- From: Chris Palmer <palmer@google.com>
- Date: Mon, 15 Dec 2014 11:17:24 -0800
- To: "Sean B. Palmer" <sean@miscoranda.com>
- Cc: Mark Nottingham <mnot@mnot.net>, "www-tag@w3.org List" <www-tag@w3.org>
Received on Monday, 15 December 2014 19:17:51 UTC
On Sat, Dec 13, 2014 at 2:21 PM, Sean B. Palmer <sean@miscoranda.com> wrote: The specifics of encryption were only the second part of my email; I > appreciate your information there. But again, the policy must note > that TLS/SSL is known to be partially compromised. > All I saw was things we know about and are working on deprecating (small RSA keys, RC4, curves of arguably questionable origin, broken hash functions). This is a natural process of improving cipher suites and parameters in response to cryptanalytic attack. > It is not "detail" to mention that TLS/SSL is partially compromised > when you are advocating widespread use of HTTPS. Widespread use of > HTTPS will incur the consequence that many who switch will still be > vulnerable to Pervasive Monitoring, per RFC 7258. > What alternative do you propose? Do you have some perfect protocol and ciphersuite that you haven't told us about yet? TLS and the various ciphersuites we use with it are imperfect but incrementally fixable. HTTP provides no safety guarantees at all. Any low-latency, bandwidth-efficient protocol will be more or less subject to traffic analysis. I'm not sure what your point is. I think most engineers understand TLS to be a bare minimum security mechanism, and that further security guarantees are far more likely to build on it than to replace it.
Received on Monday, 15 December 2014 19:17:51 UTC