Re: Pervasive encryption: Pro and contra from Mark Nottingham on 2013-11-18 (ietf-http-wg@w3.org from October to December 2013)

From: Mark Nottingham <mnot@mnot.net>
Date: Mon, 18 Nov 2013 14:31:07 +1100
To: Tim Bray <tbray@textuality.com>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-Id: <8C1FEBCF-315F-4CC5-AF96-D6960E21580F@mnot.net>

On Sat, Nov 16, 2013 at 5:03 PM, Tim Bray <tbray@textuality.com> wrote:
> There has been a *whole lot* of traffic on this subject.  It’s fascinating that the meeting of minds is so difficult, and any possibility of that happening is made more difficult by the discussion skewing back and forth across the road.
> 
> To help sort things out in my own mind, I just went and read the last few hundred messages and attempted to curate the pervasive/mandatory encryption arguments, pro and contra.  It’s in a Google doc that’s open to comment by anyone: http://goo.gl/6yhpC1  Hm, is there a handy wiki platform somewhere that can stand up to the pressure?
> 
> I don’t know if trying to organize the talking points is generally useful, but I sure found it personally useful; maybe others will too.
> 
> Disclosure: I remain pretty strongly in favor of as much mandatory encryption as we can get, so that may have filtered my expression of the issues.  I've version-stamped this: 2013/11/16, and promise not to change it in case people comment on it.

Thanks, Tim.  I'd encourage you to submit that as an individual (for now) I-D. If you want space to work on it / collect issues, I can give you a repository over on github.

I'd also encourage you to move it quickly past a simplistic "pro/con" model. There are a remarkable number of facets to this discussion, with many interdependencies.

For example, your C1 ("Intermediation") assumes that we won't change that aspect of HTTP, yet there is already a parallel discussion about doing so. Likewise, there are parallel discussions about improving the CA system, crypto algorithms, etc. (C2).

Then,

On 17/11/2013, at 3:27 PM, Tim Bray <tbray@textuality.com> wrote:

> Um, I see some debate on the issues breaking out in the comments.  I’m not the chair, but if it were, I’d holler at you to have those arguments here; I made sure that every bullet point in that doc had an unambiguous address, so you can say in email that “C2.4 isn’t a problem because...”  My goal was to propose a candidate structure to have the debate around, not an alternate place to have it.

... and fresh off a plane, I'm catching up with e-mail; what fun.

Folks, this document is not a WG product, discussion there has absolutely no bearing whatsoever. So, feel free to send bits that way (we've got plenty over here), but realise that they don't count.

Later on,

On 17/11/2013, at 5:15 PM, SM <sm@resistor.net> wrote:

> See http://trac.tools.ietf.org/wg/httpbis/trac/wiki

If Tim wants to collect input, there are much better tools for doing so. Please don't do it there.

Cheers,

--
Mark Nottingham   http://www.mnot.net/

Received on Monday, 18 November 2013 03:31:28 UTC