Re: Pervasive encryption: Pro and contra

On Sun, Nov 17, 2013 at 2:45 AM, Robert Collins <robertc@squid-cache.org> wrote:
> C5.2 It’s unethical to insert encryption into people’s connections
> without their consent.
> This has an inverse:
> P3 : It's unethical to have presumed-private conversations not be

Just like their phone lines, I don't think people presume that their
internet conversations are *technically* difficult to eavesdrop by
government or resourceful criminals. People presume the exact
opposite.

Is HTTP/2.0 going to promise people that their conversations are now
unbreakable? Who is in the position to make that promise? How in the
world do we even know that TLS isn't broken by someone who does not
publish their findings?

Zhong Yu

>
> Arguably to P1 (protection) : this is about expectations of users.
>
> -Rob
>
> On 17 November 2013 14:03, Tim Bray <tbray@textuality.com> wrote:
>> There has been a *whole lot* of traffic on this subject.  It’s fascinating
>> that the meeting of minds is so difficult, and any possibility of that
>> happening is made more difficult by the discussion skewing back and forth
>> across the road.
>>
>> To help sort things out in my own mind, I just went and read the last few
>> hundred messages and attempted to curate the pervasive/mandatory encryption
>> arguments, pro and contra.  It’s in a Google doc that’s open to comment by
>> anyone: http://goo.gl/6yhpC1  Hm, is there a handy wiki platform somewhere
>> that can stand up to the pressure?
>>
>> I don’t know if trying to organize the talking points is generally useful,
>> but I sure found it personally useful; maybe others will too.
>>
>> Disclosure: I remain pretty strongly in favor of as much mandatory
>> encryption as we can get, so that may have filtered my expression of the
>> issues.  I've version-stamped this: 2013/11/16, and promise not to change it
>> in case people comment on it.
>

Received on Sunday, 17 November 2013 15:54:35 UTC