--On Saturday, November 4, 2017 09:34 -0700 Tom Herbert <tom@xxxxxxxxxxxxxxx> wrote: >... > A good example > is turning up the TLS on the Internet; this eliminated the > need to trust the network with our plaintext. And, for many people, replaces it with the need to trust firewall and security appliance providers who have concluded that they need to intercept and decrypt traffic in order to identify malware and other undesirable traffic. At least in principle, one does get to choose which vendor to trust and does know (by virtue of having to install special certificates) which vendor or provider is being trusted, but those options may not be meaningful for typical users. I worry with that example and several others that the IETF is not adequately distinguishing between "increasing privacy" or "preventing mass surveillance" on the one hand and forcing users into a "who do your trust" or even "who does someone trust on your behalf" shell game on the other. best, john