I confess that I am confused by much of this discussion. As I understand it, PRISM is not a signals intelligence activity; it only addresses that data at rest within those organisations who have partnered with the NSA. As such, improving protocol security will achieve nothing against PRISM; it is a socio-political issue that is outside of the scope of a technical standards organisation. As such the only practical way for a typical user to protect themselves against PRISM is to switch to other providers based in jurisdictions that provide the appropriate protections, or agitate to change the applicable laws within their own jurisdiction, where appropriate. This is not, of course, an argument not to improve the security of our protocols for other reasons, but let's please motivate this work correctly. It will yield a greater probability of success. Josh. On 20/09/2013 05:54, "Brian E Carpenter" <brian.e.carpenter@xxxxxxxxx> wrote: >I got my arm slightly twisted to produce the attached: a simple >concatenation of some of the actionable suggestions made in the >discussion of PRISM and Bruce Schneier's call for action. > > Brian Janet(UK) is a trading name of Jisc Collections and Janet Limited, a not-for-profit company which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238