This is a good discussion. I do want to add that we should not forget that there are some simple education issues that we have not made enough progress on yet. How many of you find yourself explaining to small companies (and even some big ones), that they should not be sending your personal data over email? This seems to happen to me and luckily, I was able to head it off before it happened the last few times. As we work to bridge gaps, it will take time and we may need to figure out education options as we work to improve security options.
Bets regards, Kathleen -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Avri Doria Sent: Monday, October 14, 2013 9:43 AM To: perpass Subject: Re: [perpass] mandatory-to-implement vs. more? Hi, On 14 Oct 2013, at 08:47, Tony Rutkowski wrote: > So as many have opined, the IETF is a > technical standards body, not an evangelical organization for > socio-political views, and hopefully will continue to do what it does > well - produce usable protocols - and leave the implementation choices > to others based on their assessment of the risk. Yes, but in doing so, it should provide the ability for the individual users, whether companies or individuals, to mitigate their risks. If technical standards do not include a mandatory option (MTI) of privacy protection they are making a political techno-decsion against privacy. If the Internet cannot be used in a manner that enhances privacy, for those who value privacy, but only maximizes surveillance based security for those who value surveillance, then it looks to me like we are acting evangelically. We can only maintain the belief that our technology and protocols are neutral if they can be used by people of diverse socio-political views. So while I can see problems with MTU, I think genuine MTI (and perhaps some MTU) is needed for privacy enhancements at a level that matches the MTIs and MTUs for security. I technical neutrality requires it. avri _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
