- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Fri, 15 Nov 2013 22:27:16 +0000
- To: Bruce Perens <bruce@perens.com>
- cc: ietf-http-wg@w3.org
In message <52869326.6060607@perens.com>, Bruce Perens writes: >>>Now that we are going to be going for preventing pervasive surveillance, >>I hate to be the one to bring this up, but that is not in any way >>shape or form inside the WG charter >This is no surprise. > >I am approaching the conclusion that it's impossible, anyway. Given >that a government subverts even one CA with a certificate >that is honored by the browser, a man-in-the-middle attack that >would fool the naive user becomes trivial. I reached that conclusion some time ago, and tried to explain it for my ACM audience: http://queue.acm.org/detail.cfm?id=2508864 The Surveillance State is a political issue that must be solved by political means. As long as NSA, GCHQ and other similar have a mandate, funds and political support for what they are doing, adding more encryption simply only means that more encryption will be broken. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Friday, 15 November 2013 22:27:39 UTC