Re: HTTP/2 and Pervasive Monitoring
Greg Wilkins <gregw@intalio.com> Fri, 15 August 2014 23:27 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46EFB1A084C for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 15 Aug 2014 16:27:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.947
X-Spam-Level:
X-Spam-Status: No, score=-6.947 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XvRI4cVp4u_B for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 15 Aug 2014 16:27:25 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E16B11A083F for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 15 Aug 2014 16:27:24 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XIQrg-00030X-CY for ietf-http-wg-dist@listhub.w3.org; Fri, 15 Aug 2014 23:24:56 +0000
Resent-Date: Fri, 15 Aug 2014 23:24:56 +0000
Resent-Message-Id: <E1XIQrg-00030X-CY@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <gregw@intalio.com>) id 1XIQqX-0002v7-S4 for ietf-http-wg@listhub.w3.org; Fri, 15 Aug 2014 23:23:45 +0000
Received: from mail-we0-f172.google.com ([74.125.82.172]) by lisa.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <gregw@intalio.com>) id 1XIQqW-0000V4-J5 for ietf-http-wg@w3.org; Fri, 15 Aug 2014 23:23:45 +0000
Received: by mail-we0-f172.google.com with SMTP id x48so2900872wes.3 for <ietf-http-wg@w3.org>; Fri, 15 Aug 2014 16:23:17 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=MklUp8Y9f6MxqVjvoWcWtSMhPxto2ck1BtDXZRlH8AY=; b=Pv+WvoGGnWPEsH/QULA/MgDkCO4Bph4jYtMmWJIrMrgQmUHDcaz1bPl/lE6szmTQdo QT/6/4zQebybOIioVsTZk5S6qHXBbkFQVuYwGI/ESWkZPX9WtAqBB3WLb6OEMPe2kOpJ CxqprQ3+u0AMa3s3SJ1jpLUjNTxhYhpR8upgb3DhPRvWnHcbV9cAlCxEXy2riWUST/Dz XEkVse76BcVaT7KMGxumKm67zSd7315XDBZw94m8za3wjmfwgZOUU2Ps1hcpK50jRQ5O 2/4ArnkNg7s7ZxGkaAzNbBOhvbobrboDt4PkCIlCRVXd2oaQjv8Tmo9xKsCFJtHD45wc Jc5A==
X-Gm-Message-State: ALoCoQnmgYCwvTocrWWd8AKmvIlJu018bjkmFZo3Boojyk3oAWKtSXbPuveGqJj3H9e2q/CpUXvg
MIME-Version: 1.0
X-Received: by 10.180.106.99 with SMTP id gt3mr241043wib.1.1408144996953; Fri, 15 Aug 2014 16:23:16 -0700 (PDT)
Received: by 10.194.169.98 with HTTP; Fri, 15 Aug 2014 16:23:16 -0700 (PDT)
In-Reply-To: <5871.1408106089@critter.freebsd.dk>
References: <38BD57DB-98A9-4282-82DD-BB89F11F7C84@mnot.net> <4851.1408094168@critter.freebsd.dk> <EB5B7C64-165B-48F1-94FF-1354E917A10F@mnot.net> <5871.1408106089@critter.freebsd.dk>
Date: Sat, 16 Aug 2014 09:23:16 +1000
Message-ID: <CAH_y2NGgUfYQ8SRu0oMaJF6xSKNZ-AXU7FPuMS4YJ7LdapUK4g@mail.gmail.com>
From: Greg Wilkins <gregw@intalio.com>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="f46d04428e56560b680500b34e6e"
Received-SPF: permerror client-ip=74.125.82.172; envelope-from=gregw@intalio.com; helo=mail-we0-f172.google.com
X-W3C-Hub-Spam-Status: No, score=-3.8
X-W3C-Hub-Spam-Report: AWL=-3.080, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7
X-W3C-Scan-Sig: lisa.w3.org 1XIQqW-0000V4-J5 3a3f1dbc8cfe483a46e775555237a597
X-Original-To: ietf-http-wg@w3.org
Subject: Re: HTTP/2 and Pervasive Monitoring
Archived-At: <http://www.w3.org/mid/CAH_y2NGgUfYQ8SRu0oMaJF6xSKNZ-AXU7FPuMS4YJ7LdapUK4g@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/26626
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On 15 August 2014 22:34, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > Currently, they can run a filter which is essentially: > > tcpdump -i all0 -w - | egrep -i "terrorist|bomb" > That kind of monitoring does take place, but any *pervasive" monitoring of that kind requires a warrant - or is illegal (and if illegal they can tap into places that TLS will not help). The type of *pervasive* monitoring that is legal and does take place widely is tcpdump -i all0 -n | egrep "IP [0-9\.]* > IP.OF.KNOWN.NASTY" This is not something that the protocol or TLS can fix. cheers -- Greg Wilkins <gregw@intalio.com> http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales http://www.webtide.com advice and support for jetty and cometd.
- HTTP/2 and Pervasive Monitoring Mark Nottingham
- Re: HTTP/2 and Pervasive Monitoring Amos Jeffries
- Re: HTTP/2 and Pervasive Monitoring Greg Wilkins
- RE: HTTP/2 and Pervasive Monitoring K.Morgan
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Mark Nottingham
- Re: HTTP/2 and Pervasive Monitoring Mark Nottingham
- Re: HTTP/2 and Pervasive Monitoring Eliot Lear
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Martin Nilsson
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- RE: HTTP/2 and Pervasive Monitoring Albert Lunde
- Re: HTTP/2 and Pervasive Monitoring Cory Benfield
- Re: HTTP/2 and Pervasive Monitoring Erik Nygren
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Roland Zink
- Re: HTTP/2 and Pervasive Monitoring Martin Thomson
- Re: HTTP/2 and Pervasive Monitoring Brian Smith
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Eliot Lear
- Re: HTTP/2 and Pervasive Monitoring Greg Wilkins
- Re: HTTP/2 and Pervasive Monitoring Greg Wilkins
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Stephen Farrell
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Roland Zink
- Re: HTTP/2 and Pervasive Monitoring Stephen Farrell
- Re: HTTP/2 and Pervasive Monitoring Amos Jeffries
- Re: HTTP/2 and Pervasive Monitoring Eliot Lear
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Ilari Liusvaara
- Re: HTTP/2 and Pervasive Monitoring Mark Nottingham
- Re: HTTP/2 and Pervasive Monitoring Greg Wilkins
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Martin Thomson
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Martin Thomson
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp