- From: Werner Baumann <werner.baumann@onlinehome.de>
- Date: Wed, 18 Jul 2012 23:35:12 +0200
- To: ietf-http-wg@w3.org
+1 especially the part about user control, from a user. I'm tired of data miners that pretend to care for my privacy. Werner Am Wed, 18 Jul 2012 21:37:39 +0200 schrieb "Nicolas Mailhot" <nicolas.mailhot@laposte.net>: > > Le Mer 18 juillet 2012 16:03, Yoav Nir a écrit : > > Wow. It's like I have to run to the other side of the table to > > argue for the other side… > > > > On Jul 18, 2012, at 4:24 PM, Nicolas Mailhot wrote: > >> > >> That being said: > >> > >> 1. I don't read the bank (or other correspondence) of my users > >> > >> 2. I'm not asked to read the bank (or other correspondence) of my > >> users, either by management or a police state (divulging it would > >> take a legal injunction I think, never had to deal with those) > > > > It's a good thing that you don't read bank transactions and that > > you don't get asked to. But you could read the bank transactions if > > you wanted to (or were asked to). > > No one is going to ask me to do so. Much simpler to hire some shady > character to deploy a keylogger on the target user computer, and no > need to involve an honest general-purpose network joe like me. Your > threat assessment is faulty. > > > If the data goes over HTTP you can do it with > > something as simple as TCPDUMP. If it goes over SSL, you'll need a > > TLS proxy. The security issue is not that you want to do it, but > > that you and others with similar jobs to yours can do it. > > The security issue is that the protocol is not well behaved and does > not let users negotiate the level of protection they deem necessary > and which is possible to negotiate in a particular social setting. > The protocol is an absolute god-awful under-specified mess that > leaves users at the mercy of web sites, intermediaries and browser > writers. Instead of giving users the tools to assess and control > connexion state, so they are able to perform this negotiation (which > they are the *only* ones legitimate to perform) browsers and big > sites have embarked in an anal blind quest to apply TLS everywhere > and *that* is the reason there are MITM ssl interception boxes > sprouting right and left today. > > In an all-or-nothing world users get *nothing* on networks where they > are guests if the protocol and tools do not provide them the means to > behave like guests. > > In an all-or-nothing world me and other intermediary operators get > total control because there is no middle knob between no control and > total control, and no control is not acceptable to the network owner > who has veto power by definition. > > It's no use advertising the triply iron-clad TLS door to a social site > when said social site leaks user information like a sieve, often > deliberately. Not only it is not helping the user it's actively > deceiving him. > > The day the protocols and tools help user check what is send in clear, > what had been integrity checked, what has been crypted, by whom and to > whom (and whom send the various error pages), and decide themselves > what they want (to they allow middlemen to accelerate or > malware-check some elements ; do they insist that others must be > totally opaque even at the cost of losing connection on networks they > do not control) then people can claim they are pro-users. > > (it's not rocket science, it's just defining a protocol that permits > different compromise levels, providing means to users to tag accesses > as belonging to one category or the other, and having the web client > negotiate automatically the best compromise it can on the available > networks. And yes that would also permit users to bloc collection of > data by advertisers and other commercial entities if they wish so) > > All the mashup, sharding, clouding, ajaxy stuff while convenient for > web site and browser developers has resulted in a mess no normal user > could identify any trust domain in. No amount of TLS-ing is going to > fix the trust problem. Multiplexing will make the situation worse, > not better. So please instead of continuing to make choices for the > users please make http connexions simpler to understand by users so > they can make educated security decisions (and putting grocery > shopping on the same level as bank account accesses is no making > connexions simpler to understand it shows users you don't give a fig > about their actual needs). > > I defy any of the pro-crypto people here to poll random people in the > street and make them say they'd rather have the internet become even > more complex and opaque, to provide total confidentiality, instead of > being as simple to use as a wired phone (even if everyone knows > governments can wiretap wired phones) > > >> 3. When confidential (company or user) data leaks it's always at > >> the server endpoints, usually because those endpoints didn't care > >> a bit about > >> user data confidentiality. > > > > Well, we know that some countries monitor traffic for censorship > > and to discover dissidents. Most would call this data leakage, and > > it's not at the endpoints. > > I'm quite sure those countries also read dissident blogs and social > sites and that they get more info this way than by monitoring traffic. > > >> 12. we absolutely do *not* want to eavesdrop on bank accesses, > >> e-government forms, etc. We'd much prefer if such a traffic could > >> be send > >> in encrypted payloads with in-clear routing metadata (there I > >> differ a bit > >> from Willy, but I accept he has customers with stricter > >> requirements than > >> ours) > > > > Does "we" include the no such agency? > > The no such agency has backdoors in all the big US web sites that > want to save people in other countries from spying with TLS. It does > not even need to profile people anymore those sites are doing it > openly and for free in its stead. With likedin it can downsize its > economic intelligence arm too (or even peek directly at data > processed in the clouds of Amazon & friends) > > This is spook paradise > > > Does it include its counterparts in Iran and Syria? > > I'm sure they will catch up on the new way of offloading intelligence > to web site operators soon if they haven't yet. The Chinese certainly > did a long time ago. > > >There are all sorts of people installing middleboxes. > > And there are all sorts of people that do not want to be made targets > because their technology provider decided it was smart to make them go > dark and behave like enemies of the state. > > You don't solve political problems with simplistic binary technical > changes (especially when you focus on the element which is not the > worst problem today). Governments and populations adapt either way. > And just because some populations do not like their government does > not necessarily mean they prefer to give the keys of their lives to > facebook or google (which is what will happen with a system too > complex to control by anyone but first-rank websites) >
Received on Wednesday, 18 July 2012 21:35:49 UTC