Re: SSL/TLS everywhere fail from Adrien de Croy on 2015-12-04 (ietf-http-wg@w3.org from October to December 2015)

From: Adrien de Croy <adrien@qbik.com>
Date: Fri, 04 Dec 2015 05:34:15 +0000
To: "Mike Belshe" <mike@belshe.com>, "httpbis mailing list" <ietf-http-wg@w3.org>
Message-Id: <em31e89f4b-9487-47b0-a997-90e40919a2a2@bodybag>

------ Original Message ------
From: "Mike Belshe" <mike@belshe.com>
To: "Adrien de Croy" <adrien@qbik.com>
Sent: 4/12/2015 5:49:33 p.m.
Subject: Re: SSL/TLS everywhere fail

>If you don't know that mandatory encryption is a basic staple of 
>security (go ask any IT guy), then you're just not a security expert, 
>so you're really not qualified to be here.
I don't know how you made that leap, but anyway there's no dispute that 
crypto is the cornerstone of security.

the question here is whether "security" should be applied to everything.

You don't have a padlock on your toilet seat, probably for very good 
reason.


>As for proxies - their use continues to dwindle to smaller and smaller 
>parts of the pie because they are fundamentally at odds with strong 
>data controls and security.  That trend will continue and is 
>measurable.
I guess we are looking at different data.  More companies than ever are 
looking to block time wasting sites.

>
>
>As for your "warnings" - I told you what would happen and it has.  
>Security will get better now - and it is!!
For many people sure, it's better.  for those who are now behind a MitM 
where before they weren't because MitMs weren't needed it isn't.  This 
now includes the entire population of 1 country with probably more to 
follow.


>Awareness is at a peak, and users know when the software they use is 
>failing them.  Why?  Thanks to using SSL everywhere!
Awareness is great.  It would be great if browsers would show people 
when they were being intercepted or MitMed.  I think Yoav made a 
proposal for that which was panned.


>
>Hooray for the end of transparent proxies that completely screwed 
>everyone.  Now lets get rid of all the remaining proxies- the MITM 
>proxies that continue to plague us...

You mean all those intercepting caching proxies that mean providing 
internet access to rural Africa, remote locations, pacific islands etc 
etc is even feasible?



>.
>
>Mike
>
>
>On Thu, Dec 3, 2015 at 8:18 PM, Adrien de Croy <adrien@qbik.com> wrote:
>>Actually this deserves another response
>>
>>------ Original Message ------
>>From: "Mike Belshe" <mike@belshe.com>
>>
>>>
>>>One thing never changes:  the only people that don't want security 
>>>are those peddling archaic proxy products that don't work in the face 
>>>of encryption....
>>>
>>This is wrong on all counts
>>
>>We DO want security.  We just don't want the appearance of security 
>>which actually results in less security, which is what you are 
>>peddling and which we warned about all along.
>>
>>Also proxies DO work in the face of encryption.  They have had to, and 
>>this is part of the arms race problem.
>>
>>You're happy to make all these decisions for the billions of people, 
>>but I doubt you would be able to bear the cost of it for them. Or to 
>>make amends when it turns out that you were wrong.
>>
>>
>

Received on Friday, 4 December 2015 05:34:52 UTC