Re: FTP Service Discontinuance Under Consideration; Input Requested

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Hi,

> On 4/4/15 3:38 AM, Stephen Farrell wrote:
> > My suggestion is to forget about how 7258 might or might not
> > relate to the subject line here, and deal more with the subject
> > line itself. Let's save our energy for arguing about privacy
> > when accessing public information for discussing situations
> > where it matters much more and where users know less, both of
> > which are more typical and more important.
> >

> It seems that we're conflating two issues: privacy and protection
> against pervasive surveillance.  What we have discussed in the past, and
> in fact it was part of what Bruce presented in Vancouver, was that in
> order to mitigate a pervasive surveillance attack, *all *information –
> not just that which we might consider sensitive – should be encrypted.
> This is especially the case when multiple services run on the same
> infrastructure.

Maybe Stephen is conflating things, but I'm not, and I don't think most other
people on this thread are.

And I was aware of Phil Zimmerman's  postcards versus letters line of reasoning
long before Bruce reiterated it in Vancouver.

My point was, and is, that there are competing interests here. (Or, if you like
the way Bruce puts things, "Security is always a tradeoff.") And it's my
position that in this case the need for people - including those who for one
reason or another don't have access to ubquituous security - to be able to
access the information is vastly more important than protection pervasive
surveillance, or privacy, or always using envelopes, or whatever you want to
call it.

Again, this isn't because I don't understand the concern you're raising. I
understand the concern quite well. I just don't think it wins out in this case.

> Going further, the IAB has said that communications should be
> encrypted.[1]  If we as a community wish others to encrypt their
> traffic, we should of course do what we can to encrypt our own.  In the
> alternative, let's have a deeper exploration of encryption and
> confidentiality and the tradeoffs so that more specific advice can be
> given to the broader community that we ourselves can follow.

Doing what we can != forcing things onto people that limit access. This is very
weak tea indeed.

				Ned





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]