W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Moving forward on improving HTTP's security

From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
Date: Thu, 14 Nov 2013 11:48:21 +0100
Message-ID: <3a67168d32a26c9f970114fdbcfd6508.squirrel@arekh.dyndns.org>
To: "Willy Tarreau" <w@1wt.eu>
Cc: "Mike Belshe" <mike@belshe.com>, "William Chan (?????????)" <willchan@chromium.org>, "Tao Effect" <contact@taoeffect.com>, "Tim Bray" <tbray@textuality.com>, "James M Snell" <jasnell@gmail.com>, "Mark Nottingham" <mnot@mnot.net>, "HTTP Working Group" <ietf-http-wg@w3.org>

Le Mer 13 novembre 2013 22:54, Willy Tarreau a écrit :
>  When certs are
> needed to connect to my printer, I doubt I'll have to order a new
> cert every year to connect to it once every 3 years at most to change
> its IP address.

Printers are a big equipment. People are already connecting lightbulbs for
christsakes (did not one here hear about the Internet of things stuff? I
can tell you it is happening, I see the first parts in my proxy traffic).
There is no way in hell the current PKI/CA system can scale to this number
of devices no one really wants to secure anyway without making
certificates effectively meaningless (and my bank would disagree with
this)

And make a protocol revision supposed to be future-proof for at least a
decade depend on this system when it is already broken ? Madness

TLS is not advocated for security or freedom values it is advocated by big
websites operators like Google who resent anyone interfering with the
control they have of their visitors now. It's giving big brother a bigger
stick because who the hell can even pretend Google-enduser relationship is
remotely balanced. (replace Google with any of the other Internet giants,
none of those is free from the temptation to abuse a direct
in-controllable link to end-users, and Snowden showed).

This is quite transparent in the latest exchanges "small fishes will
continue to use http/1, we want tls+http/2 for out giant monitoring
platforms, and btw revisiting cookies? Forget about it"

-- 
Nicolas Mailhot
Received on Thursday, 14 November 2013 10:48:57 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC