Re: HTTP/2 and Pervasive Monitoring
Eliot Lear <lear@cisco.com> Sun, 17 August 2014 06:22 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 311901A0733 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 16 Aug 2014 23:22:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.17
X-Spam-Level:
X-Spam-Status: No, score=-15.17 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bq7XTO_sZdEB for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 16 Aug 2014 23:22:47 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56A041A0732 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sat, 16 Aug 2014 23:22:46 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XItpB-0003Y1-DR for ietf-http-wg-dist@listhub.w3.org; Sun, 17 Aug 2014 06:20:17 +0000
Resent-Date: Sun, 17 Aug 2014 06:20:17 +0000
Resent-Message-Id: <E1XItpB-0003Y1-DR@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <lear@cisco.com>) id 1XItok-0002FH-Lv for ietf-http-wg@listhub.w3.org; Sun, 17 Aug 2014 06:19:50 +0000
Received: from aer-iport-4.cisco.com ([173.38.203.54]) by maggie.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <lear@cisco.com>) id 1XItoj-0001dG-V0 for ietf-http-wg@w3.org; Sun, 17 Aug 2014 06:19:50 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1336; q=dns/txt; s=iport; t=1408256389; x=1409465989; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to; bh=eUAA40u+KECCAxu9pQEBJ+vk9HRhvln9I6D42dzpoFg=; b=Z1DDQKVxMzlDHl10eV7vsril/wnTaHHI3HLM5X0J+LaPOFrP5I6vX5bj qvu6tdrqYRb7AqHU5u17T34LmDgqKchIPa0IW0T5wy5qIeIYdnmYJmkHp WGB2eHe1OZ/ui5yJqN6OsBfsmq7C3/5YApJHBVpROfVEMF4U2SPOkvqQT U=;
X-Files: signature.asc : 486
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AqIEAKhI8FOtJssW/2dsb2JhbABZg2CDU9ExAYEid4QEAQEEI1UBEAsYCRYLAgIJAwIBAgFFBgEMAQcBAYg+rGiUWxePTAeCeYFTAQSTJYFKh1OHKo1Zg187gn4BAQE
X-IronPort-AV: E=Sophos;i="5.01,878,1400025600"; d="asc'?scan'208";a="140057458"
Received: from aer-iport-nat.cisco.com (HELO aer-core-1.cisco.com) ([173.38.203.22]) by aer-iport-4.cisco.com with ESMTP; 17 Aug 2014 06:19:22 +0000
Received: from [10.61.90.47] (ams3-vpn-dhcp6704.cisco.com [10.61.90.47]) by aer-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id s7H6JM7Q018067; Sun, 17 Aug 2014 06:19:22 GMT
Message-ID: <53F0496A.9040307@cisco.com>
Date: Sun, 17 Aug 2014 08:19:22 +0200
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Poul-Henning Kamp <phk@phk.freebsd.dk>, Mark Nottingham <mnot@mnot.net>
CC: HTTP Working Group <ietf-http-wg@w3.org>
References: <38BD57DB-98A9-4282-82DD-BB89F11F7C84@mnot.net> <4851.1408094168@critter.freebsd.dk> <EB5B7C64-165B-48F1-94FF-1354E917A10F@mnot.net> <5871.1408106089@critter.freebsd.dk>
In-Reply-To: <5871.1408106089@critter.freebsd.dk>
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="i8g07eJeIGMUhw2TSheB5oc68mLlsLvaS"
Received-SPF: pass client-ip=173.38.203.54; envelope-from=lear@cisco.com; helo=aer-iport-4.cisco.com
X-W3C-Hub-Spam-Status: No, score=-13.7
X-W3C-Hub-Spam-Report: AWL=-0.404, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5
X-W3C-Scan-Sig: maggie.w3.org 1XItoj-0001dG-V0 6bda8800dac08cbe976bd99438873425
X-Original-To: ietf-http-wg@w3.org
Subject: Re: HTTP/2 and Pervasive Monitoring
Archived-At: <http://www.w3.org/mid/53F0496A.9040307@cisco.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/26633
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On 8/15/14, 2:34 PM, Poul-Henning Kamp wrote: > By by whitening the present HTTP plaintext traffic with TLS, even with > quite weak cipher-suites, we dramatically increase the cost of the > postanalysis step, instantly making that filter impossible. This presumes that the use of weak cipher suites is actually cheaper to the end points than strong ones. Is that really the case? Eliot
- HTTP/2 and Pervasive Monitoring Mark Nottingham
- Re: HTTP/2 and Pervasive Monitoring Amos Jeffries
- Re: HTTP/2 and Pervasive Monitoring Greg Wilkins
- RE: HTTP/2 and Pervasive Monitoring K.Morgan
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Mark Nottingham
- Re: HTTP/2 and Pervasive Monitoring Mark Nottingham
- Re: HTTP/2 and Pervasive Monitoring Eliot Lear
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Martin Nilsson
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- RE: HTTP/2 and Pervasive Monitoring Albert Lunde
- Re: HTTP/2 and Pervasive Monitoring Cory Benfield
- Re: HTTP/2 and Pervasive Monitoring Erik Nygren
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Roland Zink
- Re: HTTP/2 and Pervasive Monitoring Martin Thomson
- Re: HTTP/2 and Pervasive Monitoring Brian Smith
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Eliot Lear
- Re: HTTP/2 and Pervasive Monitoring Greg Wilkins
- Re: HTTP/2 and Pervasive Monitoring Greg Wilkins
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Stephen Farrell
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Roland Zink
- Re: HTTP/2 and Pervasive Monitoring Stephen Farrell
- Re: HTTP/2 and Pervasive Monitoring Amos Jeffries
- Re: HTTP/2 and Pervasive Monitoring Eliot Lear
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Ilari Liusvaara
- Re: HTTP/2 and Pervasive Monitoring Mark Nottingham
- Re: HTTP/2 and Pervasive Monitoring Greg Wilkins
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Martin Thomson
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Martin Thomson
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp