W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: SSL/TLS everywhere fail

From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Thu, 3 Dec 2015 15:26:37 -0700
To: HTTP Working Group <ietf-http-wg@w3.org>
Cc: Robert Collins <robertc@robertcollins.net>
Message-ID: <5660C19D.8040202@measurement-factory.com>
On 12/03/2015 11:32 AM, Robert Collins wrote:

> I haven't met
> a single non-internet-technicalities-savvy person who didn't express
> immense surprise at the idea that their normal browsing would be
> visible to *anyone* other than the site they were browsing on.

I have met many technically-illiterate folks who assume their impersonal
communications are monitored by their government. If given the choice of
no internet or monitored internet, I bet many would pick the latter (and
would express immense surprise that they are being asked a question with
such an obvious [to them] answer!).

Our personal worldview, experience, and aspirations are not always
shared by the billions we are tempted to represent here (even if we dare
to characterize our current views as "enlightened" and worth mimicking
by those billions).

> Is it less harmful to:
>  - expose everything
>  - protect everything

Instead of deciding which extreme is less harmful, we should be focusing
on protocols and deployment recommendations that give people meaningful
choices without breaking infrastructure.

It is not this WG job to decide whether the Kazakh government (or the
example.com employer or a concerned parent) has the right to monitor
communication of their citizens (or employees or kids). It could be this
WG job to design protocols and deployment recommendations that make
monitoring easy to integrate, discover, and either consent to or reject.

Doing so would save a lot of energy for such useful things as educating
folks about surveillance trade-offs so that their consent (or lack of
thereof) becomes more informed.

Received on Thursday, 3 December 2015 22:27:08 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC