Bjoern, On 12/12/2013 14:56, Bjoern Hoehrmann wrote: > * Stephen Farrell wrote: >> I've a question about the relevance of your comment >> John: >> >> On 12/11/2013 08:53 PM, John C Klensin wrote: >>> if encryption >>> were pervasive >> The draft in question does not call for that. It calls >> for proper consideration of the pervasive monitoring >> attack and work to mitigate that. >> >> Use of encryption for confidentiality will be a relevant >> mitigation for various protocols, but to comment as if >> this draft called for ubiquitous confidentiality seems >> very odd if one has read the draft. >> >> John - can you say what part of the draft caused you to >> incorrectly conclude that "pervasive encryption" (whatever >> that means) is even being discussed never mind recommended? > > I am not sure what to make of your comments here. Perhaps an example > might help, http://edition.cnn.com/2010/CRIME/12/08/wikileaks.students/ > > U.S. agencies have warned some employees that reading the classified > State Department documents released by WikiLeaks puts them at risk of > losing their jobs. But what about students considering jobs with the > federal government? Do they jeopardize their chances by reading > WikiLeaks? > > If surveillance is pervasive, then students must assume someone will > know which sites they visit and assume there will be repercussions. So > they are forced into a constant state of fear where they need to care- > fully consider, say, which headlines on a newspaper website they click. > > If your draft is not about removing this fear, then I do not know what > it might be about. One of the IETF's difficulties in this type of discussion is separating technology (where we have some claim to say something) from social (and economic and political) issues where we may have strong opinions as individuals but where the IETF has nothing to say. The fear you describe is not part of the technology; it's part of how society in one country is using the technology. > If it is, then it would seem to call for "ubiquitous > confidentiality" unless you are making a very fine point. Indeed it is making a fine point - what it calls for is the IETF to provide technological mechanisms that allow operators and users to protect privacy. To what extent those mechanisms are deployed is not under the IETF's control and will presumably vary between countries. Brian