On the other hand, if the IAB/IESG is hell-bent on encrypting everything (eating their own dogfood) then perhaps we should not stand in the way. I am sure that other, open, fora will emerge to take the place of the IETF. /bill PO Box 12317 Marina del Rey, CA 90295 310.322.8102 On 6April2015Monday, at 7:36, ned+ietf@xxxxxxxxxxxxxxxxx wrote: >> Hi, > >> On 4/4/15 3:38 AM, Stephen Farrell wrote: >>> My suggestion is to forget about how 7258 might or might not >>> relate to the subject line here, and deal more with the subject >>> line itself. Let's save our energy for arguing about privacy >>> when accessing public information for discussing situations >>> where it matters much more and where users know less, both of >>> which are more typical and more important. >>> > >> It seems that we're conflating two issues: privacy and protection >> against pervasive surveillance. What we have discussed in the past, and >> in fact it was part of what Bruce presented in Vancouver, was that in >> order to mitigate a pervasive surveillance attack, *all *information – >> not just that which we might consider sensitive – should be encrypted. >> This is especially the case when multiple services run on the same >> infrastructure. > > Maybe Stephen is conflating things, but I'm not, and I don't think most other > people on this thread are. > > And I was aware of Phil Zimmerman's postcards versus letters line of reasoning > long before Bruce reiterated it in Vancouver. > > My point was, and is, that there are competing interests here. (Or, if you like > the way Bruce puts things, "Security is always a tradeoff.") And it's my > position that in this case the need for people - including those who for one > reason or another don't have access to ubquituous security - to be able to > access the information is vastly more important than protection pervasive > surveillance, or privacy, or always using envelopes, or whatever you want to > call it. > > Again, this isn't because I don't understand the concern you're raising. I > understand the concern quite well. I just don't think it wins out in this case. > >> Going further, the IAB has said that communications should be >> encrypted.[1] If we as a community wish others to encrypt their >> traffic, we should of course do what we can to encrypt our own. In the >> alternative, let's have a deeper exploration of encryption and >> confidentiality and the tradeoffs so that more specific advice can be >> given to the broader community that we ourselves can follow. > > Doing what we can != forcing things onto people that limit access. This is very > weak tea indeed. > > Ned