Hiya, I think John is correct that it'd be good for the IETF to review what we've achieved and what else is feasible to do now, a decade since the Snowden revelations. I'd guess such a review would turn up some protocol changes and gaps that could be filled, so doing that over this year seems timely. I'm sure we'll see yet more people say the sky is falling if/as we enable better confidentiality, but that's always been the case, and always wrong. And I'd echo Viktor and Ekr in that I do think we collectively managed to move the needle in a good way over that decade. I do think considering whether we could do better wrt endpoint security would be worth trying (again), e.g. if we could agree/document some recommendations/BCPs about reasonable telemetry, that could be a win. (So-called "telemetry" being one of the ways in which surveillance capitalism abuses people's data). That said, I'm not so sure we have the same level of community engagement we had back in 2013/2014, when lots of people were actually quite annoyed at details and scope of the surveillance being revealed. And it is true that many aspects of what goes on on endpoints is not something where we have much impact. To touch on another point raised: I think a lot of the recent and upcoming EU legislation/regulation does look promising (e.g. if it eventually motivates IM interop), but don't at all buy the arguments that we should do nothing about what some call "policy" and others think is just sensible engineering that considers at least a bit of the related environment and some ethics. But a lot of that is regurgitated argument anyway:-) Lastly, given some of the arguments here will be repeats of earlier ones, it might make sense to have this discussion on the still-extant perpass@xxxxxxxx list (if e.g. the ADs figured that was a good plan). I think it'd be useful for people looking back at this round of the usual arguments in 2033. Cheers, S.
Attachment:
OpenPGP_0x5AB2FAF17B172BEA.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
