W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2013

Re: PRISM and HTTP/2.0

From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
Date: Sun, 14 Jul 2013 12:19:44 +0000 (UTC)
To: ietf-http-wg@w3.org
Message-ID: <loom.20130714T140454-241@post.gmane.org>
Poul-Henning Kamp <phk@...> writes:

> I would like to advocate that everybody spends a little bit of time
> reconsidering how we design protocols after the PRISM disclosures.

> We can do three things in light of this:
> 1) We can try to add more encryption to fight back.
> 2) We can recognize that there needs to be hooks for duly authorized access.
> 3) We can change or at least influence the political objectives

4. We can fix intermediary set up in the protocol so it's not a PITA to add
 a protection middleman to the mix (privacy proxy, TOR proxy, audit proxy).

Right now a lot of services are moving to cloud farms controlled by a
handful of PRISM-happy US firms. The same handful also controls pretty much
all the major browsers (Firefox excepted, maybe). Someone wrote on this list
a few months ago the protocol should help server-point vet intermediaries.
This is totally insane. You can't have the whole HTTP value chain under NSA
control. And while expecting everyone that does not trust the NSA to come up
with its own browser is pretty irrealistic nowadays, writing a proxy
babysitter that checks the browser is not completely compromised is way more

This does not change hostile intermediary situation one bit, since they're
already doing interception now. The only people harmed are the white hats.

Nicolas Mailhot
Received on Sunday, 14 July 2013 12:20:26 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:14 UTC