W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: SSL/TLS everywhere fail

From: Mike Belshe <mike@belshe.com>
Date: Thu, 3 Dec 2015 08:44:22 -0800
Message-ID: <CABaLYCtBcSBO_cS_4cmhe1aLh-sN6JxeheJ1RE6HMyQ97sLV3w@mail.gmail.com>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Amos Jeffries <squid3@treenet.co.nz>, httpbis mailing list <ietf-http-wg@w3.org>
Absolutely to be expected, but nothing to do with http2.  This was already
happening long before http2 or spdy...

These types of event are GREAT for everyone - we're getting visibility into
just how invasive our governments want to be.  If we didn't push forward,
the world would be living in ignorant bliss.

Go go go http2 and mandatory SSL everywhere.  Next step - eliminate MITM.
We haven't done that well yet, but its coming.

Mike


On Thu, Dec 3, 2015 at 5:15 AM, Poul-Henning Kamp <phk@phk.freebsd.dk>
wrote:

> --------
> In message <56602858.2000005@treenet.co.nz>, Amos Jeffries writes:
> >On 3/12/2015 12:42 p.m., Willy Tarreau wrote:
>
> >>> That happened faster than even I thought:
> >>>
> >>>     http://telecom.kz/en/news/view/18729
> >>
> >Can anyone elighten me; was that a phish? or an actual government action?
>
> It seems legit.  People on hacker-news seems to have found the
> underlying government directives:
>
>         https://news.ycombinator.com/item?id=10665344
>
>
> --
> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG         | TCP/IP since RFC 956
> FreeBSD committer       | BSD since 4.3-tahoe
> Never attribute to malice what can adequately be explained by incompetence.
>
>
Received on Thursday, 3 December 2015 16:44:57 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC