Re: HTTP/2 and Pervasive Monitoring
Greg Wilkins <gregw@intalio.com> Fri, 15 August 2014 23:16 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 733831A0823 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 15 Aug 2014 16:16:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.947
X-Spam-Level:
X-Spam-Status: No, score=-6.947 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s6VHVSJaNyEY for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 15 Aug 2014 16:16:33 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF5381A0819 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 15 Aug 2014 16:16:33 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XIQgO-00040s-0d for ietf-http-wg-dist@listhub.w3.org; Fri, 15 Aug 2014 23:13:16 +0000
Resent-Date: Fri, 15 Aug 2014 23:13:16 +0000
Resent-Message-Id: <E1XIQgO-00040s-0d@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <gregw@intalio.com>) id 1XIQfl-0003wH-9b for ietf-http-wg@listhub.w3.org; Fri, 15 Aug 2014 23:12:37 +0000
Received: from mail-wg0-f49.google.com ([74.125.82.49]) by lisa.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <gregw@intalio.com>) id 1XIQfj-0007X4-TB for ietf-http-wg@w3.org; Fri, 15 Aug 2014 23:12:37 +0000
Received: by mail-wg0-f49.google.com with SMTP id k14so2818234wgh.20 for <ietf-http-wg@w3.org>; Fri, 15 Aug 2014 16:12:08 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=Rdf7C3oSEoosaD7I4fx9iCKUx8U5o0d831ayoO0L0KQ=; b=KC3DtjcD2ov7sBZdDqE25T2y4NcXZKUcpOVq/Y25TBySy5zJ6Xk4ml2UJ0AQYLixqN 9DcWU4Y1vGF7Fmb3aN+ibAaIJFa5BX6bRbrlA2ixsAKJasePaR3kA+io86aE4o5TsQBW mf5qcKz2vqPaLqRj0+9jJRUEyAwBIn0eAhq9hC5LNnMLkqAdvrq7LzLTK2HRxR+GrWeX 7/QpgPSxmBSXv6jmieZuJPD5036BKLl2L63U0HUsDZfCPME0z6mvlu22tF7Ku/w+V4oJ CCYT0AteuIaffiivldvvoJJN6zvvBiKMOzjcsxX6HUtNTF1StTSQks1GtZlhB4B+sSR5 Gz7Q==
X-Gm-Message-State: ALoCoQk0KDy0g55v0Vc1He293dm0gX3lI1HEsFCTuQAkawTbyXJ3NVwdqrL8Qqb6QnGXbMiHgYWp
MIME-Version: 1.0
X-Received: by 10.181.13.116 with SMTP id ex20mr12324109wid.31.1408144328642; Fri, 15 Aug 2014 16:12:08 -0700 (PDT)
Received: by 10.194.169.98 with HTTP; Fri, 15 Aug 2014 16:12:08 -0700 (PDT)
In-Reply-To: <DE8B5174-864A-4514-B2DC-6F1742535A8C@mnot.net>
References: <38BD57DB-98A9-4282-82DD-BB89F11F7C84@mnot.net> <CAH_y2NFr16YJEsN-=zUWjEdywuLpuOVijFmybjbXZtAE4LTMdg@mail.gmail.com> <DE8B5174-864A-4514-B2DC-6F1742535A8C@mnot.net>
Date: Sat, 16 Aug 2014 09:12:08 +1000
Message-ID: <CAH_y2NHOspsVugNZZgvD3XMZ522PzNkTRMS1dapcRDWQCL5ZsQ@mail.gmail.com>
From: Greg Wilkins <gregw@intalio.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="f46d043be12e806a1d0500b3261a"
Received-SPF: permerror client-ip=74.125.82.49; envelope-from=gregw@intalio.com; helo=mail-wg0-f49.google.com
X-W3C-Hub-Spam-Status: No, score=-3.8
X-W3C-Hub-Spam-Report: AWL=-3.100, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7
X-W3C-Scan-Sig: lisa.w3.org 1XIQfj-0007X4-TB 071ea8c83cea90b7cb1b10d235136eee
X-Original-To: ietf-http-wg@w3.org
Subject: Re: HTTP/2 and Pervasive Monitoring
Archived-At: <http://www.w3.org/mid/CAH_y2NHOspsVugNZZgvD3XMZ522PzNkTRMS1dapcRDWQCL5ZsQ@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/26625
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On 15 August 2014 18:56, Mark Nottingham <mnot@mnot.net> wrote: > (I think we’re in violent agreement here) The difference is emphasis. I think you are saying: "We are using TLS to mitigate PM, but it is not perfect". I think this WG should say: "An application protocol cannot significantly mitigate PM. A network level solutions is required. But we are facilitating increased TLS usage which may mitigate some PM attacks or at least prevent even more invasive PM" ie the overwhelming response to BCP188 should be that this is not a problem we can fix on our own, but we are prepared to be part of the solution. cheers -- Greg Wilkins <gregw@intalio.com> http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales http://www.webtide.com advice and support for jetty and cometd.
- HTTP/2 and Pervasive Monitoring Mark Nottingham
- Re: HTTP/2 and Pervasive Monitoring Amos Jeffries
- Re: HTTP/2 and Pervasive Monitoring Greg Wilkins
- RE: HTTP/2 and Pervasive Monitoring K.Morgan
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Mark Nottingham
- Re: HTTP/2 and Pervasive Monitoring Mark Nottingham
- Re: HTTP/2 and Pervasive Monitoring Eliot Lear
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Martin Nilsson
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- RE: HTTP/2 and Pervasive Monitoring Albert Lunde
- Re: HTTP/2 and Pervasive Monitoring Cory Benfield
- Re: HTTP/2 and Pervasive Monitoring Erik Nygren
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Roland Zink
- Re: HTTP/2 and Pervasive Monitoring Martin Thomson
- Re: HTTP/2 and Pervasive Monitoring Brian Smith
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Eliot Lear
- Re: HTTP/2 and Pervasive Monitoring Greg Wilkins
- Re: HTTP/2 and Pervasive Monitoring Greg Wilkins
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Stephen Farrell
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Roland Zink
- Re: HTTP/2 and Pervasive Monitoring Stephen Farrell
- Re: HTTP/2 and Pervasive Monitoring Amos Jeffries
- Re: HTTP/2 and Pervasive Monitoring Eliot Lear
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Ilari Liusvaara
- Re: HTTP/2 and Pervasive Monitoring Mark Nottingham
- Re: HTTP/2 and Pervasive Monitoring Greg Wilkins
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Martin Thomson
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Martin Thomson
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp