W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: SSL/TLS everywhere fail

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Sat, 05 Dec 2015 16:07:29 +0000
To: Jacob Appelbaum <jacob@appelbaum.net>
cc: Mark Nottingham <mnot@mnot.net>, Cory Benfield <cory@lukasa.co.uk>, Adrien de Croy <adrien@qbik.com>, Mike Belshe <mike@belshe.com>, Amos Jeffries <squid3@treenet.co.nz>, httpbis mailing list <ietf-http-wg@w3.org>
Message-ID: <64900.1449331649@critter.freebsd.dk>
--------
In message <CAFggDF1ckgL+mGN5NJKv9-Mj5b6MDkHdJC+3SVo=JJ2pKQd=iw@mail.gmail.com>
, Jacob Appelbaum writes:

>> And that is *exactly* why people should have thought "Hang on, If
>> TLS-everywhere is easly defeated by COTS products..."
>
>The model here is a bit strange. HTTP withou TLS is also easily
>defeated. There is a cost here that is higher for the adversary and
>that includes a political one: detection.

Jacob, that's a false dictomy and you know it well.

I'm not advocating unencrypted HTTP, you can read what I
advocated here:  http://phk.freebsd.dk/words/httpbis.html

That is pretty much the same delineation as the draft we're
talking about now.

>> Rumours from local sources is that it simply took their webserver
>> down.  No rumours about the government decision having changed.
>
>Now would be a good time to have diplomatic contacts reach out and to
>confirm, [...]

Unfortunately I don't know anybody in Kazahkstan who can risk sticking
their head up.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Saturday, 5 December 2015 16:08:00 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC