On 03/24/2014 12:36 PM, Keith Moore wrote: > So, what's the incentive for either clients or servers to support OE if > clients just silently accept it without any indication to the user? > Just for the good of mankind?
I'd say "to increase the cost of pervasive monitoring" and "to resist
surveillance by passive attackers"
> I think we should be realistic about the likelihood of clients
> implementing OE and services using it. And while I'm sure that
> sometimes implementors and operators will do things "for the good of
> mankind", I suspect there's a limit to how much effort and expense
> they'll go to for this reason. This doesn't mean "don't even bother
> recommending OE", but it seems like something we should keep in mind.
I think we want as much of this to happen automatically in software
without users or server administrators needing to fiddle with any
settings or noticing any changes. If client software or server software
gets upgraded (in the usual course-of-doing-business as you suggest)
then these features should Just Work™ and it should take deliberate and
non-default action by server administrator or end user to *disable* them.
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
