IETF Floats Draft PRISM-Proof Security Considerations 75
hypnosec writes "PRISM-Proof Security Considerations, a draft proposal to make it harder for governments to implement and carry out surveillance activities like PRISM, has been floated by the Internet Engineering Task Force (IETF). The draft highlights security concerns as a result of government sponsored PRISM-like projects and the security controls that may be put into place to mitigate the risks of interception capabilities. Authored by Phillip Hallam-Baker of the Comodo Group the draft is however very sparse on details on how the Internet can be PRISM-proofed."
Re:IETF is better than NIST, how? (Score:5, Insightful)
I can't imagine what difference it would make.
Well not being owned by the US Government might be a good start, don't you think?
There is some (debated) evidence that NIST was compromised by directions from above, by external control of its budget, etc.
Lets face it, security and privacy were not designed into the protocols we use on the internet today, they were bolted on afterward, and the government played a big (and self serving) part of that effort. Any amount of data hardening would be welcome at this point. There will still be metadata that can be collected but content should be able to be kept private by default.
I would rather have a community of enraged engineers driving the design and management than a bunch of federal paper pushers with a police mentality.