Re: A proposal from Poul-Henning Kamp on 2013-11-19 (ietf-http-wg@w3.org from October to December 2013)

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Tue, 19 Nov 2013 10:04:12 +0000
To: "Roy T. Fielding" <fielding@gbiv.com>
cc: Mike Belshe <mike@belshe.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <37865.1384855452@critter.freebsd.dk>

In message <EE489C28-901B-44C7-AED0-AA1A76164BFD@gbiv.com>, "Roy T. Fielding" w
rites:

>In Vancouver, there was a discussion of opportunistic encryption
>without server authentication, described as a means of "improving
>privacy".

I hate to go into lecture mode, but there are clearly people in
this discussion who are not aligned on their use of the word
"privacy".

"Privacy" comes in two major categories:


"Second person privacy" is what your communication leaks to the
intentional partner in the communication, and it is very much
related to the concept of anonymity, but not identical with it.

Second person privacy comes in active and passive forms.

Passive form is what information the second part receives
without doing anything extra:  Your IP number, Your User-Agent
string, Referrer, GPS coordinates or whatever your browser blabbers.

Active form is what they can glean by trying:  Cookies, nefarious
use of If-* conditionals, query-strings, cross site "like this"
buttons and so on.

Second person privacy takes a lot of effort.

Ultimately TOR-like NSAP obfuscation is a necessary but not sufficient
requirement, but the browser-vendors could certainly do more than
they do today, but that would seem to hurt business models they
care about.


"Third person privacy" is about what information a non-party to a
communication can glean from watching the traffic.

This is your mail-man reading your X-mas postcards, this is your
telco trying to sell your demographics and this is the secret service
wanting to know if you plan "terror".

Opportunistic encryption or in fact *any* encryption, even rot13,
improves your third party privacy.

Rot13 is a quite good defense against simplictic keyword scanning,
but for more determined 3rd parties, you obviously want better
encryption and to be sure that only you and the other intended
party of the communication knows the encryption key.


Please notice that authentication is 100% orthogonal to privacy:

I dont care who the stranger I ask for directions is, but I certainly
do not want him to know who asked for directions to Alcoholics
Anonymous.


Please everybody:  Qualify the word "privacy", so we know what
you're actually talking about.

Thanks,

Poul-Henning

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Tuesday, 19 November 2013 10:04:37 UTC