On Wed, Jul 12, 2017 at 10:22 AM, Ted Lemon <mel...@fugue.com> wrote:
> On Jul 12, 2017, at 10:18 AM, Kyle Rose <kr...@krose.org> wrote: > > We need to dispel the myth that mere inaction on our part will on its own > prevent implementation of these mechanisms, if for no other reason but to > redirect energy to the political arena where the pervasive monitoring > battles *are* actually fought. > > > Inaction on our part will prevent the code from going into the common > distributions. That's not worthless. > Which will have zero impact on pervasive surveillance until some government decides they want to use this mechanism or something like it and mandates that it be implemented universally within their borders. Then it will appear in short order, even if the government has to hire their own code monkeys to do it, at which point it will continue to have zero impact on pervasive surveillance. Again, I'm not recommending any TLS distribution implement this, only that we stop fooling ourselves into believing that refusing to standardize a mechanism like this will prevent one from being implemented when someone decides they want it. This is fundamentally different from the question of standardizing potentially privacy-violating protocol extensions that need to survive end-to-end on the internet to be useful to the third party: this entire functionality can be implemented at a single endpoint without anyone else's permission or custom interop. Kyle
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
