It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
"Not having encryption on the web today is a matter of life and death," is how one member of the Internet Engineering Task Force - IETF (the so-called architects of the web) described the current situation. As the FT reports, the IETF have started to fight back against US and UK snooping programs by drawing up an ambitious plan to defend traffic over the world wide web against mass surveillance.
The proposal is a system in which all communication between websites and browsers would be shielded by encryption. While the plan is at an early stage, it has the potential to transform a large part of the internet and make it more difficult for governments, companies and criminals to eavesdrop on people as they browse the web.
Anyone know who the members of the Internet Engineering Task FoForce (aka IETF) are?
Large open international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture
Mission Statement
The mission of the IETF is to make the Internet work better by producing high quality, relevant technical documents that influence the way people design, use, and manage the Internet.
The IETF will pursue this mission in adherence to the following cardinal principles:
Open process - any interested person can participate in the work, know what is being decided, and make his or her voice heard on the issue. Part of this principle is our commitment to making our documents, our WG mailing lists, our attendance lists, and our meeting minutes publicly available on the Internet.
Technical competence - the issues on which the IETF produces its documents are issues where the IETF has the competence needed to speak to them, and that the IETF is willing to listen to technically competent input from any source. Technical competence also means that we expect IETF output to be designed to sound
network engineering principles - this is also often referred to as"engineering quality".
Volunteer Core - our participants and our leadership are people who come to the IETF because they want to do work that furthers the IETF's mission of "making the Internet work better".
Rough consensus and running code - We make standards based on the combined engineering judgement of our participants and our real-world experience in implementing and deploying our specifications.
Protocol ownership - when the IETF takes ownership of a protocol or function, it accepts the responsibility for all aspects of the protocol, even though some aspects may rarely or never be seen on the Internet. Conversely, when the IETF is not responsible for a protocol or function, it does not attempt to exert control over it, even though it may at times touch or affect the Internet.
Originally posted by SunnyDee
Well I think Lavabit owner already had protocols like this in place, but was apparently being forced to comply with the NSA and give up those safeguards for his customers or be shut down, so he just closed it himself instead.
- Op source
at its conference in Berlin this month, IETF members reached “nearly unanimous consensus” on the need to build encryption into the heart of the web,
Originally posted by Bassago
reply to post by mideast
Not really. If an underlying protocol layer could be implemented using 256 bit AES encryption and a large random generated key it would take a huge amount of brute force to decrypt. It would also take years even with a super computer. This tech is already publicly available. We just need to incorporate it and make it user friendly.
Originally posted by Krakatoa
Regardless of the data layer encryption instituted, the data packets still have to be addressed (from and to), right? So that meta data would still be collectable by the alphabet gangs, and would be quite useful to discern who to talking to whom, when, how often, and for how long. That is still very valuable intel to gather and mine, encryption or no...
Originally posted by Bassago
reply to post by mideast
Not really. If an underlying protocol layer could be implemented using 256 bit AES encryption and a large random generated key it would take a huge amount of brute force to decrypt. It would also take years even with a super computer. This tech is already publicly available. We just need to incorporate it and make it user friendly.
Originally posted by stormcell
Originally posted by Bassago
reply to post by mideast
Not really. If an underlying protocol layer could be implemented using 256 bit AES encryption and a large random generated key it would take a huge amount of brute force to decrypt. It would also take years even with a super computer. This tech is already publicly available. We just need to incorporate it and make it user friendly.
It would have to operate at the hardware level at the "physical level" of the TCP/IP stack. NSA could still have out-of-band communication with the network board via the internet. Basically they could have secret data packets that is only read by the hardware and not sent up to the operating-system - the postal equivalent would be those bar codes that couriers like Fed-Ex use.
Here's an example - certain servers that are switched off can be activated where a "magic packet" can be sent to the MAC address of that PC despite it being switched off. That means the network chip is always active and listening to the network despite the PC being switched off... what else on the PC is still active?
www.cyberciti.biz...