- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Tue, 31 Mar 2015 23:07:01 +0000
- To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- cc: Adrien de Croy <adrien@qbik.com>, Xiaoyin Liu <xiaoyin.l@outlook.com>, Dan Anderson <dan-anderson@cox.net>, "Walter H." <walter.h@mathemainzel.info>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
-------- In message <551B2120.7020907@cs.tcd.ie>, Stephen Farrell writes: >But studies like these are still (for me anyway) far more worth >paying attention to than yet more anecdotes and prognostications. I fully agree as long as their results are interpreted carefully and precisely. However this study only tells us that MitM is unlikely to be less than 0.41%, we have *no* information about any upper limit. But I find your continued belittlement of "anecdotes and prognostications" problematic even without this study. I know of no usable measurements of how often courts allow or mandate MitM as part of criminal investigations. Yet, we know that it happens: Occasionally we spot bogo-certs and here and there tidbits emerge from courthouses. If we (try to) make MitM impossible for law-enforcement, courts will approve use of more drastic and damaging means and measures, and legislators will neuter "impediments to law-enforcement" if necessary, no matter how ill advised that may be. Remember how much privacy we lost after 2001 ? Today we're probably just a single convenient crisis, real or manufactured, from key escrow becoming the law of the policestate. Blindly pushing the "HTTPS anywhere" agenda through to completion is at best a distraction and at worst it risks doing more damage our privacy in the long run. The only real solution is to make make privacy a protected human right. Poul-Henning -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Tuesday, 31 March 2015 23:07:26 UTC