- From: Jacob Appelbaum <jacob@appelbaum.net>
- Date: Sat, 5 Dec 2015 22:59:23 +0000
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Cc: Mark Nottingham <mnot@mnot.net>, Cory Benfield <cory@lukasa.co.uk>, Adrien de Croy <adrien@qbik.com>, Mike Belshe <mike@belshe.com>, Amos Jeffries <squid3@treenet.co.nz>, httpbis mailing list <ietf-http-wg@w3.org>
On 12/5/15, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > -------- > In message > <CAFggDF1ckgL+mGN5NJKv9-Mj5b6MDkHdJC+3SVo=JJ2pKQd=iw@mail.gmail.com> > , Jacob Appelbaum writes: > >>> And that is *exactly* why people should have thought "Hang on, If >>> TLS-everywhere is easly defeated by COTS products..." >> >>The model here is a bit strange. HTTP withou TLS is also easily >>defeated. There is a cost here that is higher for the adversary and >>that includes a political one: detection. > > Jacob, that's a false dictomy and you know it well. Not exactly. We have started with unencrypted connections that lack confidentiality, integrity and authenticity. Moving to TLS gives us all three with a computational cost and within certain boundaries. Some object to confidentiality, others to integrity and so on. A lack of action on this has ensured that some protocols stay unencrypted - an explicit goal of some of the bad actors who are present as agents of influence in this (and other!) standards body. > > I'm not advocating unencrypted HTTP, you can read what I > advocated here: http://phk.freebsd.dk/words/httpbis.html It seems that others are - by simply keeping the status quo. I see that you explicitly discuss privacy and that you seem to advocate for notification to the end user. I have to read the draft much more carefully to really decide what I think. I think that I don't object to the draft, generally. It sounds pretty reasonable. > > That is pretty much the same delineation as the draft we're > talking about now. > I think we may disagree about meta-data vs content and how we want surveillance by unauthorized third parties to actually be conducted. I think I'd like to see an explicit diagram for what a bad actor would see when they watch your connection, illegally, for example. That is lacking in your draft - what does it actually look like and what actions can be performed by attackers? It would be interesting to read an update of that draft with a "surveillance considerations" section. It would especially be interesting to compose it with Tor explicitly and see if together, both protocols would give us something that we'd like to see but split in reasonable ways. >>> Rumours from local sources is that it simply took their webserver >>> down. No rumours about the government decision having changed. >> >>Now would be a good time to have diplomatic contacts reach out and to >>confirm, [...] > > Unfortunately I don't know anybody in Kazahkstan who can risk sticking > their head up. Of course - I am suggesting that we ask people in Europe to hold discussions with the Kazahkstan government over the issue. I am planning to do so myself, next week, in the European parliament. Hope to see you there or at PSC[0] afterwards. Or more on the mailing list, much to do and all that... All the best, Jacob [0] https://hyperelliptic.org/PSC/index.html
Received on Saturday, 5 December 2015 22:59:53 UTC