- From: Mike Belshe <mike@belshe.com>
- Date: Sat, 13 Jul 2013 11:43:26 -0700
- To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Cc: Poul-Henning Kamp <phk@phk.freebsd.dk>, HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CABaLYCtKGa8yyYLpun=LGaxjFoWvFYdK_TMqfAE-5Yw+ch7nAg@mail.gmail.com>
Or we can put up an anonymous auction to all governments, and let the highest bidder win the keys to HTTP/2.0. Mike On Sat, Jul 13, 2013 at 3:47 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie>wrote: > > > On 13 Jul 2013, at 11:08, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > > > > > I would like to advocate that everybody spends a little bit of time > > reconsidering how we design protocols after the PRISM disclosures. > > > > We don't need to have a long discussion about the actual legality > > of the US spy operation, the sheer scale and the kind of efforts > > that went in to it is the relevant message to us. > > > > The take-home message is that encryption will be broken, disabled, > > circumvented og watered down, if it gets in the way of political > > objectives. > > > > We can do three things in light of this: > > > > 1) We can try to add more encryption to fight back. > > Sounds good. We probably need better implementation and more deployment as > well. > > > > > 2) We can recognize that there needs to be hooks for duly authorized > access. > > That's not for this WG IMO. RFC 2804 is a BCP that says that. > > > > > 3) We can change or at least influence the political objectives > > Not for the IETF IMO. > > S > > > > > > I think PRISM is ample evidence that #1 will have the 100% certain > > result is that all encryption will be circumvented, with bogus CA > > certs all the way up to PRISM and designed-in backdoors, and the > > net result is less or even no privacy for anybody everywhere. > > > > In my view, that would be very counterproductive. > > > > #2 is not without challenges, but at least there are plausible paths > > from there to a state of affairs where innocent people might still > > have access to private communications, and it might seem to be a > > necessary precondition for any hope on #3 > > > > #3 is clearly not inside HTTPbis scope, but it may be time for > > all good nerds to come to the aid of their country and humanity. > > > > A "market based" argument can be made under #3, that if we design > > protocols with the necessary access (#2), programs like PRISM will > > not be cost effective, but that will take some serious effort > > of education and politics. > > > > Anyway: Edward Snowden has moved the rug under the HTTP/2.0 > > standardization process, and we should not ignore that. > > > > Think about it. > > > > -- > > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > > phk@FreeBSD.ORG | TCP/IP since RFC 956 > > FreeBSD committer | BSD since 4.3-tahoe > > Never attribute to malice what can adequately be explained by > incompetence. > > > >
Received on Saturday, 13 July 2013 18:43:53 UTC