W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: How HTTP 2.0 mandatory security will actually reduce my personal security

From: Roberto Peon <grmocg@gmail.com>
Date: Thu, 14 Nov 2013 22:57:51 -0800
Message-ID: <CAP+FsNc5BQBzgZ+GB+jFo8FnNGVjyUOSA21GWyjVE+kMKXjLqw@mail.gmail.com>
To: Nicolas Mailhot <nicolas.mailhot@laposte.net>
Cc: Bruce Perens <bruce@perens.com>, HTTP Working Group <ietf-http-wg@w3.org>
What is your threat model?

-=R


On Thu, Nov 14, 2013 at 10:26 PM, Nicolas Mailhot <
nicolas.mailhot@laposte.net> wrote:

>
> Le Ven 15 novembre 2013 06:38, Roberto Peon a écrit :
>
> > Sure, there is most definitely a tradeoff between ensuring privacy across
> > the open net and being able to look into all streams.
> > What I don't see, however, is how you will ever have enough time to
> > understand all of the interactions which are ongoing on your network--
> > steganography is just too easy, even for plaintext.
>
> You assume all attacks are the work or elite hackers here to get you.
>
> The mundane truth is most attacks are the result of developer shortcuts
> put there for convenience without thinking about the side-effects or user
> privacy. They are usually not hidden in any way, all you have to do is
> look (assuming the protocol does no cloak them by default).
>
> --
> Nicolas Mailhot
>
>
Received on Friday, 15 November 2013 06:58:18 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC