- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Sat, 05 Dec 2015 16:07:29 +0000
- To: Jacob Appelbaum <jacob@appelbaum.net>
- cc: Mark Nottingham <mnot@mnot.net>, Cory Benfield <cory@lukasa.co.uk>, Adrien de Croy <adrien@qbik.com>, Mike Belshe <mike@belshe.com>, Amos Jeffries <squid3@treenet.co.nz>, httpbis mailing list <ietf-http-wg@w3.org>
-------- In message <CAFggDF1ckgL+mGN5NJKv9-Mj5b6MDkHdJC+3SVo=JJ2pKQd=iw@mail.gmail.com> , Jacob Appelbaum writes: >> And that is *exactly* why people should have thought "Hang on, If >> TLS-everywhere is easly defeated by COTS products..." > >The model here is a bit strange. HTTP withou TLS is also easily >defeated. There is a cost here that is higher for the adversary and >that includes a political one: detection. Jacob, that's a false dictomy and you know it well. I'm not advocating unencrypted HTTP, you can read what I advocated here: http://phk.freebsd.dk/words/httpbis.html That is pretty much the same delineation as the draft we're talking about now. >> Rumours from local sources is that it simply took their webserver >> down. No rumours about the government decision having changed. > >Now would be a good time to have diplomatic contacts reach out and to >confirm, [...] Unfortunately I don't know anybody in Kazahkstan who can risk sticking their head up. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Saturday, 5 December 2015 16:08:00 UTC