W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: SSL/TLS everywhere fail

From: Cory Benfield <cory@lukasa.co.uk>
Date: Thu, 3 Dec 2015 17:35:51 +0000
Cc: Mike Belshe <mike@belshe.com>, Poul-Henning Kamp <phk@phk.freebsd.dk>, Amos Jeffries <squid3@treenet.co.nz>, httpbis mailing list <ietf-http-wg@w3.org>
Message-Id: <9F4EF866-6C36-44CF-B081-3A3A59991494@lukasa.co.uk>
To: Jacob Appelbaum <jacob@appelbaum.net>

> On 3 Dec 2015, at 17:29, Jacob Appelbaum <jacob@appelbaum.net> wrote:
> 
> On 12/3/15, Mike Belshe <mike@belshe.com> wrote:
>> Absolutely to be expected, but nothing to do with http2.  This was already
>> happening long before http2 or spdy...
> 
> Exactly so - huge surveillance and censorship events are an ongoing problem.
> 
>> These types of event are GREAT for everyone - we're getting visibility into
>> just how invasive our governments want to be.  If we didn't push forward,
>> the world would be living in ignorant bliss.
> 
> Rosa Luxemburg most famously captured this: "Those who do not move, do
> not notice their chains."
> 
> I'm not sure that it is "great" in a sense that I'm familiar with...
> it is a reality check that moves things along in a very honest
> direction. Some technical people were aware and they were fine with
> the status quo. Some as collaborators and some as feeling like this is
> all awful and messy. Now many many more people will be aware, some
> with power to change things and many without. It moves us from a world
> of passive and hidden active attackers to a world where we'll see many
> more active attacks.
> 
> Is it really bad news that we're now seeing this stuff? It has been
> happening for *years* in some countries. Some Oakley groups have been
> blocked wholesale in areas of the world.
> 
>> Go go go http2 and mandatory SSL everywhere.  Next step - eliminate MITM.
>> We haven't done that well yet, but its coming.
> 
> TLS, please. :-)
> 
> All the best,
> Jacob
> 

I could not agree more with Jacob if I tried. Well said.

Received on Thursday, 3 December 2015 17:36:32 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC