IETF Logo Mail Archive

Re: [98attendees] Tussle issue in plenary

Bron Gondwana <brong@fastmail.fm> Fri, 31 March 2017 06:43 UTC

Return-Path: <brong@fastmail.fm>
X-Original-To: 98attendees@ietfa.amsl.com
Delivered-To: 98attendees@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9957A1294B1 for <98attendees@ietfa.amsl.com>; Thu, 30 Mar 2017 23:43:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.718
X-Spam-Level:
X-Spam-Status: No, score=-2.718 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmail.fm header.b=03bnW8Tz; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=rAbujc0y
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VX3VqCuvhGRE for <98attendees@ietfa.amsl.com>; Thu, 30 Mar 2017 23:43:08 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6C26129411 for <98attendees@ietf.org>; Thu, 30 Mar 2017 23:43:08 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id DC925208E8 for <98attendees@ietf.org>; Fri, 31 Mar 2017 02:43:07 -0400 (EDT)
Received: from web5 ([10.202.2.215]) by compute6.internal (MEProxy); Fri, 31 Mar 2017 02:43:07 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.fm; h= content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=k4Iy3pF0xZweGVXKRNJSaBF9pBk4n XOg4NiPf4s2QEM=; b=03bnW8Tz/XuJ4+6oFMkSa2d218UWLUj6g+7WyLnrbfSPW 044wOEHDQPPuFzpWHT9h1niH3vqX662E/Fyf9fqovQdwjuybhAdzm7rNaT1V0/Ry eFeL375I/UHQCkWSa2t8TaR0NF6uAZ4o8O6Yy25wbQLRQ5YFKkTARKgfu6u+T2sR To5hShYo5m5i0/yAdRx2AVbPs06zMCPgHj6Y0Z4ZLF4O6BNOyV49WP4i1P3OOU0R rdNe4PlgOG7rLf01hXRsCe16Xw3AxRmFs58t1DVvSZlvzUUhs4+oEjXlmgg3Sg3V 41P/CBrIsZULQO+BfCUJB3h6sYfE2aOI0MpzFW3ng==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=k4Iy3p F0xZweGVXKRNJSaBF9pBk4nXOg4NiPf4s2QEM=; b=rAbujc0y71yEbQyab6kJ1A 9LPxKwxxG0MftseVW7ZNoCfrLF/blKlAjOfS3dR+HfS8cOtMQWnnZobBdrvmnEpI u7zYtE20sTP/kVVCSC6dlhX0HhF9P80BH9P+RvC33y369a5sv15cLKioGCq62G+d 8IQgG7JAIiMfeMMfAUKpSEgKetopqYaGVBOsvxcX7yQ8hBLE2Pvwo5PVpxPsi3CF 2Z1mlW7CHzxKavgHrJFMStzXC0Zkw5bT+s8RiMzc9B/Fr2L45a9+SJYo+qjk0zSA Espt9R9w3Mw3DdDkBSeWiO16WuR+2fxcxbhJKpkBjHoRupCCDdBeZuA1N/LU30cQ ==
X-ME-Sender: <xms:e_rdWNPzmMUWohloihJg3RgYRFZx7A1r-MWYSARDdw4hG8JWOSwVKQ>
Received: by mailuser.nyi.internal (Postfix, from userid 99) id BB69F9E20B; Fri, 31 Mar 2017 02:43:07 -0400 (EDT)
Message-Id: <1490942587.113767.929512208.3648B1DF@webmail.messagingengine.com>
From: Bron Gondwana <brong@fastmail.fm>
To: 98attendees@ietf.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: multipart/alternative; boundary="_----------=_14909425871137670"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-6cc8b445
Date: Fri, 31 Mar 2017 01:43:07 -0500
In-Reply-To: <tencent_4BA31A857FEA40E27003B548@qq.com>
References: <tencent_4BA31A857FEA40E27003B548@qq.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/98attendees/uZlXfp-JOx4M17i4FmvZVPPVr78>
Subject: Re: [98attendees] Tussle issue in plenary
X-BeenThere: 98attendees@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Mailing list of IETF 98 attendees that have opted in on this list." <98attendees.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/98attendees>, <mailto:98attendees-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/98attendees/>
List-Post: <mailto:98attendees@ietf.org>
List-Help: <mailto:98attendees-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/98attendees>, <mailto:98attendees-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Mar 2017 06:43:11 -0000

On Thu, 30 Mar 2017, at 02:09, Davey wrote:

> Note that I say this not because I endorse the censorship of gov't or
> encourage any activities violating privacy. They are just there no
> matter you like it or not, similar as that you can not decide who is
> your president.


I absolutely agree, and as I said (I was the last person up to the
microphone), the people who want to do these things have real world
actual authority and power.  They _will_ route around our protocols if
they have to.


#include <xkcd/538.gif>



And the idea of a TLS connection that negotiates in a third party with
rights to watch or even alter traffic in a standard way sounds better to
me than an interception box that terminates your connection with their
own cert that you are required to add to your browser, and then makes an
additional connection onwards:


https://www.us-cert.gov/ncas/alerts/TA17-075A



If there was a standard which avoided "The client can only verify the
connection between itself and the HTTPS interception product. Clients
must rely on the HTTPS validation performed by the HTTPS interception
product." then everybody behind one of those boxes would overall be
safer.  Sure it's worse than having nobody evesdropping, but at least
you know who's listening.


Bron.



--

  Bron Gondwana

  brong@fastmail.fm

v2.23.0 | Report a Bug | By Email