Re: HTTP/2 and Pervasive Monitoring

"Poul-Henning Kamp" <phk@phk.freebsd.dk> Fri, 15 August 2014 14:53 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 376CA1A0AD7 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 15 Aug 2014 07:53:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.57
X-Spam-Level:
X-Spam-Status: No, score=-7.57 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NbkXcmrjFZGh for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 15 Aug 2014 07:53:52 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C82101A02F8 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 15 Aug 2014 07:53:52 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XIIqf-0003ia-64 for ietf-http-wg-dist@listhub.w3.org; Fri, 15 Aug 2014 14:51:21 +0000
Resent-Date: Fri, 15 Aug 2014 14:51:21 +0000
Resent-Message-Id: <E1XIIqf-0003ia-64@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <phk@phk.freebsd.dk>) id 1XIIqL-0003hi-VX for ietf-http-wg@listhub.w3.org; Fri, 15 Aug 2014 14:51:01 +0000
Received: from phk.freebsd.dk ([130.225.244.222]) by maggie.w3.org with esmtp (Exim 4.72) (envelope-from <phk@phk.freebsd.dk>) id 1XIIqL-0001AR-78 for ietf-http-wg@w3.org; Fri, 15 Aug 2014 14:51:01 +0000
Received: from critter.freebsd.dk (unknown [192.168.60.3]) by phk.freebsd.dk (Postfix) with ESMTP id 8C2DB1578; Fri, 15 Aug 2014 14:50:39 +0000 (UTC)
Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.14.9/8.14.9) with ESMTP id s7FEocMO006575; Fri, 15 Aug 2014 14:50:38 GMT (envelope-from phk@phk.freebsd.dk)
To: Erik Nygren <erik@nygren.org>
cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
In-reply-to: <CAKC-DJjFk9==Y4ayn=A-fZBaEt-G_+n=XQ9B8rKqWaT-LQh3vQ@mail.gmail.com>
From: Poul-Henning Kamp <phk@phk.freebsd.dk>
References: <38BD57DB-98A9-4282-82DD-BB89F11F7C84@mnot.net> <4851.1408094168@critter.freebsd.dk> <CAKC-DJjFk9==Y4ayn=A-fZBaEt-G_+n=XQ9B8rKqWaT-LQh3vQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <6573.1408114238.1@critter.freebsd.dk>
Content-Transfer-Encoding: quoted-printable
Date: Fri, 15 Aug 2014 14:50:38 +0000
Message-ID: <6574.1408114238@critter.freebsd.dk>
Received-SPF: none client-ip=130.225.244.222; envelope-from=phk@phk.freebsd.dk; helo=phk.freebsd.dk
X-W3C-Hub-Spam-Status: No, score=-3.7
X-W3C-Hub-Spam-Report: AWL=-3.075, RP_MATCHES_RCVD=-0.668
X-W3C-Scan-Sig: maggie.w3.org 1XIIqL-0001AR-78 0006a9d08c1aa61f9c3bd58927e88be5
X-Original-To: ietf-http-wg@w3.org
Subject: Re: HTTP/2 and Pervasive Monitoring
Archived-At: <http://www.w3.org/mid/6574.1408114238@critter.freebsd.dk>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/26618
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

--------
In message <CAKC-DJjFk9==Y4ayn=A-fZBaEt-G_+n=XQ9B8rKqWaT-LQh3vQ@mail.gmail.com>
, Erik Nygren writes:

>[...]  provision a real certificate, [...]

I have it from many corners, than anything which involves "real
certificates" are not going to happen for a large swath of "unimportant"
traffic because of the extortionary business behavior of the CA-mob.

I personally have no love for the CA-mob, but a lot of people seem to
hate their guts.  Keeping them out of the picture wrt. fighting PM
would be a good idea.

Also, we don't need very big certs, they just have to hold for a
few seconds.

>> For that matter this is not even specific to HTTP/2 in any way, it
>> could also be deployed for HTTP/1.1.
>
>Only if there was a way to convey Scheme (http vs https) in a way that
>worked reliably for existing HTTP/1.1 servers.

I was talking only conceptually here, the actual protocol mechanics
will be at least as tricky as HTTP/1 -> HTTP/2 upgrade.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.