Re: [Pearg] [saag] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 1/5/23, 8:44 AM, "ietf" <ietf-bounces@xxxxxxxx> wrote:


>> There is a general feeling that the bigger threats to user privacy are now not in transit, but in or before the endpoints. So, the fact that the IETF does not >>want to consider threats in the endpoints is seen as additional evidence for the above.

>Not even threat, fact. It was bad enough when packets disappeared into
>proprietary firmware, nowadays you can't even take a packet capture
>directly from an iphone/android or chromebook, transiting inside the
>endpoint.

 

This problem is brought on by the difference in where the demarcation point for zero trust actually falls.     

 

As proposed conceptually,  zero trust has the entire endpoint of each side completely under the control of each party and they would have full visibility to what was going on and being sent.   You protect you, I protect me, and we don’t worry about the delivery truck in between us.

 

However, in reality the implementations on the user side moved the content provider’s zero trust demarcation point to inside the user device inside the application or browser application and don’t provide any ability for the user to see or fully control the trust on their side of the relationship.   The actual zero trust demarcation point isn’t at the network connection endpoint, it’s in a place on their device the user has no visibility into.

 

The wire transit maybe be better protected, but we should acknowledge that we’ve moved the problem not completely solved it.

 

-glenn

 

 

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux