Re: HTTP/2 and Pervasive Monitoring

On 15 August 2014 22:34, Poul-Henning Kamp <> wrote:

> Currently, they can run a filter which is essentially:
>         tcpdump -i all0 -w - | egrep -i "terrorist|bomb"

That kind of monitoring does take place,  but any *pervasive" monitoring of
that kind requires a warrant - or is illegal (and if illegal they can tap
into places that TLS will not help).

The type of *pervasive* monitoring that is legal and does take place widely

    tcpdump -i all0 -n | egrep "IP [0-9\.]* > IP.OF.KNOWN.NASTY"

This is not something that the protocol or TLS can fix.


Greg Wilkins <> HTTP, SPDY, Websocket server and client that scales  advice and support for jetty and cometd.

Received on Friday, 15 August 2014 23:23:45 UTC