Re: PRISM and HTTP/2.0
Nicolas Mailhot <nicolas.mailhot@laposte.net> Sun, 14 July 2013 12:23 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8536F11E8104 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 14 Jul 2013 05:23:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ioDqRRQWCQyD for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 14 Jul 2013 05:23:18 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 1000411E8118 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 14 Jul 2013 05:23:17 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1UyLI6-00067x-5E for ietf-http-wg-dist@listhub.w3.org; Sun, 14 Jul 2013 12:20:38 +0000
Resent-Date: Sun, 14 Jul 2013 12:20:38 +0000
Resent-Message-Id: <E1UyLI6-00067x-5E@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <gix-ietf-http-wg@m.gmane.org>) id 1UyLHu-000679-Ll for ietf-http-wg@listhub.w3.org; Sun, 14 Jul 2013 12:20:26 +0000
Received: from plane.gmane.org ([80.91.229.3]) by lisa.w3.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <gix-ietf-http-wg@m.gmane.org>) id 1UyLHt-0008T4-KR for ietf-http-wg@w3.org; Sun, 14 Jul 2013 12:20:26 +0000
Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from <gix-ietf-http-wg@m.gmane.org>) id 1UyLHV-00089O-Uh for ietf-http-wg@w3.org; Sun, 14 Jul 2013 14:20:02 +0200
Received: from sat78-8-88-174-226-208.fbx.proxad.net ([88.174.226.208]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <ietf-http-wg@w3.org>; Sun, 14 Jul 2013 14:20:01 +0200
Received: from nicolas.mailhot by sat78-8-88-174-226-208.fbx.proxad.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <ietf-http-wg@w3.org>; Sun, 14 Jul 2013 14:20:01 +0200
X-Injected-Via-Gmane: http://gmane.org/
To: ietf-http-wg@w3.org
From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
Date: Sun, 14 Jul 2013 12:19:44 +0000
Lines: 36
Message-ID: <loom.20130714T140454-241@post.gmane.org>
References: <5672.1373710085@critter.freebsd.dk>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: sea.gmane.org
User-Agent: Loom/3.14 (http://gmane.org/)
X-Loom-IP: 88.174.226.208 (Mozilla/5.0 (X11; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0)
Received-SPF: pass client-ip=80.91.229.3; envelope-from=gix-ietf-http-wg@m.gmane.org; helo=plane.gmane.org
X-W3C-Hub-Spam-Status: No, score=-3.5
X-W3C-Hub-Spam-Report: AWL=-1.242, BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.39, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1UyLHt-0008T4-KR 4ac3d326fb90658512d78fe4baf34279
X-Original-To: ietf-http-wg@w3.org
Subject: Re: PRISM and HTTP/2.0
Archived-At: <http://www.w3.org/mid/loom.20130714T140454-241@post.gmane.org>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/18764
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Poul-Henning Kamp <phk@...> writes: > > > I would like to advocate that everybody spends a little bit of time > reconsidering how we design protocols after the PRISM disclosures. > We can do three things in light of this: > > 1) We can try to add more encryption to fight back. > > 2) We can recognize that there needs to be hooks for duly authorized access. > > 3) We can change or at least influence the political objectives 4. We can fix intermediary set up in the protocol so it's not a PITA to add a protection middleman to the mix (privacy proxy, TOR proxy, audit proxy). Right now a lot of services are moving to cloud farms controlled by a handful of PRISM-happy US firms. The same handful also controls pretty much all the major browsers (Firefox excepted, maybe). Someone wrote on this list a few months ago the protocol should help server-point vet intermediaries. This is totally insane. You can't have the whole HTTP value chain under NSA control. And while expecting everyone that does not trust the NSA to come up with its own browser is pretty irrealistic nowadays, writing a proxy babysitter that checks the browser is not completely compromised is way more accessible. This does not change hostile intermediary situation one bit, since they're already doing interception now. The only people harmed are the white hats. -- Nicolas Mailhot
- PRISM and HTTP/2.0 Poul-Henning Kamp
- Re: PRISM and HTTP/2.0 Stephen Farrell
- Re: PRISM and HTTP/2.0 Mike Belshe
- Re: PRISM and HTTP/2.0 J Ross Nicoll
- Re: PRISM and HTTP/2.0 Roberto Peon
- Re: PRISM and HTTP/2.0 Nicolas Mailhot
- Re: PRISM and HTTP/2.0 Mark Nottingham
- Re: PRISM and HTTP/2.0 Poul-Henning Kamp
- Re: PRISM and HTTP/2.0 Reto Bachmann-Gmür
- Re: PRISM and HTTP/2.0 Nico Williams
- Re: PRISM and HTTP/2.0 Amos Jeffries
- Re: PRISM and HTTP/2.0 Reto Bachmann-Gmür
- Re: PRISM and HTTP/2.0 Nico Williams
- Re: PRISM and HTTP/2.0 Reto Bachmann-Gmür