W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: SSL/TLS everywhere fail

From: Adrien de Croy <adrien@qbik.com>
Date: Thu, 03 Dec 2015 20:37:06 +0000
To: "Mike Belshe" <mike@belshe.com>, "Poul-Henning Kamp" <phk@phk.freebsd.dk>
Cc: "Amos Jeffries" <squid3@treenet.co.nz>, "httpbis mailing list" <ietf-http-wg@w3.org>
Message-Id: <emd7a7cf8d-ffa2-48ca-be74-988394441bb5@bodybag>


------ Original Message ------
From: "Mike Belshe" <mike@belshe.com>

>
>Go go go http2 and mandatory SSL everywhere.  Next step - eliminate 
>MITM.  We haven't done that well yet, but its coming.
>
>
I think before you eliminate MiTM you better eliminate malware, and 
insecure sites that get hacked and become driveby attack sites.

And you better be prepared for everyone on the internet to forego 
caching.

I presume google will pay for infrastucture upgrade over the entire 
world so that people can get fast enough internet to not need caching?

Time to start working on a successor to TLS I guess for the sites we 
really want to be secure.



>
>
>On Thu, Dec 3, 2015 at 5:15 AM, Poul-Henning Kamp <phk@phk.freebsd.dk> 
>wrote:
>>--------
>>In message <56602858.2000005@treenet.co.nz>, Amos Jeffries writes:
>> >On 3/12/2015 12:42 p.m., Willy Tarreau wrote:
>>
>> >>> That happened faster than even I thought:
>> >>>
>> >>>     http://telecom.kz/en/news/view/18729
>> >>
>> >Can anyone elighten me; was that a phish? or an actual government 
>>action?
>>
>>It seems legit.  People on hacker-news seems to have found the
>>underlying government directives:
>>
>>         https://news.ycombinator.com/item?id=10665344
>>
>>
>>--
>>Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
>>phk@FreeBSD.ORG         | TCP/IP since RFC 956
>>FreeBSD committer       | BSD since 4.3-tahoe
>>Never attribute to malice what can adequately be explained by 
>>incompetence.
>>
>
Received on Thursday, 3 December 2015 20:37:44 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC