DOTY, Nick, 2015. Reviewing for Privacy in Internet and Web Standard-Setting. In : 2015 IEEE Security and Privacy Workshops (SPW) [en ligne]. mai 2015. pp. 185‑192. Disponible à l’adresse : http://dx.doi.org/10.1109/SPW.2015.18
├── I. Introduction
├── II. Method
│ ├── A. Data Sources
│ └── B. Scope
├── III. History of Privacy and Security Reviews
│ ├── A. IETF
│ └── B. W3C
├── IV. Reactions to Snowden
├── V. Trends
│ ├── A. Systematization
│ ├── B. Integrating Privacy and Security
│ └── C. Leadership
└── VI. Future Work
All RFCs are required to have a Security considerations section. Historically, such sections have been relatively weak (RFC 3552)
Now everyone [thinks about security]. Not everyone does, but as soon as you don't, you get called out. (entretiens semi-structurés)
geopriv
Working GroupPrism
aux serveurs des grandes compagnies technologiquesXKeyscore
et Bullrun
(chiffrement)we had a good thing
you messed it up
for everyone
we trusted you
we were naive
never again
Pervasive surveillance is an attack, and the IETF needs to adjust our thread model to consider it when developing standards track specification.
XKeyscore
perpass
perpass
muscular
We reject kings, presidents and voting. We believe in rough consensus and running code.