Hi, >> Knives are easily available to anyone, just like encryption. > > ...and just like pervasive monitoring? That's a very good thought. Yes, I believe encrpytion and the ability to pervasively monitor are both easily available to everyone. The next step after availability is actual usage, and this is where things get interesting. I believe that where encryption is not actually *used*, pervasice monitoring *will* happen. Or, to state it a bit more in a logic-oriented way: Either the use of encryption proliferates, or the use of pervasive monitoring proliferates. It is a strict XOR: you can't have both, and you can't have none of the two. Thinking more in the mathematic direction, I'd even say: it's an XOR in the fuzzy logic sense: the truth value of the sum of both statements equals 1; i.e. the more you sacrifice on one side, the more will creep in on the other side. As a corollary: if we don't want to enable perpass attakcs, we have to make sure encryption gets *used* wherever possible. For the general internet use, this probably means: since a vast majority of internet users don't know and don't care about security, and will accept whatever is the default unless it's inconvenient - our job is to make encryption the default, and make it as convenient as possible. The convenience may come at the expense of "perfect" security at times; but it's a WG job to weigh that appropriately. Greetings, Stefan Winter > > In both, the product has already proliferated, and it is not possible to > roll back to a state where it hasn't. > > Also, both of those have proven to have both too numerous and > unquantifiable good and bad uses, and both of it in scale; there is no > obvious, generally-accepted world-wide agreement that either of the two > can only be used for nefarious purposes. > > So, I feel good comparing knives with pervasive monitoring. > > http://blogs.wsj.com/digits/2013/12/09/tech-giants-band-together-for-nsa-reform/ > the irony of corporations that are profiting from pervasive monitoring - > that's how Facebook and Google work - complaining > about government pervasive monitoring is not lost on me. > > What I don't feel good about is perpass-attack, which is going to > be at best ignored, or wildly misinterpreted and misused by its intended > audience. It's primarily a kneejerk reaction to news events to assuage > the consciences of IETF insiders. > > also, do we get drafts through last call by simply now announcing in > the draft that it has been through last call? That does make things > easier. Must start writing 'this RFC' in drafts, which will help that > benighted state come to pass. > > Lloyd Wood > http://sat-net.com/L.Wood/ > -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's key is known to me http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Attachment:
0x8A39DC66.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature