W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: HTTP/2 and Pervasive Monitoring

From: Roland Zink <roland@zinks.de>
Date: Sat, 16 Aug 2014 09:01:58 +0200
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <7E015395-13C4-413B-9E73-F3AE113BC75E@zinks.de>
To: Eliot Lear <lear@cisco.com>


> Am 15.08.2014 um 21:41 schrieb Eliot Lear <lear@cisco.com>:
> 
> 
>> On 8/15/14, 7:25 PM, Roland Zink wrote:
>> Don't think that a valid cert really helps here although it may give a
>> hint about who is responsible.
> 
> We don't have causality, but we do have data.  And so one man's
> conjecture is as good as the next's.  Here's mine: the majority of
> illicit servers are actually running on hacked systems and the data is
> being served off a simple HTTP server, where no warning is produced.  It
> costs money to get a cert for that system, which doesn't actually buy
> the miscreant anything.
> 
> Eliot
> 
If the hacked system is a web server then the assumption it will have a valid cert in the future and there will be no need to add one. If the system is at home then my proposal was to stop this in the home users network through inspection of the traffic regardless if a valid cert is installed or not.

Roland
Received on Saturday, 16 August 2014 07:02:24 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:10 UTC