Re: Proposed Statement on "HTTPS everywhere for the IETF"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Tony,
On 04/06/2015 15:06, Tony Hain wrote:
> Stephen Farrell wrote:
>> On 03/06/15 22:03, Tony Hain wrote:
>>> Stephen Farrell wrote:
>>>
>>>> I would assert that the existence of the dprive WG is good evidence
>>>> that the IETF does not consider data-integrity as the only real
>>>> concern for public data.
>>>
>>> And I would assert that it shows a group-think knee-jerk overreaction
>>> to threats that hypothetically could be applied in broader contexts
>>> than history documents. We are both free to express our own
>>> assertions.
>>>
>>
>> Disagreeing is of course fine but does not require that those with whom one
>> disagrees are stuck in a group-think knee-jerk mixed metaphor;-)
>>
>> Looking at the actual text of the statement though [1] I could agree that the
>> 3rd paragraph is maybe more justified on security grounds, so maybe
>> s/privacy/security&privacy/ would be better there.
> 
> No, more below.
> 
>>
>> That said, there is a real threat to privacy (cf. tempora) when it is credible to
>> assume that any of our traffic that transits undersea cables is recorded, and
>> traffic to the IETF is a part of that even if it's quite unlikely, by itself, to be
>> privacy sensitive.
> 
> I never argued that there is not a general threat to privacy due to recording, just that it does not apply here. My point was that the IETF does not have a general technical REQUIREMENT for privacy. There are many that WANT privacy in everything they do, but that does not equate to a real requirement for the public content of an open organization. Substituting security&pirvacy only makes a bad choice of words worse. The IETF has no business case for either, and if there was a case something would have been done about it long before now. 

It isn't the content that is private, of course. However, if there are IETF
participants who require a degree of privacy about their use of IETF public
information, it is entirely reasonable for the IETF to support that with a
straightforward measure like HTTPS. As has been pointed out already, that
is insufficient to provide a high degree of privacy.

Try "...the act of accessing public information required for routine tasks
can be privacy sensitive *on the user's side*..."

I don't see anything political about that. It's factual.

    Brian
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]