W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: Privacy and its costs (was: Re: Mandatory encryption)

From: Tim Bray <tbray@textuality.com>
Date: Thu, 19 Jul 2012 09:05:45 -0700
Message-ID: <CAHBU6is6rrBTvC8wENEtAKc7tuuquA6eBzo0OnQNaRmkRcXQ4g@mail.gmail.com>
To: Nicolas Mailhot <nicolas.mailhot@laposte.net>
Cc: Henry Story <henry.story@bblfish.net>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>, "Martin J. Dürst" <duerst@it.aoyama.ac.jp>
No, privacy is important. There are things on my blog that people in
certain situations could get in trouble just for reading.  I should
offer privacy, and it’s a failure on my part that I don’t.  -T

On Thu, Jul 19, 2012 at 8:49 AM, Nicolas Mailhot
<nicolas.mailhot@laposte.net> wrote:
>
>> I think in the case of Ongoing privacy is not in fact important. But
>> security is!
>
> I think that in many cases, what matters is not 'have I got a direct
> opaque un-spoofable link to the web site' (that TLS gives you) but 'is the
> content I receive the same a trusted entity published' (non-tampering)
>
> You have this problem with intermediaries but also without intermediaries
>
> For example, all the mirroring sites that perform a service for free of
> live by slapping ads around convenient ways to download content produced
> by others.
>
> What matters when someone goes to downloads.com, is not that he is talking
> to downloads.com itself, but that the binary payload downloaded was
> actually released by the editor downloads.com labels it with.
>
> If HTTP/2 includes a command that basically means 'give me the signed
> digest associated with URL X or Y':
> 1. user agents can check if intermediaries didn't mess with the relayed
> content
> 2. user agents can check if the content they received over a supposedly
> secure link was not tampered before transmission, if the web site is not
> the original producer of the content (mirrors just have to mirror the
> original signature in addition to the content itself). Secure link ≠
> secure content
>
> This is something TLS itself will never give you, the TLS trust model does
> not work at all in any relaying situation (either direct relay with
> proxies and other intermediaries, or deferred rely in the mirror case)
>
> So you solve two problems in one go and the protocol changes are useful
> even in proxy-less environments
>
> Or am I missing something?
>
> --
> Nicolas Mailhot
>
Received on Thursday, 19 July 2012 16:06:16 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 19 July 2012 16:06:23 GMT