W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: SSL/TLS everywhere fail

From: Roland Zink <roland@zinks.de>
Date: Thu, 3 Dec 2015 19:00:44 +0100
To: ietf-http-wg@w3.org
Message-ID: <5660834C.1060609@zinks.de>
Am 03.12.2015 um 18:29 schrieb Jacob Appelbaum:
> On 12/3/15, Mike Belshe <mike@belshe.com> wrote:
>> Absolutely to be expected, but nothing to do with http2.  This was already
>> happening long before http2 or spdy...
> Exactly so - huge surveillance and censorship events are an ongoing problem.
+1
> Go go go http2 and mandatory SSL everywhere.  Next step - eliminate MITM.
> We haven't done that well yet, but its coming.
> TLS, please. :-)
I'm a bit worried about all the closed boxes that I "own" but are really 
controlled by somebody else. Like a TV set reporting what channel I'm 
watching. The reporting is using TLS and is private, but how do I detect 
and prevent such things then? New chains everywhere.

Regards,
Roland
Received on Thursday, 3 December 2015 18:01:16 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC