On 5 mrt 2011, at 5:06, Dean Willis wrote: > 1) Privacy and Integrity: We believe that intermediaries should be neither able to understand nor alter the transmitted material without the explicit consent and awareness of the users. > 2) Privacy and Obscurity: We believe that observation of a traffic flow pr sequence of traffic flows should reveal as little information about the application or user of the application as possible Privacy and obscurity are tools that cut both ways. It can protect legitimate communications from evil regimes, but it can also shield illegal behavior from the law, or privacy violations commited by applications, or services running in a browser from the user. It also makes debugging orders of magnitude harder, uses more overhead and engergy and slows down the communication. (Especially in mobile networks where one end is on battery power and the extra round trips required to negotiate encryption and authentication are typically slow.) As such, it would be a very big mistake to start encrypting ALL communication. Whether the applying these mechanisms is sufficiently beneficial to be worth the numerous downsides should be evaluated on a case-by-case basis. It's not the IETF's job to force vendors and users to do something that they would otherwise choose not to do. You're trying to attack the problem from the wrong side, anyway: you assume using the large infrastractures that are easy to control by states and then try to add a layer of protection. It would be better to work around these infrastructures completely. Why is it that when I email my colleague two meters away, within easy wireless range, that the message goes through the servers of Google somewhere (not even sure in which country those are)? _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf