inlineā¦ On Feb 28, 2013, at 17:07 , Eric Burger <[email protected]> wrote:
> I think the point is we have a clue, and we disagree. What is a person > without a clue to do? > > -- > Sent from a mobile device. Sorry for typos or weird auto-correct. Thank IETF > LEMONADE for mobile email! See <http://www.standardstrack.com/ietf/lemonade/> > > On Feb 28, 2013, at 4:34 PM, SM <[email protected]> wrote: > >> Hi Claudia, >> At 14:42 26-02-2013, Claudia Diaz wrote: >>> That's an interesting distinction. Translating it to concrete scenarios >>> would make us however have to change how we usually use the terms. This can >>> be counterintuitive in some cases: >>> >>> - If I browse to a website and my IP is exposed, then it is a privacy >>> problem. If I browse to the same website over Tor and my IP is exposed >>> because Tor is attacked, then it is a security problem. >> >> Ok. >> >>> - If the passwords to access the confidential information at the embassy >>> are sent in clear (because nobody bothered to encrypt them), it is a >>> privacy problem, and not a >> >> It's a security problem. I think you're being a bit brief here. It's not a security problem with the design of the protocol; if it carries data in the clear, it never pretended to be secure. It's a problem that it was the wrong protocol to be used, for sure. We're concerned about intrinsic security and privacy problems in our specifications, not the mis-use of them (though we can warn, I guess). >> >>> - If the gov listens to my encrypted conversations (eg, by reconstructing >>> the conversation from the traffic), it is a security problem. If the >>> minister of interior talks over an unencrypted line about his plans to >>> catch terrorists, then it is a privacy problem. >> >> The last sentence is about a security problem. ditto. There was nothing wrong with the design of the unencrypted line; it was the wrong 'protocol' to use. David Singer Multimedia and Software Standards, Apple Inc. _______________________________________________ ietf-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-privacy
