ten years after Snowden… Vittorio Bertola
- Re: [Pearg] [hrpc] [saag] Ten years after Snowden… Ted Lemon
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] [hrpc] [saag] Ten years after Snowden… Phillip Hallam-Baker
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Lloyd W
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… Fernando Gont
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Fernando Gont
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Luigi Iannone
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Christian Huitema