W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Pervasive encryption: Pro and contra

From: Roberto Peon <grmocg@gmail.com>
Date: Sun, 17 Nov 2013 14:20:21 -0800
Message-ID: <CAP+FsNcCSi1FrK38homv=fEh8tvc0WWGyS=tVyOO3uprBFQ9FA@mail.gmail.com>
To: Mike Belshe <mike@belshe.com>
Cc: Poul-Henning Kamp <phk@phk.freebsd.dk>, Bjoern Hoehrmann <derhoermi@gmx.net>, Tim Bray <tbray@textuality.com>, httpbis mailing list <ietf-http-wg@w3.org>
Tim-
I read the doc, and though I disagree with most of the items, I also want
to thank you for putting it together so we have something concrete to
debate with/around.

There are a number of things within the document that I disagree with, the
first being the name.
We could entitle it "awesome incremental privacy" and it would still mean
the same thing, with completely different coloring.
There are a number of other colorings in the document that vary widely from
the "color" of objective statements.

Another doc that we should probably talk about, since we apparently can't
avoid it is:
http://tools.ietf.org/html/draft-vidya-httpbis-explicit-proxy-ps-00 and
so we might also want to read that one (bleh.. more reading, I know... I
know...)
The document there talks extensively about the intermediaries, the problems
they solve and face, and the problems that end-users and sites face.

While making hypothesis about the 3rd order effects of encryption on
politics is interesting, but... I don't care for it:
  We could argue endlessly about it and never reach a conclusion, and we'll
only be able to get data about it after we take a course of action... so
that is not helpful.
Discussing politics seems like a poor foundation for an engineering
discussion.

In terms of engineering, we know that:
  today is that there is pervasive monitoring, and that some of this
monitoring includes entities with malicious intent (i.e. criminals).
  users do care about privacy: they want to choose what is public and what
is not; They don't want their lives damaged or destroyed when they have
been doing only legal activities online
  sites do care about privacy: they want to retain the trust of their users
  we have the technical capability to help solve this problem with either
opt-in or opt-out decisions made by either the server or client.
  various jurisdictions have varying tolerance for encryption, and both
opt-in or opt-out mechanisms allow this to be accommodated
  users don't have the technical depth to understand what is necessary to
achieve privacy, let alone security.
  education and communication about technical issues is extremely difficult
and takes significant time, if possible at all
  we cannot effectively impose changes on already deployed infrastructure
or content

-=R




On Sun, Nov 17, 2013 at 12:58 PM, Mike Belshe <mike@belshe.com> wrote:

>
>
>
> On Sun, Nov 17, 2013 at 12:13 PM, Poul-Henning Kamp <phk@phk.freebsd.dk>wrote:
>
>> In message <5c8i891ufcgcljeblec314pm868deph6h6@hive.bjoern.hoehrmann.de>,
>> Bjoer
>> n Hoehrmann writes:
>>
>> >I understood the comment as saying that the point does not belong on
>> >a "pro and contra" list, which seems fair enough in this instance.
>>
>> Why is having your protocol banned in USA or China not a "con" ?
>>
>
> TLS has not been banned in either China nor the USA.  You claim there is a
> "risk" of that, but that's just an opinion, and not one we'll ever likely
> agree on.
>
> So, for this list, I was recommending we stick to objective criteria.
>
> Mike
>
>
>
>>
>> --
>> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
>> phk@FreeBSD.ORG         | TCP/IP since RFC 956
>> FreeBSD committer       | BSD since 4.3-tahoe
>> Never attribute to malice what can adequately be explained by
>> incompetence.
>>
>
>
Received on Sunday, 17 November 2013 22:20:53 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC