Summarising a *lot* :-) On 09/06/2013 11:30 AM, Stewart Bryant wrote: > > There is a whole bunch of stuff we can do I fully agree. Some more detail on one of those... We setup the perpass list [1] as a venue for triaging specific proposals in this space. A few weeks in, we have one I-D [2] (very much a -00) that tries to describe a threat model that matches the recent revelations, and that could be a good reference when folks are developing protocols. We have found volunteers to write a draft for a BCP on how to use perfect forward secrecy in TLS, more common use of which (we still think) would mitigate a bunch of the ways in which TLS traffic could be subverted, given various forms of collusion/coercion. I hope the -00 for that will pop out in a weekish. We've had some discussion about how to do better with email, but that's not yet landed on specifics that could be taken further. And a couple of other topics have come up. More are welcome. For any such topic that looks like it'll turn into something actionable (in the IETF context), I'm very happy to push to get it adopted by a relevant WG or to get it AD sponsored. If you care about this stuff, then get on that list and make concrete proposals and write I-Ds about ways the IETF can improve the situation. If the content is good, you'll find you're pushing on an open door (at least as far as the SEC ADs are concerned:-). And as we all know the IETF cannot "solve the problem" here, but as Stewart rightly said: there is stuff we can do better. So let's do it. I do think some kind of session in Vancouver would be useful to move this along some more and there's discussion ongoing within the IESG and IAB on how to best do that. If we (IESG/IAB) fail in that, please do beat us up mightily at the mic in Vancouver. Cheers, S. [1] https://www.ietf.org/mailman/listinfo/perpass [2] http://tools.ietf.org/html/draft-trammell-perpass-ppa