- From: Mike Belshe <mike@belshe.com>
- Date: Thu, 3 Dec 2015 19:47:03 -0800
- To: httpbis mailing list <ietf-http-wg@w3.org>
- Message-ID: <CABaLYCv7xMWfKWYahEOcLjZ2tG68Ha+2KabDDF0Q6mq2QqXxcw@mail.gmail.com>
On Thu, Dec 3, 2015 at 10:01 AM, Willy Tarreau <w@1wt.eu> wrote: > On Thu, Dec 03, 2015 at 09:25:46AM -0800, Mike Belshe wrote: > > Off the shelf mitm has existed for years and long predates the SSL > > everywhere movement. > > I know and I don't care about MITM being performed on my *clear text* > browsing. But some companies decide that I should be forced to use > encryption even when I'm fine with MITM. > > > > Previously there was no need for breaking my PayPal connection because > I > > > could read blog articles in clear text. Now when my government wants > to see > > > what I'm reading, they also have the ability to break my PayPal > connection. > > > And anyone participating in these activities as well. > > > > > > > Maybe you don't read the news. The NSA has been all over your paypal > > connection for years.... Your employer has too. > > NSA I'm not surprized. My employer I'm certain not. My ISP and/or > government > maybe since in the ~500 CAs my browser recognizes, probably a few are > rogue. > > > > The rule used to be pretty simple : if you don't want others to sniff > you, > > > use SSL. Now since you don't offer that choice to users, it's "hey too > bad > > > for you if someone sniffs you". > > > > Willy, I'm surprised you think yesteryear's technology is supposed be > > sufficient forever. Security generally doesn't work that way. > > That's not what I'm saying, I'm talking about leaving the choice to end > users. > > > People want privacy, encryption, security and safety. They don't want > it > > sometimes - they want it all the time. > > That's wrong. YOU want this and YOU decide that everybody wants this. One thing never changes: the only people that don't want security are those peddling archaic proxy products that don't work in the face of encryption.... > I'm > NOT one of these idealist people because I know for sure that the ones who > have the power to enforce MITM have the power they need when they have to > come down on you. I prefer that they see my pointless browsing the easy > way instead of having them break my door and come with riffles while I'm > just checking google map to find the fastest way to go to my customers' > the next day. > > > But you know this. Instead of > > lamenting how great it was in the past, lets move forward and build > better > > TLS. > > Yes so that they need to break my door. > > We've had this discussion together in the past, we both know we disagree > on this point and will probably never agree. Let's not re-heat it here. > At least I'm the one who does not try to impose his way of life on others, > I'd rather let everyone decide. > OK - I'll stop. You should too - you've replied with no fewer than 5 (yes count them!) posts with the same tired old arguments... The implementors (not me) have decided on a more secure transport - please move on. Its the same as how we decided on a reliable transport (tcp) and not an unreliable one (udp). Mike > Willy > >
Received on Friday, 4 December 2015 03:47:35 UTC