Re: [perpass] perens-perpass-appropriate-response-01

Nicholas Weaver <nweaver@icsi.berkeley.edu> Fri, 06 December 2013 18:58 UTC

Return-Path: <nweaver@icsi.berkeley.edu>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC1141AE087 for <perpass@ietfa.amsl.com>; Fri, 6 Dec 2013 10:58:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UA7DRD5bMun0 for <perpass@ietfa.amsl.com>; Fri, 6 Dec 2013 10:58:09 -0800 (PST)
Received: from rock.ICSI.Berkeley.EDU (rock.ICSI.Berkeley.EDU [192.150.186.19]) by ietfa.amsl.com (Postfix) with ESMTP id 167141AE066 for <perpass@ietf.org>; Fri, 6 Dec 2013 10:58:09 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1]) by rock.ICSI.Berkeley.EDU (Postfix) with ESMTP id 9746A2C400B; Fri, 6 Dec 2013 10:58:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at ICSI.Berkeley.EDU
Received: from rock.ICSI.Berkeley.EDU ([127.0.0.1]) by localhost (maihub.ICSI.Berkeley.EDU [127.0.0.1]) (amavisd-new, port 10024) with LMTP id jl-l2uAf-XTX; Fri, 6 Dec 2013 10:58:05 -0800 (PST)
Received: from [192.168.0.4] (nweaver-monitored-ap.icir.org [192.150.187.133]) (Authenticated sender: nweaver) by rock.ICSI.Berkeley.EDU (Postfix) with ESMTP id 3BDCD2C4004; Fri, 6 Dec 2013 10:58:05 -0800 (PST)
Content-Type: multipart/signed; boundary="Apple-Mail=_B3F64F1B-2325-4648-8518-937EFCE7BA80"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Nicholas Weaver <nweaver@icsi.berkeley.edu>
In-Reply-To: <52A21D1C.8020000@perens.com>
Date: Fri, 6 Dec 2013 10:58:04 -0800
Message-Id: <BC888A6F-F048-4BA6-92F4-8812753F8534@icsi.berkeley.edu>
References: <E2DA1477-C86E-441E-A33D-D47A0D67AFF3@iab.org> <EF9BD1E4-6EF3-4035-AC4E-1A2D3CADE615@mnot.net> <529E8494.7000806@perens.com> <20131204111309.GB11727@nic.fr> <529F61D8.6030105@perens.com> <20131204171207.GC19914@thunk.org> <529F63C0.3040804@perens.com> <529F88AC.3090904@appelbaum.net> <529F90A0.8000706@perens.com> <529F9205.30906@appelbaum.net> <529F98C0.9090808@perens.com> <529F9F14.8050805@appelbaum.net> <529FB61A.7090604@perens.com> <529FBEF9.7030205@appelbaum.net> <529FC347.3080806@perens.com> <52A15835.2070901@cis-india.org> <52A21B80.8070005@mykolab.com> <52A21D1C.8020000@perens.com>
To: Bruce Perens <bruce@perens.com>
X-Mailer: Apple Mail (2.1510)
Cc: perpass@ietf.org, Nicholas Weaver <nweaver@icsi.berkeley.edu>
Subject: Re: [perpass] perens-perpass-appropriate-response-01
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Dec 2013 18:58:11 -0000

On Dec 6, 2013, at 10:53 AM, Bruce Perens <bruce@perens.com> wrote:

>> 
>> 
>> > You can opt out of the Concealment Society if you want to.  But please 
>> > don't force me to stay within the Surveillance Society.
> This will be just fine if it's true. How do I opt out of the Concealment Society if browsers and servers implement HTTP 2.0 as proposed, eventually dropping support for HTTP 1, and neither the browser or server have an in-the-clear mode?
> 
> That's really all this discussion is about. Not any advisory to run https preferentially, but the fact that http isn't being left in the standard.

Include a checkbox in the browser saying "Fuck it all, show my data to the world" which broadcasts the session key in the clear.

And see how many people click on it...


Unencrypted traffic is a vulnerability.  Failing to close a vulnerability that is going to be exploited by every nation on the planet but your own is lunacy.

--
Nicholas Weaver                  it is a tale, told by an idiot,
nweaver@icsi.berkeley.edu                full of sound and fury,
510-666-2903                                 .signifying nothing
PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc