- From: Mike Belshe <mike@belshe.com>
- Date: Tue, 27 Aug 2013 12:42:16 -0700
- To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Cc: httpbis mailing list <ietf-http-wg@w3.org>
- Message-ID: <CABaLYCs4Y674O4fASrB+yRRYgmdP+fpHKQSBjE9r-Ss3SiYDTw@mail.gmail.com>
+1. Encryption is not theater. It raises the bar in a meaningful way. On Aug 27, 2013 10:23 AM, "Stephen Farrell" <stephen.farrell@cs.tcd.ie> wrote: > > So just chiming in generally on this thread with no hats: > > - I don't agree with the subject line - if done properly, > turning on encryption without authentication could be useful > and not simply theater - for example it could increase the > cost and/or complexity (and hence likelihood of discovery) > of deploying pervasive surveillance. > > - Done badly of course, the outcome could be theater. > > - I disagree that making better use of crypto might cause > authorities to be more authoritarian - while that might be > a reasonable position to hold for folks with a certain world > view, its entirely unconvincing. I suspect that folks with > that position cannot be convinced they are wrong and nor > can folks who don't have that position. > > - I don't think this discussion should really have much to > do with earlier discussions about performance or middleboxes. > The WG had that discussion and this one is based on "new > information" as I think Mark put it. > > - Some people might oversell the results of this discussion, > yes, but that's always a danger and shouldn't drive the WG > decision. > > All in all, I'd like to see more use of HTTP/TLS for > confidentiality, even without origin authentication. (But > that's probably no surprise:-) > > Cheers, > S. > > > > >
Received on Tuesday, 27 August 2013 19:42:43 UTC