Bruce Perens [2013-12-04 19:05]: > On 12/04/2013 03:47 PM, Jacob Appelbaum wrote: >> So basically, you were just blowing smoke? > No. The organization is charged to protect us.
1. Speak for yourself. The NSA is not charged with protecting non-Americans, i.e., the bulk of the population of the world, I may add, of the bulk of the users of the Internet standards that the IETF works on. The clue is in the word "National". India's National Technical Research Organization is not charged with protecting Chinese or Americans either. 2. Try telling that to the folks at Petrobras and all the diplomats at the UN HQ, the Indian Embassy in DC, the EC/CoE/European Council, G20 leaders, and those people whose porn habits were recorded for blackmail purposes. This is not a debate about whether surveillance is good or not. (Targetted surveillance which is allowed by a law, has a legitimate aim in a democratic society, is not arbitrary, is necessary to achieve those aims, is proportionate, authorized by a judicial process, etc., would be legitimate.) This is a debate about whether it is technically (and politically) desirable for protocols to prevent mass surveillance. > Throwing deliberate hurdles in their way is like spreading nails in the path > of > a police car. Cops have more than enough abuses, but most people accept that > they do good stuff too, and nobody sensible suggests getting rid of them. That analogy is woefully inadequate. Spreading nails in the path of a police car is a targetted attack on the police car. Increasing encryption to improve confidentiality of communications is not a targetted attack against anyone. This, on the other hand, is like ensuring that you write *all* your communications in coded language instead of just some of your communication. Will it frustrate targetted surveillance that complies with the standard set in the International Covenant on Civil and Political Rights of being "non-arbitrary" and "lawful"? Probably not, since there are other ways of getting to such targets by gaining access through their service providers or by gaining access to their person or to their communication devices. Will it frustrate mass surveillance / dragnet surveillance? Yes. The choice is clear to me. >> Good luck with a Man-On-The-Side attack on .se. domains that are properly >> configured. > OK. But I'm horrified that .se is the best demo you can cite. >> What political solution do you envision exactly? > Given the choice, I would roll increases in executive authority related to > the > pursuit of war or espionage back to what we had before the PATRIOT act. This > is > something we can state in one sentence and that makes sense. IMO it is a > workable campaign and one you should join. I can't join it; I'm not a US citizen. Nor do I want to make the lack of security of the protocols that I use hostage to the some 'workable campaign' run by well-meaning Americans. I will whole-heartedly support you in your campaign to reform the law and policies in the USA. I don't see why you see technical and political solutions as being mutually exclusive. There is no reason why the 'default' insecurity of HTTP cannot be handled at the technical level. Do I believe all HTTP2 traffic MUST be encrypted? Perhaps, and perhaps not. But most certainly, the 'default' for HTTP2 traffic should be encryption. You can opt out of the Concealment Society if you want to. But please don't force me to stay within the Surveillance Society. -- Pranesh Prakash Policy Director Centre for Internet and Society T: +91 80 40926283 | W: http://cis-india.org PGP ID: 0x1D5C5F07 | Twitter: @pranesh_prakash -------------------- Access to Knowledge Fellow Information Society Project, Yale Law School T: +1 520 314 7147 | W: http://yaleisp.org
signature.asc
Description: OpenPGP digital signature
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
