Josh Howlett wrote: > I confess that I am confused by much of this discussion. Several people in IETF is under control of NSA, maybe. > As I understand > it, PRISM is not a signals intelligence activity; it only addresses that > data at rest within those organisations who have partnered with the NSA. > As such, improving protocol security will achieve nothing against PRISM; > it is a socio-political issue that is outside of the scope of a technical > standards organisation. Right. > As such the only practical way for a typical user to protect themselves > against PRISM is to switch to other providers based in jurisdictions that > provide the appropriate protections, or agitate to change the applicable > laws within their own jurisdiction, where appropriate. Not necessarily. The proper protection is to avoid cloud services and have our own end systems fully under control of ourselves. Toward the goal, IETF should shutdown all the cloud related WGs and never develop any protocol to promote cloud service. > This is not, of course, an argument not to improve the security of our > protocols for other reasons, but let's please motivate this work > correctly. It will yield a greater probability of success. Using DH could protect us, until USG start deploying active attack. So, it is important to develop technologies to detect attacks against DH. Masataka Ohta