W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2015

Re: 2 questions

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Tue, 31 Mar 2015 23:07:01 +0000
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
cc: Adrien de Croy <adrien@qbik.com>, Xiaoyin Liu <xiaoyin.l@outlook.com>, Dan Anderson <dan-anderson@cox.net>, "Walter H." <walter.h@mathemainzel.info>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <40951.1427843221@critter.freebsd.dk>
--------
In message <551B2120.7020907@cs.tcd.ie>, Stephen Farrell writes:

>But studies like these are still (for me anyway) far more worth
>paying attention to than yet more anecdotes and prognostications.

I fully agree as long as their results are interpreted carefully
and precisely.

However this study only tells us that MitM is unlikely to be less
than 0.41%, we have *no* information about any upper limit.

But I find your continued belittlement of "anecdotes and
prognostications" problematic even without this study.

I know of no usable measurements of how often courts allow or mandate
MitM as part of criminal investigations.

Yet, we know that it happens:  Occasionally we spot bogo-certs
and here and there tidbits emerge from courthouses.

If we (try to) make MitM impossible for law-enforcement, courts
will approve use of more drastic and damaging means and measures,
and legislators will neuter "impediments to law-enforcement" if
necessary, no matter how ill advised that may be.

Remember how much privacy we lost after 2001 ?  Today we're probably
just a single convenient crisis, real or manufactured, from key
escrow becoming the law of the policestate.

Blindly pushing the "HTTPS anywhere" agenda through to completion
is at best a distraction and at worst it risks doing more damage
our privacy in the long run.

The only real solution is to make make privacy a protected human right.

Poul-Henning

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Tuesday, 31 March 2015 23:07:26 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:43 UTC