W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: SSL/TLS everywhere fail

From: Willy Tarreau <w@1wt.eu>
Date: Thu, 3 Dec 2015 22:20:18 +0100
To: Matthew Kerwin <matthew@kerwin.net.au>
Cc: ietf-http-wg@w3.org
Message-ID: <20151203212018.GB22152@1wt.eu>
On Fri, Dec 04, 2015 at 06:58:40AM +1000, Matthew Kerwin wrote:
> On 04/12/2015 4:10 AM, "Willy Tarreau" <w@1wt.eu> wrote:
> >
> > I predict that in less than 10 years we'll all be using point-to-point
> > TLS because everyone will legally crack it along the way. What a great
> > internet it will be! It used to be limited for *certain* activities
> > only, making it uninteresting to crack most of the time.
> >
> 
> So... does Martin's encrypted content encoding fit into this predicted
> future? And if so, in a good, bad, or neutral way?

I don't know. It's always hard to know how technology can serve purposes
in the long term for good or for bad. It's the same reason some of us
warned against the naive TLS everywhere approach that was not going to
protect against sniffing but rather increasing sales of MiTM devices.
Some people didn't believe and they had very valid reasons for thinking
differently. Here I'm predicting a trend as a reaction for another trend.
What tools and methods will be used, I don't know. What I think however
is that some people will start to consider RFC1149 (or 6214 for IPv6) as
a serious alternative to the broken net they'll have to deal with.

Willy
Received on Thursday, 3 December 2015 21:21:33 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC