|
Hi, On 4/4/15 3:38 AM, Stephen Farrell
wrote:
My suggestion is to forget about how 7258 might or might not relate to the subject line here, and deal more with the subject line itself. Let's save our energy for arguing about privacy when accessing public information for discussing situations where it matters much more and where users know less, both of which are more typical and more important. It seems that we're conflating two issues: privacy and protection against pervasive surveillance. What we have discussed in the past, and in fact it was part of what Bruce presented in Vancouver, was that in order to mitigate a pervasive surveillance attack, all information – not just that which we might consider sensitive – should be encrypted. This is especially the case when multiple services run on the same infrastructure. Going further, the IAB has said that communications should be encrypted.[1] If we as a community wish others to encrypt their traffic, we should of course do what we can to encrypt our own. In the alternative, let's have a deeper exploration of encryption and confidentiality and the tradeoffs so that more specific advice can be given to the broader community that we ourselves can follow. Eliot [1] https://www.iab.org/2014/11/14/iab-statement-on-internet-confidentiality/ |
Attachment:
signature.asc
Description: OpenPGP digital signature