Re: Fwd (TAG): Draft finding - "Transitioning the Web to HTTPS"

Mark Nottingham wrote:
> What I find interesting is that by the numbers I’ve seen and talked
> to people about in the industry, the vast majority of people *don’t*
> use a proxy cache; that said, what we all seem to be concerned about
> are those specific cases where they are used, and they really help.

Or, don't *think* they use a proxy cache. Most industry insiders will
say conneg is irrelevant, while using conneg to implement compression,
so I have low confidence that they're aware of various devices between
themselves and the websites they access.

I'm about to post this link in another response...

...but it's interesting to note that aside from squid, there's no
overlap between that document's list of intermediaries, and one we came
up with on rest-discuss a few years back. They're called "transparent"
proxies for a reason, even if they don't cache, and HTTPS threatens
that entire ecosystem.

> > 3) We had an interesting offline discussion at the privacy workshop
> > on “imagine if every router on the internet did NAT”.  This means
> > that the ability to trace people by IP address would be curtailed:
> > people often don’t both to reduce fingerprinting because the source
> > IP address has already ‘given the game away'. It’s an interesting
> > thought experiment, but its impact on security might be negative.
> > (And there are many other problems, notably pper-peer connections
> > for things like telephony.)
> > 
> > Maybe worth a paragraph?
> Once one scratches the surface, you can find a multitude of security
> and privacy issues on the Web and Internet. While they’re important
> issues to consider, I’m striving to NOT make this finding the
> be-all-and-end-all of security and privacy, because it will make it
> that much difficult to agree upon, read, and understand. Small
> steps...

Provided those steps are going in the right direction, vs. painting the
Web into a corner.

FWIW, my NAT gives me away due to timezone and clock skew. Those two
data points equate to like, 1 in 500. Orthogonal, but add Opera and
1600x1200 resolution, and four data points nail me right down. Being a
modern dinosaur really makes me stick out...

While I can appreciate the desire for TAG to crank out a producible, I
have issues with anointing TLS when it doesn't address the root problem
of page integrity, while doing away with caching I may very well need
even more, if Net Neut goes the way of the Dodo.


Received on Saturday, 20 December 2014 06:53:38 UTC