- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Sun, 6 Dec 2015 13:35:19 +0000
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>, Jacob Appelbaum <jacob@appelbaum.net>
- Cc: Mark Nottingham <mnot@mnot.net>, Cory Benfield <cory@lukasa.co.uk>, Adrien de Croy <adrien@qbik.com>, Mike Belshe <mike@belshe.com>, Amos Jeffries <squid3@treenet.co.nz>, httpbis mailing list <ietf-http-wg@w3.org>
Sorry to interrupt the flow of tls-is-bad but in amongst the verbiage were two basic assumptions that I think highlight where PHK and others with similar views diverge from what has repeatedly been evaluated as the rough consensus of the IETF. On 06/12/15 10:58, Poul-Henning Kamp wrote: > 1) If you *really* have something to hide, you should focus on > protecting your metadata. The use of the singular "you" a number of times reflects a very 1980's view of the Internet - today a person who may or may not have something to hide does not (in 99.99% of cases) have the expertise to know what is involved in that and in many cases does not even know what it is that may be worthwhile hiding. That person's wishes and actions are mediated by many different sets of folks to the point that text like the above and stories about "couriers" are simply misleading fairy tales. We (in the IETF) need to develop protocols that work well in this kind of situation. BCP61 is one expression of that - strong security needs to be available everywhere for us to do a good job. (Note that I make no claim that we've done a super-good job at that, but we are improving and getting more realistic I think as is shown by RFC7435.) > > Nobody needs to brute-force your session-keys to know what's > going on if they know you had a two hour midnight web-session > with 'aids-advice.example.com' > > 2) In most cases the actual message does not need absolute or > even any secrecy. If I browse a major news-site, there is > very little incremental information leakage in knowing which > particular articles I read. That's another divergence, BCP188 represents the IETF consensus to work against PM, and it is abundantly clear that PM and many other security and privacy threats benefit from use of cleartext HTTP via tracking and via enabling the potential for injection of various kinds. That the same is recognised for other protocols used in the web is confirmed by RFC7626. More and more I think we are learning that services such as selective field confidentiality (which have always been very hard to engineer) are in fact quite possibly damaging, both because getting the field selection wrong may be inevitable and because the added complexity could be beyond our ability to engineer at the scale of the current Internet and web especially as that has multiple parties involved, which HTTP does. Aiming for such an outcome in the IETF context is not quite as bad as the magic thinking of the likes of the current FBI director, but is close to being as bad, as it is clearly unrealistic in the extreme. Lastly, while the above quoted text I think does nicely highlight this basic divergence of opinion, I think that divergence has been entirely clear for at least a couple of years and that the many many messages on this list in the last few days have clarified precisely nothing but are simply repetitive and have basically no information content. It'd be nice if that flow eased off or even stopped. Cheers, S.
Received on Sunday, 6 December 2015 13:35:53 UTC