Re: 2 questions
"Poul-Henning Kamp" <phk@phk.freebsd.dk> Tue, 31 March 2015 22:25 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 121231AD0CC for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 31 Mar 2015 15:25:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.912
X-Spam-Level:
X-Spam-Status: No, score=-6.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lS2q4escdfZu for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 31 Mar 2015 15:25:29 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A97151ACF03 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 31 Mar 2015 15:25:29 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1Yd4Xd-0001Hb-RC for ietf-http-wg-dist@listhub.w3.org; Tue, 31 Mar 2015 22:21:49 +0000
Resent-Date: Tue, 31 Mar 2015 22:21:49 +0000
Resent-Message-Id: <E1Yd4Xd-0001Hb-RC@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.80) (envelope-from <phk@phk.freebsd.dk>) id 1Yd4XW-0001GC-JO for ietf-http-wg@listhub.w3.org; Tue, 31 Mar 2015 22:21:42 +0000
Received: from phk.freebsd.dk ([130.225.244.222]) by lisa.w3.org with esmtp (Exim 4.72) (envelope-from <phk@phk.freebsd.dk>) id 1Yd4XU-000715-RW for ietf-http-wg@w3.org; Tue, 31 Mar 2015 22:21:42 +0000
Received: from critter.freebsd.dk (unknown [192.168.48.2]) by phk.freebsd.dk (Postfix) with ESMTP id F05513B8A2; Tue, 31 Mar 2015 22:21:17 +0000 (UTC)
Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.14.9/8.14.9) with ESMTP id t2VMLDNM040648; Tue, 31 Mar 2015 22:21:13 GMT (envelope-from phk@phk.freebsd.dk)
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
cc: Adrien de Croy <adrien@qbik.com>, Xiaoyin Liu <xiaoyin.l@outlook.com>, Dan Anderson <dan-anderson@cox.net>, "Walter H." <walter.h@mathemainzel.info>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
In-reply-to: <551B0C46.8040705@cs.tcd.ie>
From: Poul-Henning Kamp <phk@phk.freebsd.dk>
References: <emb9aea729-e991-4f83-bd83-960342d99b87@bodybag> <551B0C46.8040705@cs.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <40646.1427840473.1@critter.freebsd.dk>
Date: Tue, 31 Mar 2015 22:21:13 +0000
Message-ID: <40647.1427840473@critter.freebsd.dk>
Received-SPF: none client-ip=130.225.244.222; envelope-from=phk@phk.freebsd.dk; helo=phk.freebsd.dk
X-W3C-Hub-Spam-Status: No, score=-4.4
X-W3C-Hub-Spam-Report: AWL=-2.392, BAYES_40=-0.001, T_RP_MATCHES_RCVD=-0.01, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: lisa.w3.org 1Yd4XU-000715-RW eb60aa2a7d50f9d769431b6603cd28f1
X-Original-To: ietf-http-wg@w3.org
Subject: Re: 2 questions
Archived-At: <http://www.w3.org/mid/40647.1427840473@critter.freebsd.dk>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/29148
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
-------- In message <551B0C46.8040705@cs.tcd.ie>, Stephen Farrell writes: >Meanwhile, the take-away is clearly that MitM deployment is one of >those things that's (ab:-)used about 0.41% of the time and should >be treated as such and that claims to the contrary are anecdotal. Sorry for being the "one sheep which looks like it is black on at least one side" guy: As interesting as that study was, its results does not support your rather flippant and arrogant marginalization of MitM as an issue. What the study documents is that MitM, in two short periods of last year was *detected* in about 0.41% of a particular small traffic sample. The main problem is that we have absolutely *no* idea what the studys global probability of MitM detection was, which dumps us right into the deep end of the type I/II error pool. (ie: no mobiles because they lack Flash, only webpages serving certain AdWords etc.) The secondary problem is that the traffic sample is in no way representative of the total traffic in the internet. (ie: Adwords again and only return traffic to a particular destination.) The study is therefore at best an "existence proof" study and at most we can with *some* confidence say that the amount of MitM is unlikely to be significantly *less* than 0.41% on a global scale. But much more importantly, the study says absolutely nothing about how important to society the 0.41% or the corresponding undetected shadow number might be. First, rememeber that just because it is a small number doesn't mean it is unimportant: The homicide rate in USA is 4.7 per 100,000 population, two orders of magnitude below 0.41%, but no sane person thinks we can disband the police homicide units because it is a small number "and claims to the contrary are anecdotal". In particular it is worth pointing out that the studys methods would entirely fail to detect legal and court-approved MitM as part of criminal investigations, since they usually only MitM particular destinations and often with certs which looks surprisingly valid. Privacy is not a technical problem with a technical solution, it is a political problem, and must be solved with political means. Poul-Henning -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
- 2 questions Glen
- Re: 2 questions Yoav Nir
- Re: 2 questions Cory Benfield
- Re: 2 questions Constantine A. Murenin
- Re: 2 questions Matthew Kerwin
- Re: 2 questions Walter H.
- Re: 2 questions Walter H.
- RE: 2 questions Mike Bishop
- Re: 2 questions Adrien de Croy
- Re: 2 questions Cory Benfield
- Re: 2 questions Amos Jeffries
- Re: 2 questions Amos Jeffries
- Re: 2 questions Cory Benfield
- Re: 2 questions Adrien de Croy
- Re: 2 questions Yoav Nir
- Re: 2 questions Roland Zink
- Re: 2 questions Martin Thomson
- Re: 2 questions Walter H.
- Re: 2 questions Walter H.
- Re: [Moderator Action] 2 questions Glen
- Re: 2 questions Dan Anderson
- Re: 2 questions Adrien de Croy
- RE: 2 questions Xiaoyin Liu
- Re: 2 questions Adrien de Croy
- Re: 2 questions Stephen Farrell
- comprehensive TLS is not the solution, it's a bug… Walter H.
- Re: comprehensive TLS is not the solution, it's a… Walter H.
- Re: 2 questions Eric J. Bowman
- Re: comprehensive TLS is not the solution, it's a… Amos Jeffries
- Re: comprehensive TLS is not the solution, it's a… Willy Tarreau
- Re: comprehensive TLS is not the solution, it's a… Walter H.
- Re: comprehensive TLS is not the solution, it's a… Walter H.
- Re: comprehensive TLS is not the solution, it's a… Willy Tarreau
- Re: comprehensive TLS is not the solution, it's a… Maxthon Chan
- Re: comprehensive TLS is not the solution, it's a… Roberto Peon
- Re: comprehensive TLS is not the solution, it's a… Walter H.
- Re: comprehensive TLS is not the solution, it's a… Maxthon Chan
- Re: comprehensive TLS is not the solution, it's a… Willy Tarreau
- Re: comprehensive TLS is not the solution, it's a… Maxthon Chan
- Re: 2 questions Adrien de Croy
- Re: 2 questions Stephen Farrell
- Re: comprehensive TLS is not the solution, it's a… Matthew Kerwin
- Re: comprehensive TLS is not the solution, it's a… Maxthon Chan
- Re: 2 questions Maxthon Chan
- RE: comprehensive TLS is not the solution, it's a… Mike Bishop
- Re: 2 questions Poul-Henning Kamp
- Re: comprehensive TLS is not the solution, it's a… ChanMaxthon
- Re: 2 questions Stephen Farrell
- Re: 2 questions Poul-Henning Kamp
- Re: 2 questions Stephen Farrell
- Re: comprehensive TLS is not the solution, it's a… Amos Jeffries
- Re: comprehensive TLS is not the solution, it's a… Amos Jeffries
- Re: 2 questions ChanMaxthon
- Re: 2 questions Amos Jeffries
- Re: 2 questions Yoav Nir
- Re: 2 questions Poul-Henning Kamp
- Re: 2 questions Maxthon Chan
- Re: 2 questions Simpson, Robby (GE Energy Management)
- Re: 2 questions Ted Hardie
- Re: 2 questions Jason T. Greene
- Re: 2 questions Benjamin Carlyle
- Re: 2 questions Martin Thomson
- Re: 2 questions OSCAR GONZALEZ DE DIOS
- Re: 2 questions Martin Thomson
- Re: 2 questions ChanMaxthon
- Re: 2 questions Glen
- Re: 2 questions Roland Zink
- Re: 2 questions Ilari Liusvaara
- Re: 2 questions Glen
- Re: 2 questions Jim Manico
- Re: 2 questions Yoav Nir
- Re: 2 questions Glen
- Re: 2 questions Glen
- Re: 2 questions Jim Manico
- Re: 2 questions Amos Jeffries
- Re: 2 questions Maxthon Chan
- Re: 2 questions Glen
- Re: 2 questions Glen
- Re: 2 questions Ilari Liusvaara
- Re: 2 questions Amos Jeffries
- Re: 2 questions Martin Thomson
- Re: 2 questions Yoav Nir
- Re: 2 questions Martin Thomson