Re: HTTP/2 and Pervasive Monitoring

"Poul-Henning Kamp" <phk@phk.freebsd.dk> Wed, 20 August 2014 20:33 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27EC81A06FB for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 20 Aug 2014 13:33:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.57
X-Spam-Level:
X-Spam-Status: No, score=-7.57 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yDfon-3ZkVty for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 20 Aug 2014 13:33:44 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B42B1A0422 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 20 Aug 2014 13:33:44 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XKCWa-0005Z8-Tv for ietf-http-wg-dist@listhub.w3.org; Wed, 20 Aug 2014 20:30:28 +0000
Resent-Date: Wed, 20 Aug 2014 20:30:28 +0000
Resent-Message-Id: <E1XKCWa-0005Z8-Tv@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <phk@phk.freebsd.dk>) id 1XKCWE-00057h-GN for ietf-http-wg@listhub.w3.org; Wed, 20 Aug 2014 20:30:06 +0000
Received: from phk.freebsd.dk ([130.225.244.222]) by maggie.w3.org with esmtp (Exim 4.72) (envelope-from <phk@phk.freebsd.dk>) id 1XKCWA-0007Ba-Ky for ietf-http-wg@w3.org; Wed, 20 Aug 2014 20:30:06 +0000
Received: from critter.freebsd.dk (unknown [192.168.60.3]) by phk.freebsd.dk (Postfix) with ESMTP id 4A29E1598; Wed, 20 Aug 2014 20:29:40 +0000 (UTC)
Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.14.9/8.14.9) with ESMTP id s7KKTdeP023683; Wed, 20 Aug 2014 20:29:39 GMT (envelope-from phk@phk.freebsd.dk)
To: Martin Thomson <martin.thomson@gmail.com>
cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
In-reply-to: <CABkgnnUVHgkRdUKBYKoKec1UO_fF+GZEiqMXmirwd4XKjtYf2Q@mail.gmail.com>
From: Poul-Henning Kamp <phk@phk.freebsd.dk>
References: <38BD57DB-98A9-4282-82DD-BB89F11F7C84@mnot.net> <4851.1408094168@critter.freebsd.dk> <EB5B7C64-165B-48F1-94FF-1354E917A10F@mnot.net> <5871.1408106089@critter.freebsd.dk> <A9F561E4-E5C6-4E1D-89B1-F1EDA9FA1BAC@mnot.net> <10689.1408519778@critter.freebsd.dk> <CABkgnnVvm6vz=Tcv2n9YtH13E9-AUgdyXVY5RxLvmKkCcNSpgg@mail.gmail.com> <23351.1408559797@critter.freebsd.dk> <CABkgnnUVHgkRdUKBYKoKec1UO_fF+GZEiqMXmirwd4XKjtYf2Q@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <23681.1408566578.1@critter.freebsd.dk>
Content-Transfer-Encoding: quoted-printable
Date: Wed, 20 Aug 2014 20:29:39 +0000
Message-ID: <23682.1408566579@critter.freebsd.dk>
Received-SPF: none client-ip=130.225.244.222; envelope-from=phk@phk.freebsd.dk; helo=phk.freebsd.dk
X-W3C-Hub-Spam-Status: No, score=-3.7
X-W3C-Hub-Spam-Report: AWL=-3.075, RP_MATCHES_RCVD=-0.668
X-W3C-Scan-Sig: maggie.w3.org 1XKCWA-0007Ba-Ky 723754630d39f586f87e53cfcab14906
X-Original-To: ietf-http-wg@w3.org
Subject: Re: HTTP/2 and Pervasive Monitoring
Archived-At: <http://www.w3.org/mid/23682.1408566579@critter.freebsd.dk>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/26681
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

--------
In message <CABkgnnUVHgkRdUKBYKoKec1UO_fF+GZEiqMXmirwd4XKjtYf2Q@mail.gmail.com>
, Martin Thomson writes:
>On 20 August 2014 11:36, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
>> Last I looked AES had 128 bit and larger keys, so that would be 2^127 ?
>
>No, 2^64.
>
>https://en.wikipedia.org/wiki/Birthday_attack

You are not looking for a birthday attack.  You are looking at pile
of billions of HTTP connections and you have to decrypt *all* of them.

>> To stop PM, we don't need unbreakable crypto, we just need crypto
>> which is sufficiently expensive to break.
>
>That's all we ever have.  We just draw the line in different places.
>My point is that the line is close enough to what is state of the art
>to not bother with anything less.

And my point is that plenty of people have told us that state of the
art is uneconomical to them, so you'll never get emergency services,
news and porn on that bandwagon.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.