On 4/7/2017 12:37 PM, Eliot Lear wrote: > > On 4/7/17 5:24 AM, Martin Thomson wrote: >> To the extent that we have the tools necessary to protect against pervasive >> monitoring, we have to accept that more-legitimate uses of monitoring are >> collateral[...] > ... DAMAGE. > > You couldn't even say the word. > > The whole point of the document is to expand upon the implications of > what operational practices are impacted in an encrypted world. That > doesn't mean people should stop encrypting, but it does mean that we > should understand what is breaking. To do otherwise is to stick our > heads in the sand. Let's not do that. And let's not question whether a > particular function is "legitimate" which ironically applies a value > judgment, something that you yourself complained about. > > Better to focus on whether the impact of encryption has indeed been well > documented. Having read draft-mm-wg-effect-encrypt-10, I agree with Martin. This draft is hard to read, and provides a confusing mix of business goals, techniques, and complaints. My personal recommendation, like Martin's, is that it would benefit from a thorough rewrite before publication. I also agree with Martin's recommendation to leave QUIC out of this business, since it is not standardized yet. The proper place for the QUIC related text is in a contribution to the QUIC WG. The draft presents a number of practices, but does not really articulate practices and business goals. In fact, it starts from the practices, instead of starting from the goals. My recommendation would be to start by articulating the "business goals" such as Parental Control, Spam Filtering, Phishing Prevention, Data Leak Prevention, Insertion of Super-Cookies, Traffic Engineering, Traffic Prioritization, Data Compression, Traffic Intercept, Censorship, or Load Balancing. The draft could then explain how each of these goals are performed by a variety of techniques, some of which are deployed on the end points, and some other at various places in the network using a variety of techniques, including header analysis and deep packet inspection. And then the draft could have another section explaining how network-based techniques may or may not be affected by the deployment of encryption. As a bonus point, we could also note that many of the business goals are somewhat controversial, and state the controversy. But the current draft is too confusing for being endorsed by the IETF. -- Christian Huitema > > Eliot > ps: but I agree with your point about statistics. >
Attachment:
signature.asc
Description: OpenPGP digital signature