On 9/5/13 7:19 PM, Brian E Carpenter wrote: > I'm not talking about what implementors and operators and users > should be doing; still less about what legislators should or > shouldn't be doing. I care about all those things, but the question > here is what standards or informational outputs from the IETF are > needed, in addition to what's already done or in the works. There are pretty clearly still some serious problems around crypto and usability. I tend to look at those problems as largely being implementation questions. But still, it may be the case that there's work that can be done to protect leaking what might be called signaling (or metadata). This assumes, of course, that current crypto technology (ciphers, anyway) is sufficient, which Schneier seems to think is the case. Melinda