W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Fwd: New Version Notification for draft-nottingham-http2-encryption-02.txt

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Thu, 12 Dec 2013 20:39:08 +0000
To: "Adrien de Croy" <adrien@qbik.com>
cc: (wrong string) ™ˆ™˜Œ) <willchan@chromium.org>, "Patrick McManus" <mcmanus@ducksong.com>, "Martin Thomson" <martin.thomson@gmail.com>, "Mark Nottingham" <mnot@mnot.net>, "HTTP Working Group" <ietf-http-wg@w3.org>
Message-ID: <25421.1386880748@critter.freebsd.dk>
In message <emac540e4f-ad51-4150-8748-5daacd186421@bodybag>, "Adrien de Croy" w
rites:

>e.g. that we think the level of https adoption is a problem to be solved.
>
>personally I do not.

Me neither:  We should deliver tools, not policies.

In particular, I think it is utterly hypocritical to attempt to
mandate HTTPS adoption as long as the authentication framework is
known to be comprehensively trojaned.


I'm also not too warm on the opportunistic encryption idea:

On the plus side:  It frustrates the casual tcpdump() abuse and
defeats high performance pritive keyword based filtering.

On the minus side:  It is just bit-scrambling and it doesn't take
that much to defeat it.

There is no doubt that deploying a good opportunistic scrambling, lets
call it that, since that's all it is, will make people in NSA and GCHQ
curse us.

If that's the goal, we should design the scrambling to be maximally
resource hungry, in order to defeat 10GE snooping cards with limited
RAM resources.

But for that to work, deployment must be swift and comprehensive
(ie: HTTP/1 not /2) and it will only buy the world a minimum of
privacy for some months.

If we think we can engage the political process during such a pause
and put the brakes on the Global War On Privacy, then it may be
well worth it.

But as long as people think more crypto is a sufficient answer,
they are merely deluding themselves, and we should not crap up
the protocol standards with futile attempts.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Thursday, 12 December 2013 20:39:40 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:20 UTC