Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

On 21 September 2013 06:02, SM wrote: > Hi Brian, > > At 21:54 19-09-2013, Brian E Carpenter wrote: >> >> I got my arm slightly twisted to produce the attached: a simple >> concatenation of some of the actionable suggestions made in the >> discussion of PRISM and Bruce Schneier's call for action.

Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

On Sun, Sep 22, 2013 at 6:59 PM, Paul Wouters wrote: > Note that decentralising makes you less anonymous. If everyone runs > their own jabber service with TLS and OTR, you are less anonymous than > today. So "decentralising" is not a solution on its own for meta-data > tracking. When I'm talking

Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

Jari, >It is important to understand the limitations of technology in this >discussion. We can improve communications security, and in some cases >reduce the amount information communicated. But we cannot help a >situation where you are communicating with a party that you cannot >entirely trust wi

Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

--On Sunday, 22 September, 2013 12:59 -0400 Paul Wouters wrote: >> Except that essentially all services other than email have >> gained popularity in centralized form, including IM. > > Note that decentralising makes you less anonymous. If everyone > runs > their own jabber service with TLS a

Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

On 9/22/13 11:35 AM, Scott Brim wrote: > I like what Christian said. Also, perhaps we should figure out how to > unbundle services and monetize what we can. > > On Sep 22, 2013 1:38 PM, "Christian Huitema" > wrote: > > >> Yes. $$$. Nobody makes much/any money of

RE: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

--On Sunday, 22 September, 2013 17:37 + Christian Huitema wrote: >... > It is very true that innovation can only be sustained with a > revenue stream. But we could argue that several services have > now become pretty much standardized, with very little > additional innovation going on. Thos

RE: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

I like what Christian said. Also, perhaps we should figure out how to unbundle services and monetize what we can. On Sep 22, 2013 1:38 PM, "Christian Huitema" wrote: > >> Yes. $$$. Nobody makes much/any money off email because it is > >> so de-centralized. People who build wonderful new applicati

RE: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

>> Yes. $$$. Nobody makes much/any money off email because it is >> so de-centralized. People who build wonderful new applications >> build them in a centralized way so that they can control them. >> And they want to control them so that they can monetize them. > > That is even true of the large em

Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

On Sat, 21 Sep 2013, Dave Crocker wrote: 2) Encourage distributed services over centralized services. For example, social networking services today are heavily centralized. +1 Except that essentially all services other than email have gained popularity in centralized form, including IM. No

Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

--On Sunday, 22 September, 2013 07:02 -0400 Noel Chiappa wrote: >... > Yes. $$$. Nobody makes much/any money off email because it is > so de-centralized. People who build wonderful new applications > build them in a centralized way so that they can control them. > And they want to control them

Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

> From: Dave Crocker > Except that essentially all services other than email have gained > popularity in centralized form, including IM. So there appear to be > some important and difficult operational and usability barriers, > standing in the way of more truly distributed app

Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

On 22/09/2013, at 1:08 PM, Masataka Ohta wrote: > Mark Nottingham wrote: > >>> Then, protocols not have any authoritative specification and >>> should never be standardized and there should be no central >>> authority to manage different versions of the protocols. >> >> From a PRISM viewpoint

Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

On 9/21/2013 9:40 PM, Christian Huitema wrote: 1) Encourage protocol designs that rely on peer-to-peer transmission, rather than intermediate relays, because relays are natural targets for interception services. Unless you are interacting on the same local net segment, when is Internet communic

RE: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

> I got my arm slightly twisted to produce the attached: a simple > concatenation of some of the actionable suggestions made in the > discussion of PRISM and Bruce Schneier's call for action. Brian, This is a useful summary, but I would like to see a few additions: 1) Encourage protocol designs

RE: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

-Original Message- From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of Brian E Carpenter Sent: Thursday, September 19, 2013 9:55 PM To: IETF discussion list Subject: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt] I got my arm slightly twisted to

Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

Mark Nottingham wrote: >> Then, protocols not have any authoritative specification and >> should never be standardized and there should be no central >> authority to manage different versions of the protocols. > > From a PRISM viewpoint, the cost of parsing different formats, > understanding diff

Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

On Sat, 21 Sep 2013, Stephen Farrell wrote: On 09/21/2013 02:42 PM, Roger Jørgensen wrote: On Fri, Sep 20, 2013 at 6:54 AM, Brian E Carpenter wrote: I got my arm slightly twisted to produce the attached: a simple concatenation of some of the actionable suggestions made in the discussion of PR

Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

On Sat, Sep 21, 2013 at 7:24 PM, Stephen Farrell wrote: > > > On 09/21/2013 02:42 PM, Roger Jørgensen wrote: >> There are one thing I don't see mention in your draft, the discussion >> that moved from ietf@ and over into lisp@ about encryption by default >> wherever it's possible. It's one concre

Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

On 09/21/2013 02:42 PM, Roger Jørgensen wrote: > On Fri, Sep 20, 2013 at 6:54 AM, Brian E Carpenter > wrote: >> I got my arm slightly twisted to produce the attached: a simple >> concatenation of some of the actionable suggestions made in the >> discussion of PRISM and Bruce Schneier's call for

Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

On Fri, Sep 20, 2013 at 6:54 AM, Brian E Carpenter wrote: > I got my arm slightly twisted to produce the attached: a simple > concatenation of some of the actionable suggestions made in the > discussion of PRISM and Bruce Schneier's call for action. There are one thing I don't see mention in your

Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

On 21/09/2013, at 11:33 AM, Masataka Ohta wrote: > Cost for monitoring should be large? > > Then, protocols not have any authoritative specification and > should never be standardized and there should be no central > authority to manage different versions of the protocols. From a PRISM viewpo

Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

Hi Brian, At 21:54 19-09-2013, Brian E Carpenter wrote: I got my arm slightly twisted to produce the attached: a simple concatenation of some of the actionable suggestions made in the discussion of PRISM and Bruce Schneier's call for action. Thanks for writing the draft. For the sake of disclo

Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

Mark Nottingham wrote: >> Not necessarily. >> >> The proper protection is to avoid cloud services and have our >> own end systems fully under control of ourselves. >> >> Toward the goal, IETF should shutdown all the cloud related >> WGs and never develop any protocol to promote cloud service. > >

Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

On 20/09/2013, at 9:16 PM, Masataka Ohta wrote: >> As such the only practical way for a typical user to protect themselves >> against PRISM is to switch to other providers based in jurisdictions that >> provide the appropriate protections, or agitate to change the applicable >> laws within thei

Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

Hannes Tschofenig wrote: >> We can discourage people communicating with a party that are >> under full control of USG, which is why using cloud services >> should be discouraged, which is a technical issue. > > An open standardization process means that everyone can participate, > including peopl

Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

Hi Masataka, On 20.09.2013 16:06, Masataka Ohta wrote: > (2013/09/20 21:15), Jari Arkko wrote: >> Josh, Stephen, >> >> It is important to understand the limitations of technology in this >> discussion. We can improve communications security, and in some >> cases reduce the amount information commu

Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

On Fri, Sep 20, 2013 at 8:15 AM, Jari Arkko wrote: > It is important to understand the limitations of technology in this > discussion. We can improve communications security, and in some cases reduce > the amount information communicated. But we cannot help a situation where you > are communica

Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

(2013/09/20 21:15), Jari Arkko wrote: > Josh, Stephen, > > It is important to understand the limitations of technology in this > discussion. We can improve communications security, and in some > cases reduce the amount information communicated. But we cannot > help a situation where you are commun

Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

Josh, Stephen, It is important to understand the limitations of technology in this discussion. We can improve communications security, and in some cases reduce the amount information communicated. But we cannot help a situation where you are communicating with a party that you cannot entirely t

Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

On 09/20/2013 10:59 AM, Josh Howlett wrote: > I confess that I am confused by much of this discussion. As I understand > it, PRISM is not a signals intelligence activity; it only addresses that > data at rest within those organisations who have partnered with the NSA. > As such, improving protoco

Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

Josh Howlett wrote: > I confess that I am confused by much of this discussion. Several people in IETF is under control of NSA, maybe. > As I understand > it, PRISM is not a signals intelligence activity; it only addresses that > data at rest within those organisations who have partnered with the

Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

I confess that I am confused by much of this discussion. As I understand it, PRISM is not a signals intelligence activity; it only addresses that data at rest within those organisations who have partnered with the NSA. As such, improving protocol security will achieve nothing against PRISM; it is a

Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

On 20 Sep 2013, at 05:54, Brian E Carpenter wrote: > I got my arm slightly twisted to produce the attached: Thanks for getting that done S

[Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

I got my arm slightly twisted to produce the attached: a simple concatenation of some of the actionable suggestions made in the discussion of PRISM and Bruce Schneier's call for action. Brian Original Message Subject: I-D Action: draft-carpenter-prismatic-reflections-00.txt D