W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: The TLS hammer and resource integrity

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Wed, 28 Mar 2012 13:14:48 +0000
To: patrick mcmanus <pmcmanus@mozilla.com>
cc: ietf-http-wg@w3.org
Message-ID: <28901.1332940488@critter.freebsd.dk>
In message <4F72FD22.3020106@mozilla.com>, patrick mcmanus writes:

>I disagree pretty strongly that confidentiality is not a core desirable 
>property for the web.

As is kittens, pink ponies and world peace.

However, in real life all things come at a price, and the price
of confidentiality is too high for certain classes of websites.

>The notion that consumers of adult content don't care that their 
>activities are broadcasts in detail to their friends and family is 
>bizarre to me.

I'm sure pornsites are willing to offer enhanced service for a
price, if there is a market, in fact I will absolutely guarantee
you that they will be the first to make money out of "nobody can
see you surf porn" if there is a market.

And just to be sure we're not talking past each other here:

There are two costs of TLS:  CPU cycles and latency.

Many sites will object to both of these, but most seem to focus
on the CPU cycles.

Latency is much more damaging, not so much for big sites like
Google, Yahoo and FaceBook which have data centers through out
the world, but for sites with just one webserver somewhere on
the world, the difference between 1*RTT and 4*RTT is a lot of
latency to throw at the user.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Wednesday, 28 March 2012 13:15:21 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:01 UTC