Hiya, On 17/05/16 23:15, Brian E Carpenter wrote: > On 18/05/2016 03:11, Michael Richardson wrote: >> >> Stephen Farrell <stephen.farrell@xxxxxxxxx> wrote: >> > No pointers to the talk, sorry - Jeff was kind enough to speak without >> > notes or slides, (which was great:-). He recounted the 1990's era >> > history of crypto export controls, the issues covered in their "keys >> > under doormats" report, [1] and some consideration of more recent >> >> yes, It's important to remember that not everyone lived through that period >> of time. >> >> A TED talk or something about that history might be neat to have to help >> socialize millenials about not repeating history. > > Well, it seems to me that it's the NSA and their friends in the US Congress, > and equivalent forces in other countries, that are trying to repeat history. > > On the other hand, we shouldn't fall over our own feet in our enthusiasm. Sure. However, I think this community have in fact been quite properly active but also very responsible in what we've done in the last 3 or so years since the latest iteration of all this kicked off. That is a little boring of course but we're (lots of us) doing the right things IMO in carefully trying to find the places where we can enable real improvements to be made by implementers and those deploying stuff. > As Kamp says, "More Encryption Means Less Privacy": > http://dl.acm.org/ft_gateway.cfm?id=2904894&ftid=1700648&dwn=1 > > And as Gutmann says, "Crypto Won't Save You Either": > http://www.cs.auckland.ac.nz/~pgut001/pubs/crypto_wont_help.pdf Well, I'm not sure if anyone has ever wondered if either PHK or Peter might ever have possibly overegged an argument just a tad:-) Both do do very good work of course, as well, but I think the content at both URLs are good examples of focusing too much on the (real) negative aspects of what is an overall positive. If we (the IETF) can provide RFCs that implementers and people deploying consider can partly mitigate pervasive monitoring then use of those same tools will also likely be very effective against less capable attackers, of whom there are very many. Personally I totally buy the argument in RFC7435 [1]- let's do the best we can now, (which isn't necessarily at all easy) and then iterate and improve that over time. I hope that's one of the high level longer term take-aways from Snowdonia anyway. Cheers, S. [1] https://tools.ietf.org/html/rfc7435 > > Brian > >
<<attachment: smime.p7s>>