W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2013

Re: Mandatory encryption *is* theater

From: Roberto Peon <grmocg@gmail.com>
Date: Sun, 25 Aug 2013 14:01:28 -0700
Message-ID: <CAP+FsNekM95SuMvO1_hxeVf2hWb+rApzkD417n+1N5w_V2+VOA@mail.gmail.com>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Salvatore Loreto <salvatore.loreto@ericsson.com>, HTTP Working Group <ietf-http-wg@w3.org>
Such entities would have motivation to circumvent security regardless of
whether or not things are encrypted. That problem isn't technical-- it is
political.
In any case, the intent here is to negotiate for encryption, not security.
-=R


On Sun, Aug 25, 2013 at 1:52 PM, Poul-Henning Kamp <phk@phk.freebsd.dk>wrote:

> In message <CAP+FsNenAQvhoMMNmWj_hjjV9rrZPQT92pNGXaM3Kdm0T_bu=
> Q@mail.gmail.com>, Roberto Peon writes:
>
> >In any case, if you're doing the work of signing, why not just encrypt?
>
> Because signing wouldn't force Police-states intelligence services
> to break, weaken or circumvent any and all encryption, in order to
> comply with the mandate they were put under, by democratically
> elected politicians ?
>
> If you make encryption mandatory in HTTP/2.0, more of your tax-money
> will drain into NSA[1] ?
>
> Poul-Henning
>
> [1] The Guardian pegs the number at around 850.000 NSA employees
> and contractors:
>
> http://www.theguardian.com/uk/2013/jun/21/gchq-cables-secret-world-communications-nsa
>
> --
> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG         | TCP/IP since RFC 956
> FreeBSD committer       | BSD since 4.3-tahoe
> Never attribute to malice what can adequately be explained by incompetence.
>
Received on Sunday, 25 August 2013 21:01:56 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:14 UTC