Re: Privacy and its costs (was: Re: Mandatory encryption) from Greg Wilkins on 2012-07-26 (ietf-http-wg@w3.org from July to September 2012)

From: Greg Wilkins <gregw@intalio.com>
Date: Thu, 26 Jul 2012 11:13:49 +1000
To: ietf-http-wg@w3.org
Message-ID: <CAH_y2NECz8S0Tyf2tCKdiMQ_NzEtqkyRNvmuDCyJdcE8XU3dfg@mail.gmail.com>

On 20 July 2012 02:05, Tim Bray <tbray@textuality.com> wrote:
> No, privacy is important. There are things on my blog that people in
> certain situations could get in trouble just for reading.  I should
> offer privacy, and it’s a failure on my part that I don’t.  -T

Privacy is important.

But I think HTTP/2.0 has to be vary careful about what it promises
with regards to privacy as it is not just content that can get readers
into trouble.  It is possible to infer a lot of private information
even from encrypted traffic, just from where it is directed and even
when it is sent.

Seeing a connection from a work computer to a TSFW server is going to
get the reader in trouble no matter if the content is encrypted or
not... it may even get them into worse trouble as imaginations can
fill in the content.

Also consider a Server using some HTTP/2.0 push feature to push out
stock market prices as they change and users can have a custom
portfolio of stocks that they can watch.  It can be very valuable
information to know what stocks a top trader has in their portfolio,
so if you sniff packets on their network, it does not matter that the
contents are encrypted, because over a period you can correlate the
time that they receive encrypted packets with known fluctuations of
stock prices and thus work out the contents of their portfolio.

In the same way, you can match traffic to/from gmail to posts on
forums and mailing lists and infer authors and subscribers on your
local network.  You can even determine lengths of passwords and other
information that can assist with breaking security.

Privacy is important, I just don't think it is something that we can
truly provide simply by encrypting the transport layer.   So there is
a danger in over promising to say that HTTP/2.0 will be TLS for
reasons of privacy.

regards

-- 
Greg Wilkins <gregw@intalio.com>
http://www.webtide.com
Developer advice and support from the Jetty & CometD experts.

Received on Thursday, 26 July 2012 01:14:18 UTC