- From: Jacob Appelbaum <jacob@appelbaum.net>
- Date: Thu, 3 Dec 2015 17:29:04 +0000
- To: Mike Belshe <mike@belshe.com>
- Cc: Poul-Henning Kamp <phk@phk.freebsd.dk>, Amos Jeffries <squid3@treenet.co.nz>, httpbis mailing list <ietf-http-wg@w3.org>
On 12/3/15, Mike Belshe <mike@belshe.com> wrote: > Absolutely to be expected, but nothing to do with http2. This was already > happening long before http2 or spdy... Exactly so - huge surveillance and censorship events are an ongoing problem. > These types of event are GREAT for everyone - we're getting visibility into > just how invasive our governments want to be. If we didn't push forward, > the world would be living in ignorant bliss. Rosa Luxemburg most famously captured this: "Those who do not move, do not notice their chains." I'm not sure that it is "great" in a sense that I'm familiar with... it is a reality check that moves things along in a very honest direction. Some technical people were aware and they were fine with the status quo. Some as collaborators and some as feeling like this is all awful and messy. Now many many more people will be aware, some with power to change things and many without. It moves us from a world of passive and hidden active attackers to a world where we'll see many more active attacks. Is it really bad news that we're now seeing this stuff? It has been happening for *years* in some countries. Some Oakley groups have been blocked wholesale in areas of the world. > Go go go http2 and mandatory SSL everywhere. Next step - eliminate MITM. > We haven't done that well yet, but its coming. TLS, please. :-) All the best, Jacob
Received on Thursday, 3 December 2015 17:29:33 UTC