Re: IAB Statement on Internet Confidentiality from Amos Jeffries on 2014-11-20 (ietf-http-wg@w3.org from October to December 2014)

From: Amos Jeffries <squid3@treenet.co.nz>
Date: Thu, 20 Nov 2014 20:32:19 +1300
To: ietf-http-wg@w3.org
Message-ID: <546D9903.9070306@treenet.co.nz>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 20/11/2014 7:45 p.m., Greg Wilkins wrote:
> On 20 November 2014 15:24, Tim Bray wrote:
> 
>> 
>>> Encrypting  is not going to help with any of these problems 
>>> 
>> 
>> Yes, it will *help*. No, it will not *solve* them, and solving
>> them is important, but providing help now is a good thing to do.
>> Every layer of privacy technology drives attacker costs up and
>> makes certain attacks non-economic.  I for one am not willing to
>> put improvements on hold for years while we strive for the
>> perfect at the expense of the good.
>> 

Encryption-everything/everywhere is politics and security theatre. It
has a lot of collateral damage from the warning popups, false signals
claiming privacy, actively revealing details otherwise private, and
the false sense of security provided to developers implementing things
on top of it.

When the goal is to improve *trust* collateral damage is simply not
acceptible.

Crossing the fine distinction of "everything" versus "when
appropriate" is the same mistake NSA etc are trying to recover from.
They accepted collateral damage and got caught at it. I have no doubt
the system they implemented provided a high degree of *security* for
their citizens. While actively *destroying* the basis for trust in the
process.

I have not seen anyone objecting to actual improvements. Just fighting
against what appears to be responses based in blind panic or blinkered
idealism.

Lets cool down on the "encrypt, encrypt, encrypt!" bandwaggon and
actually *do* the encryption in ways that can be shown to improve the
network without collateral damage.

Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUbZkDAAoJELJo5wb/XPRjAQIIAKMn1JRmQVM9nhcrkVteqBSf
lDWBMQVmuYefFzzuMy0Wl0QDdnTWQO/tglH4K7JwZq7taqJS8YmVDhGAfB+tj3qQ
quF2ERMEbXZTmBbKWWWldBGiZZ+CxyRkW0q9sa1966J2jELL2kjvVtotudYuxotU
hMZNm1gdftDUl092wjSELH2asG5R/zYVZLDbkaOeRuLoJ94iy8ItR9J7tqxNwTHW
HBnJJHMDDSwikx8yMpzL9KD/Q1SOPNnRPnQO29ecAmGxxrJlw6f0j+yhq+jK3p7G
Zt/PX6PkIByyRpqrnmHUu9ZIPwIFXFMsr3VnOAkuAq9qOguO6o8B9+KQfPYCcaM=
=GOWZ
-----END PGP SIGNATURE-----

Received on Thursday, 20 November 2014 07:33:02 UTC