-------- In message <551B2120.7020907@cs.tcd.ie>, Stephen Farrell writes: >But studies like these are still (for me anyway) far more worth >paying attention to than yet more anecdotes and prognostications. I fully agree as long as their results are interpreted carefully and precisely. However this study only tells us that MitM is unlikely to be less than 0.41%, we have *no* information about any upper limit. But I find your continued belittlement of "anecdotes and prognostications" problematic even without this study. I know of no usable measurements of how often courts allow or mandate MitM as part of criminal investigations. Yet, we know that it happens: Occasionally we spot bogo-certs and here and there tidbits emerge from courthouses. If we (try to) make MitM impossible for law-enforcement, courts will approve use of more drastic and damaging means and measures, and legislators will neuter "impediments to law-enforcement" if necessary, no matter how ill advised that may be. Remember how much privacy we lost after 2001 ? Today we're probably just a single convenient crisis, real or manufactured, from key escrow becoming the law of the policestate. Blindly pushing the "HTTPS anywhere" agenda through to completion is at best a distraction and at worst it risks doing more damage our privacy in the long run. The only real solution is to make make privacy a protected human right. Poul-Henning -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.Received on Tuesday, 31 March 2015 23:07:26 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:43 UTC