W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: HTTP/2 and Pervasive Monitoring

From: Eliot Lear <lear@cisco.com>
Date: Fri, 15 Aug 2014 21:41:23 +0200
Message-ID: <53EE6263.2000802@cisco.com>
To: Roland Zink <roland@zinks.de>
CC: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>

On 8/15/14, 7:25 PM, Roland Zink wrote:
> Don't think that a valid cert really helps here although it may give a
> hint about who is responsible.

We don't have causality, but we do have data.  And so one man's
conjecture is as good as the next's.  Here's mine: the majority of
illicit servers are actually running on hacked systems and the data is
being served off a simple HTTP server, where no warning is produced.  It
costs money to get a cert for that system, which doesn't actually buy
the miscreant anything.

Eliot



Received on Friday, 15 August 2014 19:41:55 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:10 UTC