W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2013

Re: Mandatory encryption *is* theater

From: Yoav Nir <ynir@checkpoint.com>
Date: Sun, 25 Aug 2013 09:57:53 +0000
To: Eliot Lear <lear@cisco.com>
CC: William Chan (Dz) <willchan@chromium.org>, "Roberto Peon" <grmocg@gmail.com>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-ID: <685981AB-6600-4DBF-A6E7-DF43C774A700@checkpoint.com>

On Aug 25, 2013, at 12:02 PM, Eliot Lear <lear@cisco.com>
 wrote:
> 
>> There is new information; there are widespread deployments of sniffers. More
>> details have since been released. As Chair, Mark felt that this was enough to
>> re-open the discussion.
> 
> Anonymous cypher suites might well have changed the character of this problem, but probably not have reduced it, and may have introduced unintended consequences.   They still may help with the so-called "Starbucks" problem, but to me that problem is better dealt with at a lower layer so that ALL communications on that network can be protected.  I also believe that the underlying issues of the above quoted statement lie elsewhere (about 3  to 4 layers above HTTP). 

(Opportunistic) IPsec?

Received on Sunday, 25 August 2013 09:58:31 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:14 UTC