- From: Roberto Peon <grmocg@gmail.com>
- Date: Sun, 17 Nov 2013 14:20:21 -0800
- To: Mike Belshe <mike@belshe.com>
- Cc: Poul-Henning Kamp <phk@phk.freebsd.dk>, Bjoern Hoehrmann <derhoermi@gmx.net>, Tim Bray <tbray@textuality.com>, httpbis mailing list <ietf-http-wg@w3.org>
- Message-ID: <CAP+FsNcCSi1FrK38homv=fEh8tvc0WWGyS=tVyOO3uprBFQ9FA@mail.gmail.com>
Tim- I read the doc, and though I disagree with most of the items, I also want to thank you for putting it together so we have something concrete to debate with/around. There are a number of things within the document that I disagree with, the first being the name. We could entitle it "awesome incremental privacy" and it would still mean the same thing, with completely different coloring. There are a number of other colorings in the document that vary widely from the "color" of objective statements. Another doc that we should probably talk about, since we apparently can't avoid it is: http://tools.ietf.org/html/draft-vidya-httpbis-explicit-proxy-ps-00 and so we might also want to read that one (bleh.. more reading, I know... I know...) The document there talks extensively about the intermediaries, the problems they solve and face, and the problems that end-users and sites face. While making hypothesis about the 3rd order effects of encryption on politics is interesting, but... I don't care for it: We could argue endlessly about it and never reach a conclusion, and we'll only be able to get data about it after we take a course of action... so that is not helpful. Discussing politics seems like a poor foundation for an engineering discussion. In terms of engineering, we know that: today is that there is pervasive monitoring, and that some of this monitoring includes entities with malicious intent (i.e. criminals). users do care about privacy: they want to choose what is public and what is not; They don't want their lives damaged or destroyed when they have been doing only legal activities online sites do care about privacy: they want to retain the trust of their users we have the technical capability to help solve this problem with either opt-in or opt-out decisions made by either the server or client. various jurisdictions have varying tolerance for encryption, and both opt-in or opt-out mechanisms allow this to be accommodated users don't have the technical depth to understand what is necessary to achieve privacy, let alone security. education and communication about technical issues is extremely difficult and takes significant time, if possible at all we cannot effectively impose changes on already deployed infrastructure or content -=R On Sun, Nov 17, 2013 at 12:58 PM, Mike Belshe <mike@belshe.com> wrote: > > > > On Sun, Nov 17, 2013 at 12:13 PM, Poul-Henning Kamp <phk@phk.freebsd.dk>wrote: > >> In message <5c8i891ufcgcljeblec314pm868deph6h6@hive.bjoern.hoehrmann.de>, >> Bjoer >> n Hoehrmann writes: >> >> >I understood the comment as saying that the point does not belong on >> >a "pro and contra" list, which seems fair enough in this instance. >> >> Why is having your protocol banned in USA or China not a "con" ? >> > > TLS has not been banned in either China nor the USA. You claim there is a > "risk" of that, but that's just an opinion, and not one we'll ever likely > agree on. > > So, for this list, I was recommending we stick to objective criteria. > > Mike > > > >> >> -- >> Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 >> phk@FreeBSD.ORG | TCP/IP since RFC 956 >> FreeBSD committer | BSD since 4.3-tahoe >> Never attribute to malice what can adequately be explained by >> incompetence. >> > >
Received on Sunday, 17 November 2013 22:20:53 UTC