Such entities would have motivation to circumvent security regardless of whether or not things are encrypted. That problem isn't technical-- it is political. In any case, the intent here is to negotiate for encryption, not security. -=R On Sun, Aug 25, 2013 at 1:52 PM, Poul-Henning Kamp <phk@phk.freebsd.dk>wrote: > In message <CAP+FsNenAQvhoMMNmWj_hjjV9rrZPQT92pNGXaM3Kdm0T_bu= > Q@mail.gmail.com>, Roberto Peon writes: > > >In any case, if you're doing the work of signing, why not just encrypt? > > Because signing wouldn't force Police-states intelligence services > to break, weaken or circumvent any and all encryption, in order to > comply with the mandate they were put under, by democratically > elected politicians ? > > If you make encryption mandatory in HTTP/2.0, more of your tax-money > will drain into NSA[1] ? > > Poul-Henning > > [1] The Guardian pegs the number at around 850.000 NSA employees > and contractors: > > http://www.theguardian.com/uk/2013/jun/21/gchq-cables-secret-world-communications-nsa > > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk@FreeBSD.ORG | TCP/IP since RFC 956 > FreeBSD committer | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence. >
Received on Sunday, 25 August 2013 21:01:56 UTC