- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Tue, 27 Aug 2013 17:22:43 +0000
- To: <ietf-http-wg@w3.org>
So just chiming in generally on this thread with no hats: - I don't agree with the subject line - if done properly, turning on encryption without authentication could be useful and not simply theater - for example it could increase the cost and/or complexity (and hence likelihood of discovery) of deploying pervasive surveillance. - Done badly of course, the outcome could be theater. - I disagree that making better use of crypto might cause authorities to be more authoritarian - while that might be a reasonable position to hold for folks with a certain world view, its entirely unconvincing. I suspect that folks with that position cannot be convinced they are wrong and nor can folks who don't have that position. - I don't think this discussion should really have much to do with earlier discussions about performance or middleboxes. The WG had that discussion and this one is based on "new information" as I think Mark put it. - Some people might oversell the results of this discussion, yes, but that's always a danger and shouldn't drive the WG decision. All in all, I'd like to see more use of HTTP/TLS for confidentiality, even without origin authentication. (But that's probably no surprise:-) Cheers, S.
Received on Tuesday, 27 August 2013 17:23:06 UTC