Re: PRISM and HTTP/2.0

Stephen Farrell <stephen.farrell@cs.tcd.ie> Sat, 13 July 2013 10:49 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6069521F9E4C for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 13 Jul 2013 03:49:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.203
X-Spam-Level:
X-Spam-Status: No, score=-9.203 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z-voZjoOGcar for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 13 Jul 2013 03:49:30 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id A5FC521F8AB3 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sat, 13 Jul 2013 03:49:30 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1UxxN5-0007Je-VN for ietf-http-wg-dist@listhub.w3.org; Sat, 13 Jul 2013 10:48:12 +0000
Resent-Date: Sat, 13 Jul 2013 10:48:11 +0000
Resent-Message-Id: <E1UxxN5-0007Je-VN@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <stephen.farrell@cs.tcd.ie>) id 1UxxMx-0007H6-OS for ietf-http-wg@listhub.w3.org; Sat, 13 Jul 2013 10:48:03 +0000
Received: from mercury.scss.tcd.ie ([134.226.56.6]) by lisa.w3.org with esmtp (Exim 4.72) (envelope-from <stephen.farrell@cs.tcd.ie>) id 1UxxMw-0000QD-KL for ietf-http-wg@w3.org; Sat, 13 Jul 2013 10:48:03 +0000
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id A61C5BEC4; Sat, 13 Jul 2013 11:47:35 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GR6L20u9mtCG; Sat, 13 Jul 2013 11:47:33 +0100 (IST)
Received: from [10.37.167.41] (unknown [95.83.248.96]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 80C8EBE7D; Sat, 13 Jul 2013 11:47:33 +0100 (IST)
References: <5672.1373710085@critter.freebsd.dk>
Mime-Version: 1.0 (1.0)
In-Reply-To: <5672.1373710085@critter.freebsd.dk>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Message-Id: <73FAE29B-76F5-4F69-B6C5-77DB653C0F2E@cs.tcd.ie>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
X-Mailer: iPhone Mail (10B329)
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Sat, 13 Jul 2013 11:47:25 +0100
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Received-SPF: none client-ip=134.226.56.6; envelope-from=stephen.farrell@cs.tcd.ie; helo=mercury.scss.tcd.ie
X-W3C-Hub-Spam-Status: No, score=-0.0
X-W3C-Hub-Spam-Report: MIME_QP_LONG_LINE=0.001, T_RP_MATCHES_RCVD=-0.01
X-W3C-Scan-Sig: lisa.w3.org 1UxxMw-0000QD-KL d780aeeb82461d3c543016f9255191cb
X-Original-To: ietf-http-wg@w3.org
Subject: Re: PRISM and HTTP/2.0
Archived-At: <http://www.w3.org/mid/73FAE29B-76F5-4F69-B6C5-77DB653C0F2E@cs.tcd.ie>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/18742
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 13 Jul 2013, at 11:08, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:

> 
> I would like to advocate that everybody spends a little bit of time
> reconsidering how we design protocols after the PRISM disclosures.
> 
> We don't need to have a long discussion about the actual legality
> of the US spy operation, the sheer scale and the kind of efforts
> that went in to it is the relevant message to us.
> 
> The take-home message is that encryption will be broken, disabled,
> circumvented og watered down, if it gets in the way of political
> objectives.
> 
> We can do three things in light of this:
> 
> 1) We can try to add more encryption to fight back.

Sounds good. We probably need better implementation and more deployment as well.

> 
> 2) We can recognize that there needs to be hooks for duly authorized access.

That's not for this WG IMO. RFC 2804 is a BCP that says that.

> 
> 3) We can change or at least influence the political objectives

Not for the IETF IMO.

S


> 
> I think PRISM is ample evidence that #1 will have the 100% certain
> result is that all encryption will be circumvented, with bogus CA
> certs all the way up to PRISM and designed-in backdoors, and the
> net result is less or even no privacy for anybody everywhere.
> 
> In my view, that would be very counterproductive.
> 
> #2 is not without challenges, but at least there are plausible paths
> from there to a state of affairs where innocent people might still
> have access to private communications, and it might seem to be a
> necessary precondition for any hope on #3
> 
> #3 is clearly not inside HTTPbis scope, but it may be time for
> all good nerds to come to the aid of their country and humanity.
> 
> A "market based" argument can be made under #3, that if we design
> protocols with the necessary access (#2), programs like PRISM will
> not be cost effective, but that will take some serious effort
> of education and politics.
> 
> Anyway:  Edward Snowden has moved the rug under the HTTP/2.0
> standardization process, and we should not ignore that.
> 
> Think about it.
> 
> -- 
> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG         | TCP/IP since RFC 956
> FreeBSD committer       | BSD since 4.3-tahoe
> Never attribute to malice what can adequately be explained by incompetence.
>