- From: Willy Tarreau <w@1wt.eu>
- Date: Sun, 6 Dec 2015 13:54:25 +0100
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Cc: Jacob Appelbaum <jacob@appelbaum.net>, Amos Jeffries <squid3@treenet.co.nz>, ietf-http-wg@w3.org
On Sun, Dec 06, 2015 at 12:33:13PM +0000, Poul-Henning Kamp wrote: > -------- > In message <CAFggDF1NOskxyAdJkamuhM5EmPhcdwfKz9q4y5+SgaCFBWJ6sA@mail.gmail.com> > , Jacob Appelbaum writes: > > >>> Not exactly. We have started with unencrypted connections that lack > >>> confidentiality, integrity and authenticity. Moving to TLS gives us > >>> all three with a computational cost and within certain boundaries. > >> > >> The tired old argument against "TLS-everywhere" is that TLS does *not* > >> offer all three of those. > > > >That argument is wrong when we consider how it is used in practice. As > >an example, we upgrade a protocol from HTTP to HTTPS - we gain those > >properties within certain bounds. > > For "within certain bounds" read: > > "Except any actor which has a trojan or captured CA - which > means any non-incompetent state actor and many highly > competent non-state actors." Oh and BTW, how many of those who bought their smartphones from their mobile operator verified that the operator has not pre-installed its own CA in the phone to offer a "better experience" to their customers ? By "better experience", you can understand "benefit from caching and parental control without having to go through the difficult steps of adding their CA yourself". And of course benefit from everything else you didn't want to benefit from... Willy
Received on Sunday, 6 December 2015 12:54:56 UTC