Yes we should get ready for an alien invasion and for when they take over the root zone. BTW I'd be more worried about the massive data collection of corporations without ANY oversight and much less security and privacy for your data, this is a MUCH bigger problem than the NSA surveillance. Also critical is for example the harassment and persecution of people with a dissent opinion in places like China. DNSSEC does no provide any other solution besides a certification that you are getting an authoritative and legit response to your queries. There has been in the past many proposals and developments for strong encryption and more robustness and support for security, but the industry and providers didn't consider the extra load and investment necessary, and the problem here is not the NSA sniffing traffic. There is no absolute security on any system, you can implement the strongest encryption and security methods and exploits will always look for the weakest link, that in many cases has been proven to be the human factor. As I said before, it only takes a badly paid technician or a corrupt government official, and you can add a disgruntled employe with a dissenting opinion, which Snowden is a vivid case, to break the highest levels of security we can imagine. -Jorge > On Nov 8, 2013, at 7:19 AM, David Cake <[log in to unmask]> wrote: > > >> On 8 Nov 2013, at 5:18 pm, Andrei Barburas <[log in to unmask]> wrote: >> None of you can tell me that they are surprised and/or outraged by the fact that governments spy on their own people. That's what SECRET services do; that's why they were founded and that's their mission. > > Scale matters. There is a very big difference between spying on some people, and spying on all of them. While I believe in privacy, I accept that governments will, on occasion, present what seems, at least from the govt point of view, a compelling reason to invade that privacy - which is a roundabout way of saying that I can live with warrants, and authorised covert surveillance of certain targets. > I find the argument that 'we all knew governments spied, so the Snowden revelations don't matter' bemusing. It seems to me to be similar to saying 'we know criminal gangs exist, so we shouldn't be surprised to find them running the state, without interference from police or government'. Scale and pervasiveness matter. > > And the scale changes the problem we need to solve in the Internet governance world. If some people are surveilled, it would be enough to have provided the tools for them to counter-surveillance. If virtually everyone is surveilled illegally all the time, then we need to ensure that counter-surveillance is provided to everyone, all the time. > It is certainly true that this may not obviously be an issue of prime concern to ICANN (and thus by extension, NCSG). But the threat of surveillance should be something we now consider as part of practically every technical decision we make. DNSSEC may prove to be an important trust anchor for cryptography, avoiding problems related to CAs. We need to ensure that many of our standard, routine, protocols have crypto baked in (now that we have seen that the surveillance state agencies will intercept both bulk data transfer (as often takes place between eg registries and escrow), and highly privileged information). There may not be a single huge issue that arises from the Snowden leaks - but it should change the way we think about illegal surveillance, and how it figures into our decision making throughout. > > Regards > > David