Re: HTTP/2 and Pervasive Monitoring

> Am 15.08.2014 um 14:27 schrieb Eliot Lear <lear@cisco.com>:
> 
> Hi Mark,
> 
> Just on these two points, taken together:
> 
>> On 8/15/14, 4:58 AM, Mark Nottingham wrote:
>> One proposal we considered was to require the use of TLS (through https:// URIs) for HTTP/2. However, some members of the community pushed back against this, on the grounds that it would be too onerous for some uses of HTTP (not necessarily CPU; cost and administration of certificates was cited as a burden, as was the follow-on disruption to applications, since transitioning from HTTP to HTTPS often requires non-trivial content changes, due to the way that the browser security model works).
>> 
>> We also discussed an "Opportunistic Security" approach to using TLS for http:// URIs (but without authentication). This was a bit controversial too, as some community members felt that having another, weaker kind of security defined harms the long-term deployment of "full" TLS.
> 
> Some of us have been a little nervous about the spread of infections due
> to encryption with unauthenticated endpoints, making it a bit more of a
> pain for in-path virus checkers and such.  That was raised several
> times.  You saw data published to this list from Cisco saying that this
> wasn't really a problem when the server had a valid cert.
> 
> Eliot
> 
Don't think that a valid cert really helps here although it may give a hint about who is responsible.
 - the browser is executing potential dangerous code and may be infected.
 - there are just too many devices in a home to do this efficiently on all the devices.
 - the spy my already be in, for example a TV, and try to smuggle out private data under the TLS.
A central point of control may help users.

This problem should be solved separately and opportunistic encryption increases the need for a solution.

Roland

>

Received on Friday, 15 August 2014 17:25:47 UTC