W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2013

Re: Mandatory encryption *is* theater

From: Mike Belshe <mike@belshe.com>
Date: Tue, 27 Aug 2013 12:42:16 -0700
Message-ID: <CABaLYCs4Y674O4fASrB+yRRYgmdP+fpHKQSBjE9r-Ss3SiYDTw@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: httpbis mailing list <ietf-http-wg@w3.org>
+1.  Encryption is not theater.   It raises the bar in a meaningful way.
On Aug 27, 2013 10:23 AM, "Stephen Farrell" <stephen.farrell@cs.tcd.ie>
wrote:

>
> So just chiming in generally on this thread with no hats:
>
> - I don't agree with the subject line - if done properly,
> turning on encryption without authentication could be useful
> and not simply theater - for example it could increase the
> cost and/or complexity (and hence likelihood of discovery)
> of deploying pervasive surveillance.
>
> - Done badly of course, the outcome could be theater.
>
> - I disagree that making better use of crypto might cause
> authorities to be more authoritarian - while that might be
> a reasonable position to hold for folks with a certain world
> view, its entirely unconvincing. I suspect that folks with
> that position cannot be convinced they are wrong and nor
> can folks who don't have that position.
>
> - I don't think this discussion should really have much to
> do with earlier discussions about performance or middleboxes.
> The WG had that discussion and this one is based on "new
> information" as I think Mark put it.
>
> - Some people might oversell the results of this discussion,
> yes, but that's always a danger and shouldn't drive the WG
> decision.
>
> All in all, I'd like to see more use of HTTP/TLS for
> confidentiality, even without origin authentication. (But
> that's probably no surprise:-)
>
> Cheers,
> S.
>
>
>
>
>
Received on Tuesday, 27 August 2013 19:42:43 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:15 UTC