Re: HTTP/2 and Pervasive Monitoring
Cory Benfield <cory@lukasa.co.uk> Fri, 15 August 2014 13:15 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 026A81A0A9B for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 15 Aug 2014 06:15:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.948
X-Spam-Level:
X-Spam-Status: No, score=-6.948 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id caSKyRv6IG5K for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 15 Aug 2014 06:15:20 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E73821A0A96 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 15 Aug 2014 06:15:19 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XIHJh-0005Jt-Mq for ietf-http-wg-dist@listhub.w3.org; Fri, 15 Aug 2014 13:13:13 +0000
Resent-Date: Fri, 15 Aug 2014 13:13:13 +0000
Resent-Message-Id: <E1XIHJh-0005Jt-Mq@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <cory@lukasa.co.uk>) id 1XIHJT-0005Io-Vd for ietf-http-wg@listhub.w3.org; Fri, 15 Aug 2014 13:12:59 +0000
Received: from mail-ig0-f181.google.com ([209.85.213.181]) by lisa.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <cory@lukasa.co.uk>) id 1XIHJO-00069F-QZ for ietf-http-wg@w3.org; Fri, 15 Aug 2014 13:12:59 +0000
Received: by mail-ig0-f181.google.com with SMTP id h3so1738911igd.14 for <ietf-http-wg@w3.org>; Fri, 15 Aug 2014 06:12:27 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=dS70mebf417SLNEY36B2xjCMmkVZFoQj+V0u+sldFS4=; b=BGjM+W2W8ISW7oa//Ws4rCPfEOUgSKXduQX6yl2m8sJziHJcIqopZE9/xrBU76od1E yhtNeisn7XUKlkswcsjH5813xTE0PEFc0/9MBaZ+bOEvrODdeHpiLta9X+WcDdzMvtHa uq/bqYXU4gfLio2SMFLplpbcr6oc3wWYplz3Qi3UOgnmyOivPnSaTsevWOP5SUzgcl8P QKIZHlw6mLATCYRudT/MIgmWoTvUwrgVsYcsjwDUFZtAc9PMaon+A4QQmTIOBFPQfIGH tfojAq2TEenNfGptjrBFIYACMtfz250bfenoXcg4SCzjSz+7+GNxMLmlW0q+JBrHDKUH Eb0w==
X-Gm-Message-State: ALoCoQnm8m1XcYWNWME1zIb97ukVLcl6ILElwzFzgjYK1O0gDYbkk9uMzqrDH0s7Lmy+oNwTRkg2
MIME-Version: 1.0
X-Received: by 10.42.61.146 with SMTP id u18mr20368622ich.1.1408108347752; Fri, 15 Aug 2014 06:12:27 -0700 (PDT)
Received: by 10.107.27.3 with HTTP; Fri, 15 Aug 2014 06:12:27 -0700 (PDT)
X-Originating-IP: [2620:104:4001:72:4f5:f22d:38f3:60e7]
In-Reply-To: <5871.1408106089@critter.freebsd.dk>
References: <38BD57DB-98A9-4282-82DD-BB89F11F7C84@mnot.net> <4851.1408094168@critter.freebsd.dk> <EB5B7C64-165B-48F1-94FF-1354E917A10F@mnot.net> <5871.1408106089@critter.freebsd.dk>
Date: Fri, 15 Aug 2014 14:12:27 +0100
Message-ID: <CAH_hAJE_ypqjMznRnxXhD8OzcuDLjuELnU8j-6Xrmv3KYr9C9w@mail.gmail.com>
From: Cory Benfield <cory@lukasa.co.uk>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=209.85.213.181; envelope-from=cory@lukasa.co.uk; helo=mail-ig0-f181.google.com
X-W3C-Hub-Spam-Status: No, score=-3.3
X-W3C-Hub-Spam-Report: AWL=-2.636, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1XIHJO-00069F-QZ ec6e639dc35add273bf4903d070f798d
X-Original-To: ietf-http-wg@w3.org
Subject: Re: HTTP/2 and Pervasive Monitoring
Archived-At: <http://www.w3.org/mid/CAH_hAJE_ypqjMznRnxXhD8OzcuDLjuELnU8j-6Xrmv3KYr9C9w@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/26616
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On 15 August 2014 13:34, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > > [long message snipped] > > To summ up: It doesn't matter that they can instantly see it is > "phony" TLS, they still have to work much harder to get at it. Before this email I had not grasped the value of Opp-Sec, and would not have implemented it. I am now swayed. I would happily go to bat for PHK's proposal of allowing Opp-Sec with 'whitened' cipher suite restrictions, and would implement it for both HTTP/2 and HTTP/1.1.
- HTTP/2 and Pervasive Monitoring Mark Nottingham
- Re: HTTP/2 and Pervasive Monitoring Amos Jeffries
- Re: HTTP/2 and Pervasive Monitoring Greg Wilkins
- RE: HTTP/2 and Pervasive Monitoring K.Morgan
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Mark Nottingham
- Re: HTTP/2 and Pervasive Monitoring Mark Nottingham
- Re: HTTP/2 and Pervasive Monitoring Eliot Lear
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Martin Nilsson
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- RE: HTTP/2 and Pervasive Monitoring Albert Lunde
- Re: HTTP/2 and Pervasive Monitoring Cory Benfield
- Re: HTTP/2 and Pervasive Monitoring Erik Nygren
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Roland Zink
- Re: HTTP/2 and Pervasive Monitoring Martin Thomson
- Re: HTTP/2 and Pervasive Monitoring Brian Smith
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Eliot Lear
- Re: HTTP/2 and Pervasive Monitoring Greg Wilkins
- Re: HTTP/2 and Pervasive Monitoring Greg Wilkins
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Stephen Farrell
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Roland Zink
- Re: HTTP/2 and Pervasive Monitoring Stephen Farrell
- Re: HTTP/2 and Pervasive Monitoring Amos Jeffries
- Re: HTTP/2 and Pervasive Monitoring Eliot Lear
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Ilari Liusvaara
- Re: HTTP/2 and Pervasive Monitoring Mark Nottingham
- Re: HTTP/2 and Pervasive Monitoring Greg Wilkins
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Martin Thomson
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Martin Thomson
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp