W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: MLS or TLS? There is more than one encryption option.

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Fri, 15 Nov 2013 22:27:16 +0000
To: Bruce Perens <bruce@perens.com>
cc: ietf-http-wg@w3.org
Message-ID: <50589.1384554436@critter.freebsd.dk>
In message <52869326.6060607@perens.com>, Bruce Perens writes:

>>>Now that we are going to be going for preventing pervasive surveillance,

>>I hate to be the one to bring this up, but that is not in any way
>>shape or form inside the WG charter

>This is no surprise.
>
>I am approaching the conclusion that it's impossible, anyway. Given
>that a government subverts even one CA with a certificate
>that is honored by the browser, a man-in-the-middle attack that
>would fool the naive user becomes trivial.

I reached that conclusion some time ago, and tried to explain it
for my ACM audience:

  http://queue.acm.org/detail.cfm?id=2508864

The Surveillance State is a political issue that must be solved by
political means.  As long as NSA, GCHQ and other similar have a
mandate, funds and political support for what they are doing, adding
more encryption simply only means that more encryption will be broken.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Friday, 15 November 2013 22:27:39 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC