W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Pervasive encryption: Pro and contra

From: Zhong Yu <zhong.j.yu@gmail.com>
Date: Sun, 17 Nov 2013 09:54:07 -0600
Message-ID: <CACuKZqF8mhHMTTd0-1ZHgeULTujLDt2SVT26EYMiODP+7tBouA@mail.gmail.com>
To: Robert Collins <robertc@squid-cache.org>
Cc: Tim Bray <tbray@textuality.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On Sun, Nov 17, 2013 at 2:45 AM, Robert Collins <robertc@squid-cache.org> wrote:
> C5.2 Itís unethical to insert encryption into peopleís connections
> without their consent.
> This has an inverse:
> P3 : It's unethical to have presumed-private conversations not be

Just like their phone lines, I don't think people presume that their
internet conversations are *technically* difficult to eavesdrop by
government or resourceful criminals. People presume the exact
opposite.

Is HTTP/2.0 going to promise people that their conversations are now
unbreakable? Who is in the position to make that promise? How in the
world do we even know that TLS isn't broken by someone who does not
publish their findings?

Zhong Yu

>
> Arguably to P1 (protection) : this is about expectations of users.
>
> -Rob
>
> On 17 November 2013 14:03, Tim Bray <tbray@textuality.com> wrote:
>> There has been a *whole lot* of traffic on this subject.  Itís fascinating
>> that the meeting of minds is so difficult, and any possibility of that
>> happening is made more difficult by the discussion skewing back and forth
>> across the road.
>>
>> To help sort things out in my own mind, I just went and read the last few
>> hundred messages and attempted to curate the pervasive/mandatory encryption
>> arguments, pro and contra.  Itís in a Google doc thatís open to comment by
>> anyone: http://goo.gl/6yhpC1  Hm, is there a handy wiki platform somewhere
>> that can stand up to the pressure?
>>
>> I donít know if trying to organize the talking points is generally useful,
>> but I sure found it personally useful; maybe others will too.
>>
>> Disclosure: I remain pretty strongly in favor of as much mandatory
>> encryption as we can get, so that may have filtered my expression of the
>> issues.  I've version-stamped this: 2013/11/16, and promise not to change it
>> in case people comment on it.
>
Received on Sunday, 17 November 2013 15:54:35 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC