Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'm sorry, I don't detect the emergency.

I'm not saying there's no issue or no work to do, but what's new about
any of this?

Was PRISM a surprise to anyone who knew that the Five Eyes sigint
organisations have been cooperating since about 1942 and using
intercontinental data links since 1944)? Was Xkeyscore a surprise
to anyone who's been observing the whole Big Data scene? Is any
ISP or router vendor actually unaware of the security issues in
routers? Aren't most of them o/s implementation issues in any case?
Hasn't the IETF been working on BGP4 security for quite a while now?

I'm very glad we did RFC 1984 and RFC 2804 when we did, but it's
probably more important that we did RFC 3552. We certainly need
to apply it.

I am against any panic response to the hype. If someone can identify
any specific, new, protocol-based threats in the recent media stories,
that would be worth an I-D and appropriate IETF action.

Regards
   Brian Carpenter

On 06/09/2013 12:46, Lucy Lynch wrote:
> On Thu, 5 Sep 2013, Dean Willis wrote:
> 
>>
>> This is bigger than the "perpass" list.
>>
>> I suggested that the surveillance/broken crypto challenge represents
>> "damage to the Internet". I'm not the only one thinking that way.
> 
> an additional call to action can be found here:
> 
> http://www.newamerica.net/pressroom/2013/statement_oti_statement_on_new_leaks_of_nsa_defeating_encryption_technology_3
> 
> 
> "In the interim, technologists need to take a hard look at how to
> reengineer the Internet to avoid this type of massive undermining of our
> privacy rights. Our current trajectory is toward a more fractured, less
> safe Internet, and only major, meaningful reforms will restore trust and
> prevent even more detrimental outcomes."
> 
>> I'd like to share the challenge raised by Bruce Schneier in:
>>
>> http://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet-nsa-spying
>>
>>
>>
>> To quote:
>>
>> -----------
>> We need to know how exactly how the NSA and other agencies are
>> subverting routers, switches, the internet backbone, encryption
>> technologies and cloud systems. I already have five stories from
>> people like you, and I've just started collecting. I want 50. There's
>> safety in numbers, and this form of civil disobedience is the moral
>> thing to do.
>>
>> Two, we can design. We need to figure out how to re-engineer the
>> internet to prevent this kind of wholesale spying. We need new
>> techniques to prevent communications intermediaries from leaking
>> private information.
>>
>> We can make surveillance expensive again. In particular, we need open
>> protocols, open implementations, open systems – these will be harder
>> for the NSA to subvert.
>>
>> The Internet Engineering Task Force, the group that defines the
>> standards that make the internet run, has a meeting planned for early
>> November in Vancouver. This group needs dedicate its next meeting to
>> this task. This is an emergency, and demands an emergency response.
>> ------------
>>
>> The gauntlet is in our face. What are we going to do about it?
>>
>>
>> -- 
>> Dean Willis
> 






[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]