Josh, On 12/05/2013 10:53 AM, Josh Howlett wrote: > > I fully support action to increase security, where it responds to the > prevailing threat environment. But it will be a perpetuation of the > naivety that has characterised this debate to think that this alone will > halt pervasive monitoring, because the threat is not technical in nature. Personally, I think anyone using the argument that "you can't solve the problem therefore do nothing" is talking about the same amount of nonsense as anyone who says "the IETF can halt pervasive monitoring." You don't quite say either of those above, but neither do you acknowledge that the draft in question, and all the sensible discussion (which is far from all the discussion;-) around that fully acknowledges that the technical things that can and should be done are only part of the story. > The technical response must be coordinated with a political response, or > else the perpetrators will find political means to route around the > technical measures. I disagree with "must be coordinated" for various reasons. Given the time it takes for us to do our part, which is measured in years before we get good deployment, imposing a requirement to start with coordination would mean doing nothing ever. Secondly, with whom would we coordinate? Again, trying to impose a requirement for coordination with a non-existent Internet-wide political entity is tantamount to doing nothing. If some other folks outside the IETF are working on the same issues that'll be good or bad, and for some such activities it'll be useful for us to know about and consider them. And maybe it'll be useful for others to know what we're up to, but we should not wait. > The political response shouldn't be organised within the IETF, but it does > need to liaise with those responsible for doing that. "The" political response? You expect only one? Again, I don't think we should hang around waiting - we should document the consensus from Vancouver and then follow that through in our normal work within working groups and elsewhere - considering threats, including this one, as we develop protocols. > Unfortunately I am > not observing any movement by any of the other parties within our > wonderful multi-stakeholder system that you would think would be > notionally responsible for this. My fear is that they are opting to drink > the technology Kool-Aid, to avoid grasping the political nettle. That is > what should be concerning us right now. Fully disagree. Its us should be grasping nettles and working to improve the security and privacy properties of our protocols. Regards, S.