> Since you alluded to "some MTU" above, the obvious question is what are > examples of > MTU mechanisms that you support?
I don't know. But just as I beleive we sometimes decide some things are so critical to security that they must be used, I would like to see us leave open the discussion of whether there may, on occasion, be things that require this. They may, for example, be protocol options in servers that unless used, prevent users from optionally using a privacy feature. But I am not far enough down into the weeds on this issue to have an example at the moment. I admit that in many occasions MTU is probably more of a policy decision than a technical one, but not always. avri On 14 Oct 2013, at 10:43, Stephen Kent wrote: > Avri, >> ... >> >> Yes, but in doing so, it should provide the ability for the individual >> users, whether companies or individuals, to mitigate their risks. If >> technical standards do not include a mandatory option (MTI) of privacy >> protection they are making a political techno-decsion against privacy. If >> the Internet cannot be used in a manner that enhances privacy, for those who >> value privacy, but only maximizes surveillance based security for those who >> value surveillance, then it looks to me like we are acting evangelically. >> >> We can only maintain the belief that our technology and protocols are >> neutral if they can be used by people of diverse socio-political views. >> >> So while I can see problems with MTU, I think genuine MTI (and perhaps some >> MTU) is needed for privacy enhancements at a level that matches the MTIs and >> MTUs for security. I technical neutrality requires it. > To first order, we're in agreement, i.e., MTI provides a reasonable basis for > deploying privacy > measures when users and service providers choose to make use of them. If we > fail to provide > MTI options, we deprive users and providers of the ability to engage in > interoperable > security/privacy measures. > > The question Stephen raised is whether that's enough. For me, the answer is > yes, and going > beyond MTI to MTU is pursuing an "evangelical" path that we ought to avoid. > > Since you alluded to "some MTU" above, the obvious question is what are > examples of > MTU mechanisms that you support? > > Steve > _______________________________________________ > perpass mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/perpass >
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
