Re: Pervasive encryption: Pro and contra

On 17/11/13 2:16 PM, Nicolas Mailhot wrote:
> 2. it's disingenuous to claim tackling pervasive surveillance when 
> nothing is done for the cookie networks whose sole aim is pervasive 
> surveillance and which *are* an http "feature" (unlike TLS which is 
> being bolted on) 
True, but all previous attempts to make cookies better have failed.

  * The httpstate working group closed without standardizing "cake"
  * Recent attempts to get websec to discuss next generation cookies
    also failed to get people (especially browser vendors) interested.

Granted, the main aim of those attempts were to protect against cookie 
stealing, but there was also a desire to change the rules of sending 
cookies around.

I'm afraid, though, that we've come to expect web pages to have a bunch 
of faces of all our facebook friends who "like"-ed this article, and you 
need state sharing to get this to work.

Anyway, if you'd like to work on a new HTTP state mechanism with new 
rules and have some idea how to get the content providers and social 
networks to agree to work with it, you're welcome to propose a BoF. I 
promise to hum in favor.


Received on Sunday, 17 November 2013 14:20:38 UTC