IETF Logo Mail Archive

Re: PRISM and HTTP/2.0

Nicolas Mailhot <nicolas.mailhot@laposte.net> Sun, 14 July 2013 12:23 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8536F11E8104 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 14 Jul 2013 05:23:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ioDqRRQWCQyD for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 14 Jul 2013 05:23:18 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 1000411E8118 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 14 Jul 2013 05:23:17 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1UyLI6-00067x-5E for ietf-http-wg-dist@listhub.w3.org; Sun, 14 Jul 2013 12:20:38 +0000
Resent-Date: Sun, 14 Jul 2013 12:20:38 +0000
Resent-Message-Id: <E1UyLI6-00067x-5E@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <gix-ietf-http-wg@m.gmane.org>) id 1UyLHu-000679-Ll for ietf-http-wg@listhub.w3.org; Sun, 14 Jul 2013 12:20:26 +0000
Received: from plane.gmane.org ([80.91.229.3]) by lisa.w3.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <gix-ietf-http-wg@m.gmane.org>) id 1UyLHt-0008T4-KR for ietf-http-wg@w3.org; Sun, 14 Jul 2013 12:20:26 +0000
Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from <gix-ietf-http-wg@m.gmane.org>) id 1UyLHV-00089O-Uh for ietf-http-wg@w3.org; Sun, 14 Jul 2013 14:20:02 +0200
Received: from sat78-8-88-174-226-208.fbx.proxad.net ([88.174.226.208]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <ietf-http-wg@w3.org>; Sun, 14 Jul 2013 14:20:01 +0200
Received: from nicolas.mailhot by sat78-8-88-174-226-208.fbx.proxad.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <ietf-http-wg@w3.org>; Sun, 14 Jul 2013 14:20:01 +0200
X-Injected-Via-Gmane: http://gmane.org/
To: ietf-http-wg@w3.org
From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
Date: Sun, 14 Jul 2013 12:19:44 +0000
Lines: 36
Message-ID: <loom.20130714T140454-241@post.gmane.org>
References: <5672.1373710085@critter.freebsd.dk>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: sea.gmane.org
User-Agent: Loom/3.14 (http://gmane.org/)
X-Loom-IP: 88.174.226.208 (Mozilla/5.0 (X11; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0)
Received-SPF: pass client-ip=80.91.229.3; envelope-from=gix-ietf-http-wg@m.gmane.org; helo=plane.gmane.org
X-W3C-Hub-Spam-Status: No, score=-3.5
X-W3C-Hub-Spam-Report: AWL=-1.242, BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.39, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1UyLHt-0008T4-KR 4ac3d326fb90658512d78fe4baf34279
X-Original-To: ietf-http-wg@w3.org
Subject: Re: PRISM and HTTP/2.0
Archived-At: <http://www.w3.org/mid/loom.20130714T140454-241@post.gmane.org>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/18764
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Poul-Henning Kamp <phk@...> writes:

> 
> 
> I would like to advocate that everybody spends a little bit of time
> reconsidering how we design protocols after the PRISM disclosures.

> We can do three things in light of this:
> 
> 1) We can try to add more encryption to fight back.
> 
> 2) We can recognize that there needs to be hooks for duly authorized access.
> 
> 3) We can change or at least influence the political objectives

4. We can fix intermediary set up in the protocol so it's not a PITA to add
 a protection middleman to the mix (privacy proxy, TOR proxy, audit proxy).

Right now a lot of services are moving to cloud farms controlled by a
handful of PRISM-happy US firms. The same handful also controls pretty much
all the major browsers (Firefox excepted, maybe). Someone wrote on this list
a few months ago the protocol should help server-point vet intermediaries.
This is totally insane. You can't have the whole HTTP value chain under NSA
control. And while expecting everyone that does not trust the NSA to come up
with its own browser is pretty irrealistic nowadays, writing a proxy
babysitter that checks the browser is not completely compromised is way more
accessible.

This does not change hostile intermediary situation one bit, since they're
already doing interception now. The only people harmed are the white hats.

-- 
Nicolas Mailhot

v2.23.0 | Report a Bug | By Email