DOTY, Nick, 2015. Reviewing for Privacy in Internet and Web Standard-Setting. In : 2015 IEEE Security and Privacy Workshops (SPW) [en ligne]. mai 2015. pp. 185‑192. Disponible à l’adresse : http://dx.doi.org/10.1109/SPW.2015.18
├── I. Introduction ├── II. Method │ ├── A. Data Sources │ └── B. Scope ├── III. History of Privacy and Security Reviews │ ├── A. IETF │ └── B. W3C ├── IV. Reactions to Snowden ├── V. Trends │ ├── A. Systematization │ ├── B. Integrating Privacy and Security │ └── C. Leadership └── VI. Future Work
All RFCs are required to have a Security considerations section. Historically, such sections have been relatively weak (RFC 3552)
Now everyone [thinks about security]. Not everyone does, but as soon as you don't, you get called out. (entretiens semi-structurés)
Prismaux serveurs des grandes compagnies technologiques
we had a good thing
you messed it up
we trusted you
we were naive
Pervasive surveillance is an attack, and the IETF needs to adjust our thread model to consider it when developing standards track specification.
We reject kings, presidents and voting. We believe in rough consensus and running code.