- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Thu, 12 Dec 2013 20:39:08 +0000
- To: "Adrien de Croy" <adrien@qbik.com>
- cc: William Chan (???) <willchan@chromium.org>, "Patrick McManus" <mcmanus@ducksong.com>, "Martin Thomson" <martin.thomson@gmail.com>, "Mark Nottingham" <mnot@mnot.net>, "HTTP Working Group" <ietf-http-wg@w3.org>
In message <emac540e4f-ad51-4150-8748-5daacd186421@bodybag>, "Adrien de Croy" w rites: >e.g. that we think the level of https adoption is a problem to be solved. > >personally I do not. Me neither: We should deliver tools, not policies. In particular, I think it is utterly hypocritical to attempt to mandate HTTPS adoption as long as the authentication framework is known to be comprehensively trojaned. I'm also not too warm on the opportunistic encryption idea: On the plus side: It frustrates the casual tcpdump() abuse and defeats high performance pritive keyword based filtering. On the minus side: It is just bit-scrambling and it doesn't take that much to defeat it. There is no doubt that deploying a good opportunistic scrambling, lets call it that, since that's all it is, will make people in NSA and GCHQ curse us. If that's the goal, we should design the scrambling to be maximally resource hungry, in order to defeat 10GE snooping cards with limited RAM resources. But for that to work, deployment must be swift and comprehensive (ie: HTTP/1 not /2) and it will only buy the world a minimum of privacy for some months. If we think we can engage the political process during such a pause and put the brakes on the Global War On Privacy, then it may be well worth it. But as long as people think more crypto is a sufficient answer, they are merely deluding themselves, and we should not crap up the protocol standards with futile attempts. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Thursday, 12 December 2013 20:39:40 UTC