On 06/09/13 14:45, Scott Brim wrote: > I wouldn't focus on government surveillance per se. The IETF should > consider that breaking privacy is much easier than it used to be, > particularly given consolidation of services at all layers, and take > that into account in our engineering best practices. Our mission is > to make the Internet better, and right now the Internet's weakness in > privacy is far from "better". The mandatory security considerations > section should become security and privacy considerations. The > privacy RFC should be expanded and worded more strongly than just nice > suggestions. Perhaps the Nomcom should ask candidates about their > understanding of privacy considerations. > > Scott
I am not sure that the "mandatory security and privacy considerations section" in every draft would be sufficient. IMHO a number of issues arise from the combination of various standards/technologies and that we are sometimes missing a few but important pieces (e.g. stuff WGs said we do "later" or which were seen as "nice to have" or "optional", and then never happened...). So although I think privacy concerns should be addressed in every draft, I also think this goes into the architecture domain across a number of technologies. Best regards, Tobias