- From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
- Date: Sun, 14 Jul 2013 12:19:44 +0000 (UTC)
- To: ietf-http-wg@w3.org
Poul-Henning Kamp <phk@...> writes: > > > I would like to advocate that everybody spends a little bit of time > reconsidering how we design protocols after the PRISM disclosures. > We can do three things in light of this: > > 1) We can try to add more encryption to fight back. > > 2) We can recognize that there needs to be hooks for duly authorized access. > > 3) We can change or at least influence the political objectives 4. We can fix intermediary set up in the protocol so it's not a PITA to add a protection middleman to the mix (privacy proxy, TOR proxy, audit proxy). Right now a lot of services are moving to cloud farms controlled by a handful of PRISM-happy US firms. The same handful also controls pretty much all the major browsers (Firefox excepted, maybe). Someone wrote on this list a few months ago the protocol should help server-point vet intermediaries. This is totally insane. You can't have the whole HTTP value chain under NSA control. And while expecting everyone that does not trust the NSA to come up with its own browser is pretty irrealistic nowadays, writing a proxy babysitter that checks the browser is not completely compromised is way more accessible. This does not change hostile intermediary situation one bit, since they're already doing interception now. The only people harmed are the white hats. -- Nicolas Mailhot
Received on Sunday, 14 July 2013 12:20:26 UTC