Re: Draft finding - "Transitioning the Web to HTTPS" from Harry Halpin on 2015-01-05 (www-tag@w3.org from January 2015)

From: Harry Halpin <hhalpin@ibiblio.org>
Date: Mon, 5 Jan 2015 13:13:18 +0100
To: Tim Berners-Lee <timbl@w3.org>
Cc: Henri Sivonen <hsivonen@hsivonen.fi>, Public TAG List <www-tag@w3.org>
Message-ID: <CAE1ny+7t1eMu+=-ukxRZ46pOYuhVbGdOkeMgt9C1-fabkKyGJw@mail.gmail.com>
On Mon, Jan 5, 2015 at 12:04 PM, Tim Berners-Lee <timbl@w3.org> wrote:
>
> On 2014-12 -19, at 16:18, Tim Berners-Lee <timbl@w3.org> wrote:
>
>
> On 2014-12 -11, at 07:46, Henri Sivonen <hsivonen@hsivonen.fi> wrote:
>
> On Tue, Dec 9, 2014 at 1:28 AM, Mark Nottingham <mnot@mnot.net> wrote:
>
> * The example of a village with poor access (e.g., in Africa) has regularly
> been
>
> brought up in the IETF as an example of a population who want shared
> caching, rather than encryption. The (very strong) response from folks
>
> who
> have actually worked with and surveyed such people has just as regularly
> been that many of these people value security and privacy more.
>
>
>
> That's interesting.  Data?  (((The school I remember in Rwanda which ran of
> one VSAT 128k link I think we just interested in getting some connectivity
> for their class and caching was crucial.  They used a custom router/cache
> which was designed for that situation. I don't think they were concerned
> about people spying on or falsifying the wikipedia pages they were reading
> in the class.  But maybe I missed that.  Maybe they now have fibre. Or maybe
> in general the switch from wifi  to mobile 3g data  where there is not real
> opportunity for people to push in a community cache. )))
>
> But to argue about this without data is not forward progress.
>
>
>
> Thank you for bringing this up.
>
> It seems to me that there is a pattern that people find the theory of
> forward proxies architecturally appealing and then try to find use
> cases that fit the architecture.
>
>
> I don't see a pattern.
>
>
>  You [Henri and Mark] make fun of these "people" on their hobbyhorses as a
> way of discounting their argument, which is not constrictive.
>
> As it happens I just talked to someone who runs a small remote island with
> about 400 people.
> I didn't ask but he brought it up of his own accord, that with everyone on
> wifi and a (17Mb/s ?17MB/s ? he wasn't sure) link supporting everyone, he
> had been recommended and was planning to install a commercial island-wide
> web proxy cache product, as he felt a lot of people watched the same movies.
>
> His concern about bandwidth and response time was paramount. He wasn't
> primarily, as far as I could see, concerned about the privacy of the folks
> being invaded by foreign power and the extent to which that was affected as
> he made the decision as to how to balance running a proxy with getting more
> bandwidth.
>
> If the videos are all https: then he won't be able to cache them, except --
> not to worry, the tools he buys will probably include MITM attack tools, so
> in fact he *will* be able to cache things after all. But it is ironic that
> the only thing would drive him in that scenario to install MITM attack
> system, which makes the whole operation much less secure in many ways, is
> the trend toward https: for movies.    If people were happy to have the
> movies they watch spied on, then they would retain the ability to have
> end-end secure communications across the net for other things.
>

However, in terms of ethics, I would hold that disabling an
architecture of pervasive surveillance is probably more important than
the speed of watching movies in terms of the future of the Web. In
that regard, the long-term goal should be able to make such MITM
attacks impossible as the same architecture that leads to MITM attacks
for "legitimate" uses will inevitably be used for repressive purposes
IMHO.

The question then is how can we create an architecture that allows a
proxy-like features (i.e. fulfills the use-cases of internet proxying)
without actually interfering with traffic? This seems like it could be
something that could be offloaded into browsers and OS-level
functionality. Ditto, how can we do caching for some cases like movies
on the server-side while still encrypting to the client? These are all
soluable problems likely that need to be fully understood.

> Just saying that the economics of this and the balance between the various
> concerns are not to be understood well with a few anecdotes and some bar
> BOFs.

I agree in general, and this is precisely the kind of hard question
that the academic/industrial research community, OECD, and others
should be tackling.

    cheers,
       harry

>
>
> The previous hobbyhorse of this kind
> was "transcoding proxies".
>
>
> [irrelevant mildly disrespectful argument deleted]
>
> [...]
> --
> Henri Sivonen
> hsivonen@hsivonen.fi
> https://hsivonen.fi/
>
>
>
>
> timbl
> director hat off
>
Received on Monday, 5 January 2015 12:13:45 UTC