Re: Mandatory encryption *is* theater

Yeah... we’ve had this conversation before.  But there are a lot of us who
think that every time you turn one connection from naked to TLS, that is a
step forward and something that we should be encouraging and facilitating
to the degree that we can.  -T


On Tue, Aug 27, 2013 at 12:42 PM, Mike Belshe <mike@belshe.com> wrote:

> +1.  Encryption is not theater.   It raises the bar in a meaningful way.
> On Aug 27, 2013 10:23 AM, "Stephen Farrell" <stephen.farrell@cs.tcd.ie>
> wrote:
>
>>
>> So just chiming in generally on this thread with no hats:
>>
>> - I don't agree with the subject line - if done properly,
>> turning on encryption without authentication could be useful
>> and not simply theater - for example it could increase the
>> cost and/or complexity (and hence likelihood of discovery)
>> of deploying pervasive surveillance.
>>
>> - Done badly of course, the outcome could be theater.
>>
>> - I disagree that making better use of crypto might cause
>> authorities to be more authoritarian - while that might be
>> a reasonable position to hold for folks with a certain world
>> view, its entirely unconvincing. I suspect that folks with
>> that position cannot be convinced they are wrong and nor
>> can folks who don't have that position.
>>
>> - I don't think this discussion should really have much to
>> do with earlier discussions about performance or middleboxes.
>> The WG had that discussion and this one is based on "new
>> information" as I think Mark put it.
>>
>> - Some people might oversell the results of this discussion,
>> yes, but that's always a danger and shouldn't drive the WG
>> decision.
>>
>> All in all, I'd like to see more use of HTTP/TLS for
>> confidentiality, even without origin authentication. (But
>> that's probably no surprise:-)
>>
>> Cheers,
>> S.
>>
>>
>>
>>
>>