W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: SSL/TLS everywhere fail

From: Willy Tarreau <w@1wt.eu>
Date: Thu, 3 Dec 2015 19:05:54 +0100
To: Cory Benfield <cory@lukasa.co.uk>
Cc: Jacob Appelbaum <jacob@appelbaum.net>, Mike Belshe <mike@belshe.com>, Poul-Henning Kamp <phk@phk.freebsd.dk>, Amos Jeffries <squid3@treenet.co.nz>, httpbis mailing list <ietf-http-wg@w3.org>
Message-ID: <20151203180554.GC22101@1wt.eu>
On Thu, Dec 03, 2015 at 05:35:51PM +0000, Cory Benfield wrote:
> >> Go go go http2 and mandatory SSL everywhere.  Next step - eliminate MITM.
> >> We haven't done that well yet, but its coming.
> > 
> > TLS, please. :-)
> > 
> > All the best,
> > Jacob
> > 
> 
> I could not agree more with Jacob if I tried. Well said.

Guys I think you didn't read well. What was reported is that a government
*officially* enforced the need to legally break TLS. If you're pushing
for more TLS, you're just pushing for more surveillance. That's a fact
and it has been proven by this news article. The push for TLS everywhere
has at least broken all Khazak's privacy.

I predict that in less than 10 years we'll all be using point-to-point
TLS because everyone will legally crack it along the way. What a great
internet it will be! It used to be limited for *certain* activities
only, making it uninteresting to crack most of the time.

Willy
Received on Thursday, 3 December 2015 18:06:35 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC