Hiya, On 10/14/2013 02:25 PM, Tony Rutkowski wrote: > Hi Steve, > > The "that" clearly refers to the precedent sentence: >> Since the inception of messaging networks, >> governments and societies worldwide have >> instituted surveillance for all kinds of >> essential legitimate purposes - especially
"all kinds of essential legitimate purposes" simply begs the question IMO. >> where the potential harm to people is great. > "Pervasive monitoring" seems an utterly meaningless > term used for political rhetoric/evangelical purposes > that isn't worth pursuing. That should be a first order > conclusion. Personally, I entirely disagree. It is true that we don't have a worked out threat model for this yet, but Brian's draft is a start on which I hope we'll build so that protocol designers, implementers and those deploying networks and services will have a useful threat model to use when doing their work. > The point was that this is all about risk management. That's agreed. One reason for this list is that we have a new threat model that we've not considered when designing protocols. The risk analysis has been changed by recent revelations IMO. If you disagree, that's fine, but surprising. > However, if you or anyone else want to denominate > a religious abstraction as an "attack" - go for it. :-) > It'll be fun to watch. I'll take that rhetorical flourish as a lack of evidence then:-) And we're going way off topic for this thread, so please change the subject if you want to continue on this topic - its not really to do with MTI at all. Ta, S. > > --tony > > > On 10/14/2013 9:00 AM, Stephen Farrell wrote: >> >> On 10/14/2013 01:47 PM, Tony Rutkowski wrote: >>> Most citizens want that to continue because >>> the risks of not doing so are great. >> If the "that" above refers to pervasive monitoring, >> then please provide evidence (but please do so in >> another thread, I bet it'll not be conclusive >> enough that one mail will be convincing;-) >> >> If you are referring to tracking or surveillance >> of a specific set of targets, then a) that's irrelevant >> for this list/discussion which is about pervasive >> monitoring, and b) see RFC 2804. >> >> As an aside, its also misleading to speak of citizens >> here, since most of us are not citizens of the same >> country, for all values of country. So while it is >> important and relevant that different jurisdictions >> put in place policy/political controls on pervasive >> monitoring, those are also not relevant for this >> list since in general our protocols can be used >> across all possible jurisdictional boundaries. >> >>> So as many have opined, the IETF is a >>> technical standards body, >> Yes we are. And given that pervasive monitoring is >> in some ways indistinguishable from other forms of >> attack, we should treat those aspects as an attack >> and put in place the best technical mitigations we >> can. >> >> And as a reminder the question for this thread, >> is whether or not going further than MTI would help >> with that. >> >> S. >> > > _______________________________________________ > perpass mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/perpass > > _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
