- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Sun, 06 Dec 2015 12:33:13 +0000
- To: Jacob Appelbaum <jacob@appelbaum.net>
- cc: Amos Jeffries <squid3@treenet.co.nz>, ietf-http-wg@w3.org
-------- In message <CAFggDF1NOskxyAdJkamuhM5EmPhcdwfKz9q4y5+SgaCFBWJ6sA@mail.gmail.com> , Jacob Appelbaum writes: >>> Not exactly. We have started with unencrypted connections that lack >>> confidentiality, integrity and authenticity. Moving to TLS gives us >>> all three with a computational cost and within certain boundaries. >> >> The tired old argument against "TLS-everywhere" is that TLS does *not* >> offer all three of those. > >That argument is wrong when we consider how it is used in practice. As >an example, we upgrade a protocol from HTTP to HTTPS - we gain those >properties within certain bounds. For "within certain bounds" read: "Except any actor which has a trojan or captured CA - which means any non-incompetent state actor and many highly competent non-state actors." -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Sunday, 6 December 2015 12:33:36 UTC