Re: Fwd: IAB Statement on Internet Confidentiality from Roland Zink on 2014-11-17 (ietf-http-wg@w3.org from October to December 2014)

From: Roland Zink <roland@zinks.de>
Date: Mon, 17 Nov 2014 13:46:39 +0100
To: ietf-http-wg@w3.org
Message-ID: <5469EE2F.2020108@zinks.de>
On a first glance HTTP2 doesn't look to bad regarding this. See some 
comments included.

Regards,
Roland

On 14.11.2014 13:01, Mark Nottingham wrote:
> Everyone,
>
> Please have a read through this carefully. Not only does it have potential impact upon future work — including any standards work around proxies — but it also may weigh on our current work (HTTP/2) when we take it to IETF Last Call.
>
> Regards,
>
>
>> Begin forwarded message:
>>
>> From: IAB Chair <iab-chair@iab.org>
>> Subject: IAB Statement on Internet Confidentiality
>> Date: 13 November 2014 11:26:02 pm GMT-10
>> To: IETF Announce <ietf-announce@ietf.org>
>> Archived-At: http://mailarchive.ietf.org/arch/msg/ietf-announce/ObCNmWcsFPNTIdMX5fmbuJoKFR8
>> Cc: IAB <iab@iab.org>, IETF <ietf@ietf.org>
>> Reply-To: ietf@ietf.org
>>
>> Please find this statement issued by the IAB today.
>>
>> On behalf of the IAB,
>>   Russ Housley
>>   IAB Chair
>>
>> = = = = = = = = = = = = =
>>
>> IAB Statement on Internet Confidentiality
>>
>> In 1996, the IAB and IESG recognized that the growth of the Internet
>> depended on users having confidence that the network would protect
>> their private information.  RFC 1984 documented this need.  Since that
>> time, we have seen evidence that the capabilities and activities of
>> attackers are greater and more pervasive than previously known.  The IAB
>> now believes it is important for protocol designers, developers, and
>> operators to make encryption the norm for Internet traffic.  Encryption
>> should be authenticated where possible, but even protocols providing
>> confidentiality without authentication are useful in the face of
>> pervasive surveillance as described in RFC 7258.
>>
>> Newly designed protocols should prefer encryption to cleartext operation.
HTTP seem to give this to the content provider, but ALT-SVC and OPP-SEC 
seem to address this.
>> There may be exceptions to this default, but it is important to recognize
>> that protocols do not operate in isolation.  Information leaked by one
HTTP leaks information. Especially the content provider can add 3rd 
parties without the user noticing it. Especially the refer header then 
leaks information about the original request to a third party. 
Encryption alone doesn't help.
>> protocol can be made part of a more substantial body of information
>> by cross-correlation of traffic observation.  There are protocols which
>> may as a result require encryption on the Internet even when it would
>> not be a requirement for that protocol operating in isolation.
>>
>> We recommend that encryption be deployed throughout the protocol stack
>> since there is not a single place within the stack where all kinds of
>> communication can be protected.
Btw. when I read this text at 
https://www.iab.org/2014/11/14/iab-statement-on-internet-confidentiality/#more-7754 
then TLS is used but there is a warning that some parts are not 
retrieved or not secure 
(http://www.iab.org/wp-content/plugins/amr-ical-events-list/css/icallist.css?ver=1) 
:)
>>
>> The IAB urges protocol designers to design for confidential operation by
>> default.  We strongly encourage developers to include encryption in their
>> implementations, and to make them encrypted by default.  We similarly
>> encourage network and service operators to deploy encryption where it is
>> not yet deployed, and we urge firewall policy administrators to permit
>> encrypted traffic.
How to get and install the necessary certificates?
>>
>> We believe that each of these changes will help restore the trust users
>> must have in the Internet.  We acknowledge that this will take time and
>> trouble, though we believe recent successes in content delivery networks,
>> messaging, and Internet application deployments demonstrate the
>> feasibility of this migration.  We also acknowledge that many network
>> operations activities today, from traffic management and intrusion
>> detection to spam prevention and policy enforcement, assume access to
>> cleartext payload.  For many of these activities there are no solutions
This seems to be a weak part of HTTP2 and a proxy approach may become 
handy on tackling those.
>> yet, but the IAB will work with those affected to foster development of
>> new approaches for these activities which allow us to move to an Internet
>> where traffic is confidential by default.
Any help welcome.
> --
> Mark Nottingham   http://www.mnot.net/
>
>
>
>
Received on Monday, 17 November 2014 12:47:03 UTC