On Mon, Oct 14, 2013 at 9:43 AM, Stephen Farrell <stephen.farr...@cs.tcd.ie>wrote:
> > Hiya, > > On 10/14/2013 02:25 PM, Tony Rutkowski wrote: > > Hi Steve, > > > > The "that" clearly refers to the precedent sentence: > >> Since the inception of messaging networks, > >> governments and societies worldwide have > >> instituted surveillance for all kinds of > >> essential legitimate purposes - especially > > "all kinds of essential legitimate purposes" simply > begs the question IMO. > > >> where the potential harm to people is great. > > "Pervasive monitoring" seems an utterly meaningless > > term used for political rhetoric/evangelical purposes > > that isn't worth pursuing. That should be a first order > > conclusion. > > Personally, I entirely disagree. It is true that we > don't have a worked out threat model for this yet, > but Brian's draft is a start on which I hope we'll > build so that protocol designers, implementers and > those deploying networks and services will have a > useful threat model to use when doing their work. > > > The point was that this is all about risk management. > > That's agreed. One reason for this list is that we have a > new threat model that we've not considered when designing > protocols. The risk analysis has been changed by > recent revelations IMO. If you disagree, that's fine, > but surprising. > > > However, if you or anyone else want to denominate > > a religious abstraction as an "attack" - go for it. :-) > > It'll be fun to watch. > > I'll take that rhetorical flourish as a lack of > evidence then:-) > > And we're going way off topic for this thread, so > please change the subject if you want to continue > on this topic - its not really to do with MTI at > all. > > Ta, > S. > > > > > > --tony > > > > > > On 10/14/2013 9:00 AM, Stephen Farrell wrote: > >> > >> On 10/14/2013 01:47 PM, Tony Rutkowski wrote: > >>> Most citizens want that to continue because > >>> the risks of not doing so are great. > >> If the "that" above refers to pervasive monitoring, > >> then please provide evidence (but please do so in > >> another thread, I bet it'll not be conclusive > >> enough that one mail will be convincing;-) > >> > >> If you are referring to tracking or surveillance > >> of a specific set of targets, then a) that's irrelevant > >> for this list/discussion which is about pervasive > >> monitoring, and b) see RFC 2804. > >> > >> As an aside, its also misleading to speak of citizens > >> here, since most of us are not citizens of the same > >> country, for all values of country. So while it is > >> important and relevant that different jurisdictions > >> put in place policy/political controls on pervasive > >> monitoring, those are also not relevant for this > >> list since in general our protocols can be used > >> across all possible jurisdictional boundaries. > >> > >>> So as many have opined, the IETF is a > >>> technical standards body, > >> Yes we are. And given that pervasive monitoring is > >> in some ways indistinguishable from other forms of > >> attack, we should treat those aspects as an attack > >> and put in place the best technical mitigations we > >> can. > >> > >> And as a reminder the question for this thread, > >> is whether or not going further than MTI would help > >> with that. > >> > >> S. > >> > > > > _______________________________________________ > > perpass mailing list > > perpass@ietf.org > > https://www.ietf.org/mailman/listinfo/perpass > > > > > _______________________________________________ > perpass mailing list > perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass > -- Website: http://hallambaker.com/
_______________________________________________ perpass mailing list perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass
