Hi Scott, On 07/11/2013 10:03, Scott Brim wrote: > In Russ's hums this morning, some had words that were not well defined. > Here are three that were not clear to me, and what I hummed about: > > "Is the IETF willing to respond to pervasive surveillance as an attack?" -> > "respond" is not clear. Certainly we have to do something in response to > what we now know. Sam is right, whatever we can imagine is probably already > going on. However, what the response is is not agreed on. > > "IETF should include encryption even outside of authentication where > practical" -> "where practical" is not defined. I think each WG will know > what to do with this as long as no one tries to claim that the IETF decided > that we MUST have encryption in all cases. > > "The IETF should strive for e2e encryption even when there are middleboxes > in the path" -> "middleboxes" is a full spectrum of devices and functions. > Some of them are quite useful. Until it's clear what the scope is, I hummed > no. It seems to me that all three are perfecly clear as aspirational goals, and that they all include some room for interpretation. It's also true that some of them may be in immediate conflict with other goals (for example, a web proxy that is blind to the content might be rather bad at content filtering). But all that will come out in the detailed analysis of each issue. Guiding principles really have to skate over many details. Brian