On 09/09/2013 01:24 AM, Jorge Amodio wrote: > Will the discussion include the pervasive data mining from companies > exploiting our Internet use for marketing and targeted advertising purposes > ? IMO the discussion should of course include that as one part of a larger thing. Corporate privacy-busting is however somewhat different from recent news stories, for almost all corporates. There are a few companies who can monitor so much that they'd compete with governments in terms of being pervasive monitors. But recent reports indicate that some governments may have raised the ante quite a bit higher - if you're accumulating data from the largest corporate service providers and the phone companies/ISPs and the trans-atlantic fibres then you really probably are in a different category than any of even the largest corporates. I suspect the "new" part of the new threat model here is the level of pervasiveness of the monitoring. Separately, if we can figure out protocol mechanisms or implementation/deployment guidance that helps mitigate pervasive monitoring, then those same mechanisms will I would hope/guess also mitigate corporate non-pervasive monitoring. But, we'll have to wait and see for that. So I'd guess that we might be better to consider the pervasive monitoring attacker for now and then see if the kinds of mitigation we develop might also be helpful against somewhat less ubiquitous attackers. Cheers, S. > > -J > > > On Sun, Sep 8, 2013 at 4:53 PM, IETF Chair <chair@xxxxxxxx> wrote: > >> Here are some thoughts on reports related to wide-spread monitoring and >> potential impacts on Internet standards, from me and Stephen Farrell: >> >> http://www.ietf.org/blog/2013/09/security-and-pervasive-monitoring/ >> >> Comments appreciated, as always. >> >> Jari & Stephen >> >> >