Russ, I am glad that we all want to do something about this problem. I also appreciate that the questions you asked were intended to be aspirational. Having said this, I must voice two concerns about how these hums are taken. First, they were formed very quickly and in particular we did not explore at the plenary the last three questions in any detail. Had we done so, I would have raised my other concern, which is that we have at least one very relevant group that has expressed concern that opportunistic encryption could harm efforts to get authenticated TLS well deployed. That may be the right answer in those circumstances – or not. The conclusion of that discussion to be as informed as is possible, especially given its magnitude. It was enough for us to say that we as a community will take steps to address pervasive surveillance. Clearly we are taking steps to address pervasive surveillance. Eliot On 11/6/13 12:41 PM, Russ Housley wrote: > At the end of the IETF88 Technical Plenary, there were five hums. This note is to provide the text of the hums and the community response. The people in the room were asked to hum for YES if they agreed with the statement and hum for NO if they disagreed with the statement. > > 1. The IETF is willing to respond to the pervasive surveillance attack? > > Overwhelming YES. Silence for NO. > > 2. Pervasive surveillance is an attack, and the IETF needs to adjust our threat model to consider it when developing standards track specifications. > > Very strong YES. Silence for NO. > > 3. The IETF should include encryption, even outside authentication, where practical. > > Strong YES. Silence for NO. > > 4. The IETF should strive for end-to-end encryption, even when there are middleboxes in the path. > > Mixed response, but more YES than NO. > > 5. Many insecure protocols are used in the Internet today, and the IETF should create a secure alternative for the popular ones. > > Mostly YES, but some NO. > > Russ > > >