Hi Alissa,
I'd like to challenge your challenge. :-)
The environment here seems much more
complex than you portray. It is, however,
still all about risk management.
Most users make their choice of provider
and platform based on factors such as:
cost, performance, ease of use, SPAM
and malware r
Alissa got to writing this email before I did, but I second pretty much
everything she said here. Corporate data collection is not the same as
pervasive government surveillance. Each has their concerns, but they are
separate and the solutions to the two are considerably different.
-Ross
On Sun,
On 10/14/2013 01:47 PM, Tony Rutkowski wrote:
> Most citizens want that to continue because
> the risks of not doing so are great.
If the "that" above refers to pervasive monitoring,
then please provide evidence (but please do so in
another thread, I bet it'll not be conclusive
enough that one m
Hi Steve,
The "that" clearly refers to the precedent sentence:
Since the inception of messaging networks,
governments and societies worldwide have
instituted surveillance for all kinds of
essential legitimate purposes - especially
where the potential harm to people is great.
"Pervasive monitor
Hi,
On 14 Oct 2013, at 08:47, Tony Rutkowski wrote:
> So as many have opined, the IETF is a
> technical standards body, not an evangelical
> organization for socio-political views, and
> hopefully will continue to do what it
> does well - produce usable protocols - and
> leave the implementation
Hiya,
On 10/14/2013 02:25 PM, Tony Rutkowski wrote:
> Hi Steve,
>
> The "that" clearly refers to the precedent sentence:
>> Since the inception of messaging networks,
>> governments and societies worldwide have
>> instituted surveillance for all kinds of
>> essential legitimate purposes - especi
This is a good discussion. I do want to add that we should not forget that
there are some simple education issues that we have not made enough progress on
yet. How many of you find yourself explaining to small companies (and even
some big ones), that they should not be sending your personal da
Alissa,
Hi Steve,
I'd like to challenge your assertions that because Gmail and Facebook have
billions of users, the bulk of Internet users do not care about pervasive state
surveillance of all or most of their of their Internet communications, and
therefore the IETF's attempts at promoting st
Avri,
...
Yes, but in doing so, it should provide the ability for the individual users,
whether companies or individuals, to mitigate their risks. If technical
standards do not include a mandatory option (MTI) of privacy protection they
are making a political techno-decsion against privacy.
* Stephen Kent wrote:
>I understand the goal of making life harder for state surveillance.
>However, I am not willing (personally) to incur any degraded user
>experience,
>premature cell phone battery depletion, etc in order to support this goal.
>I suspect, but cannot prove, that most users would
Stephen,
"The state has a responsibility to provide for the security of its
citizens. To the extent that surveillance supports
this goal, it is potentially justified, irrespective of whether every
citizen agrees with the methods."
If this is the case why dont we hand a copy of our house key to
Hi,
I understand the goal of making life harder for state surveillance.
> However, I am not willing (personally) to incur any degraded user
> experience,
> premature cell phone battery depletion, etc in order to support this goal.
> I suspect, but cannot prove, that most users would express simil
> Since you alluded to "some MTU" above, the obvious question is what are
> examples of
> MTU mechanisms that you support?
I don't know. But just as I beleive we sometimes decide some things are so
critical to security that they must be used, I would like to see us leave open
the discussion
Bjoern,
* Stephen Kent wrote:
I understand the goal of making life harder for state surveillance.
However, I am not willing (personally) to incur any degraded user
experience,
premature cell phone battery depletion, etc in order to support this goal.
I suspect, but cannot prove, that most users
Steve,
Brian's draft defines "pervasive surveillance" as
the practice of
surveillance at widespread observation points, without any
modification of network traffic, and without any particular
surveillance target in mind.
There are a couple of obvious deficiencies here..
As a starter, the defin
Hi Tony,
(Subject lines are cheap and helpful, let's try use
'em a bit better please.)
On 10/14/2013 04:35 PM, Tony Rutkowski wrote:
> Steve,
>
> Brian's draft defines "pervasive surveillance" as
>> the practice of
>> surveillance at widespread observation points, without any
>> modification of
On 10/14/2013 03:43 PM, Stephen Kent wrote:
> Avri,
>> ...
...
>> So while I can see problems with MTU, I think genuine MTI (and perhaps
>> some MTU) is needed for privacy enhancements at a level that matches
>> the MTIs and MTUs for security. I technical neutrality requires it.
> To first order
* Tony Rutkowski wrote:
>As a starter, the definition is self-contradictory.
>The first sentence in the introduction uses RFC6973's
>definition of surveillance with is aimed at an individual
>and concatenates it with "pervasive" to come up with
>something that says there "is no particular surveilla
Stephen,
...
That's not an unreasonable answer. However, we do have to
face the fact that a lot of times MTI stuff is just not
used when you and I would probably argue that it really
ought be used. It also not unreasonable to say that doing
more-than-MTI won't fix that, but that's what I'd like
t
On Oct 14, 2013, at 8:01 AM, Ralf Skyper Kaiser wrote:
> Hi,
>
> I understand the goal of making life harder for state surveillance.
> However, I am not willing (personally) to incur any degraded user experience,
> premature cell phone battery depletion, etc in order to support this goal.
> I s
Ralf,
Stephen,
"The state has a responsibility to provide for the security of its
citizens. To the extent that surveillance supports
this goal, it is potentially justified, irrespective of whether every
citizen agrees with the methods."
If this is the case why dont we hand a copy of our ho
Ralf,
I don't recall such comments. perhaps we travel in different circles.
Which IETF meetings have you attended over the past 20 years?
Steve
Hi,
I understand the goal of making life harder for state surveillance.
However, I am not willing (personally) to incur any degraded user
ex
hi Stephen, Tony,
a few further points inline...
On Oct 14, 2013, at 6:29 PM, Stephen Farrell wrote:
>
> Hi Tony,
>
> (Subject lines are cheap and helpful, let's try use
> 'em a bit better please.)
>
> On 10/14/2013 04:35 PM, Tony Rutkowski wrote:
>> Steve,
>>
>> Brian's draft defines "perv
> If most users feel that security and privacy are high priorities, why do
> so many users download
> free apps that monitor aspects of mobile phone use and direct ads
> accordingly? My position, in
> part, is that people behave in a fashion that suggests that personal
> privacy is not a very
> hig
Hi Brian et al.,
This has been kind of fun to watch - based
on someone's note about it. But I'm not
into this kind of far out academic religious
stuff and have real work to do.
But have fun.
--tony
___
perpass mailing list
perpass@ietf.org
https://ww
On 15/10/2013 06:57, Brian Trammell wrote:
...
>>> Additionally, all this is context dependent as there all
>>> kinds of bases for exactly this kind of activity that are
>>> operational, commercial, and legal. It would also be
>>> interesting to see a definition of "network." Radio
>>> networks h
On Mon, Oct 14, 2013 at 01:50:36PM -0400, Stephen Kent wrote:
> accordingly? My position, in
> part, is that people behave in a fashion that suggests that personal
> privacy is not a very
> high priority when it comes to use of the Internet.
While I have some sympathy for the above, I think it ru
If most users feel that security and privacy are high priorities,
why do so many users download
free apps that monitor aspects of mobile phone use and direct ads
accordingly? My position, in
part, is that people behave in a fashion that suggests that
personal privacy is
> public sector data collectio
n has obviously blurred as more and more data is exchanged between the two,
but that does not make the two of them equivalent.
I appreciate your analysis, but I don't necessarily agree with your
conclusions. The state has a responsibility to provide for the security
Would you agree though Steve that wearing seat belts is our best current
practice for safety, and that we (if we imagine ourselves car designers) should
explain to people how unsafe the roads are and that they really should wear
seat belts? Not everyone who builds cars might feel like they need
On Sun, 13 Oct 2013 08:25:08 -0700
Leo Vegoda wrote:
> I am not a security expert either but presumably people will need to
> export keys for backup and deployment on other systems. For
> instance, many people have something like a laptop computer, a
> smartphone and a tablet. Presumably, users w
Hi Steve,
On 10/14/2013 06:39 PM, Stephen Kent wrote:
> Stephen,
> ...
>> That's not an unreasonable answer. However, we do have to
>> face the fact that a lot of times MTI stuff is just not
>> used when you and I would probably argue that it really
>> ought be used. It also not unreasonable to s
On Fri, Oct 11, 2013 at 10:56 AM, Richard Barnes wrote:
> I would note that the JSON Web Key [1] spec from the JOSE WG provides a
> similar, much simpler format than PKCS#12. Just have JWK Set with one
> public, unencrypted member, and one encrypted member:
>
> [
> { "kty": "RSA", "n": "...",
33 matches
Mail list logo
