Re: Where are the places that block encrypted traffic?

Warren Kumari <warren@kumari.net> Wed, 03 June 2015 18:15 UTC

Return-Path: <warren@kumari.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF4581ACED1 for <ietf@ietfa.amsl.com>; Wed, 3 Jun 2015 11:15:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l_zQlfcE6mss for <ietf@ietfa.amsl.com>; Wed, 3 Jun 2015 11:15:27 -0700 (PDT)
Received: from mail-oi0-f47.google.com (mail-oi0-f47.google.com [209.85.218.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D89E61ACE5F for <ietf@ietf.org>; Wed, 3 Jun 2015 11:15:26 -0700 (PDT)
Received: by oihd6 with SMTP id d6so13747276oih.2 for <ietf@ietf.org>; Wed, 03 Jun 2015 11:15:26 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-type; bh=Rhk9dzHet0OkiaJl3xi3YCs5t2MXM2fyMDU29yq2pc4=; b=XnZV/1wh+W2OWAF3TJOwqMOk+r0y6nVaJRc61ai7YJZMr/Hw/GmQMoKd++CSOTikFH o7n0uC9T6R424ATFgjM59Q2/WwVf2FDfBmLBbQl3nuI3QbWiddzaxPZOm2R5XToQM5qt rHJ2fBETM1W51mW49pTxK5HD4AmqPHA2GlJDRTdm7KaKvnBudUHg2wwkRFPOoaS32nK2 uk10z4aqYEs5tQ7a043ACBQxJk5zpbKY/UcLJkg/ddtjR+skELKkVKF0+5rOo4RVKxyT FgkHlG8GKlW5KdY+YjmbvQycKJcMEoKw9ZSalQ64SNXPOwvVYjSeNmV+IFULcIU22v9Y 4m0w==
X-Gm-Message-State: ALoCoQnn/x5OEVCah+FE52U6EX8OYOsp9kJUEWa9y2Ukz1BfefdfMxC0vWdGj7X1JUqTJZEkQkdg
X-Received: by 10.60.56.97 with SMTP id z1mr24555691oep.59.1433355326289; Wed, 03 Jun 2015 11:15:26 -0700 (PDT)
MIME-Version: 1.0
References: <20150601164359.29999.35343.idtracker@ietfa.amsl.com> <tsllhg3t0ya.fsf_-_@mit.edu> <51432A40-FAC0-4D04-8CD5-20C56DC25FDD@frobbit.se> <2036457.vXnxjqSTLC@gongo> <20150603015444.32B952FD573D@rock.dv.isc.org> <tslk2vlsf7b.fsf@mit.edu> <CAHBU6isLZgD6PuO_584TBnV30hFKps93iF9mHuqZFYm7rdpQow@mail.gmail.com>
In-Reply-To: <CAHBU6isLZgD6PuO_584TBnV30hFKps93iF9mHuqZFYm7rdpQow@mail.gmail.com>
From: Warren Kumari <warren@kumari.net>
Date: Wed, 03 Jun 2015 18:15:15 +0000
Message-ID: <CAHw9_i+0jY6BMoTtru9HrL8jjGOPK_5RJjZ2eP8OUkRzcJxWCA@mail.gmail.com>
Subject: Re: Where are the places that block encrypted traffic?
To: Tim Bray <tbray@textuality.com>, Sam Hartman <hartmans-ietf@mit.edu>
Content-Type: multipart/alternative; boundary=001a11c204fa0f94cc0517a10ba9
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/j226ECYzBLdMurzOl3HR_cD_EPM>
Cc: IETF-Discussion Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jun 2015 18:15:28 -0000

In 2011 there was the DNS-EASY ( Workshop on DNS health and security ) held
at in Rome (http://www.gcsec.org/event/dns-easy-2011-workshop )
It was organized by the "Global Cyber Security Center" and held in some
building that was somehow affiliated with the postal service / postel.it.

This location blocked all port 443 (and 22, and.. and.. and...). This made
people sad, and so I ended up spinning up a VPN server on port 80 for most
of the attendees...

Sure, anecdotal info, but....

W



On Wed, Jun 3, 2015 at 11:04 AM Tim Bray <tbray@textuality.com> wrote:

> I travel  heavily and visit many different kinds of public & private
> institutions; and it has been many years since I’ve observed HTTPS
> blockage. Even in China, it seems the blockage is more domain-based than
> protocol-based.
>
> So yes, I’d like to hear evidence for the claim of protocol blockage.
>
> On Tue, Jun 2, 2015 at 7:23 PM, Sam Hartman <hartmans-ietf@mit.edu> wrote:
>
>> >>>>> "Mark" == Mark Andrews <marka@isc.org> writes:
>>
>>
>> to be clear, none of this is the sort of thing I was looking for.  All
>> of this is discussions of parts of the Internet that aren't particularly
>> transparent or interested in letting you have open access to large
>> portions of the net.
>> I don't care if the ietf website is accessible from a hotel before you
>> accept the network's terms.
>>
>> Based on the discussion so far I'd like to see better justification for
>> the claim that there are portions of the network that block TLS before
>> we make it.
>>
>>
>
>
> --
> - Tim Bray (If you’d like to send me a private message, see
> https://keybase.io/timbray)
>