IETF Logo Mail Archive

Re: [perpass] Unauthenticated, ephemeral keying in HTTP/1.0 without TLS

Ted Lemon <mellon@fugue.com> Sat, 16 November 2013 23:51 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08A3A11E8120 for <perpass@ietfa.amsl.com>; Sat, 16 Nov 2013 15:51:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.289
X-Spam-Level:
X-Spam-Status: No, score=-2.289 tagged_above=-999 required=5 tests=[AWL=0.310, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6HpyXccX8quY for <perpass@ietfa.amsl.com>; Sat, 16 Nov 2013 15:51:44 -0800 (PST)
Received: from toccata.fugue.com (toccata.fugue.com [204.152.186.142]) by ietfa.amsl.com (Postfix) with ESMTP id C0C3D11E8105 for <perpass@ietf.org>; Sat, 16 Nov 2013 15:51:44 -0800 (PST)
Received: from [10.0.10.40] (c-174-62-147-182.hsd1.nh.comcast.net [174.62.147.182]) by toccata.fugue.com (Postfix) with ESMTPSA id AA26323824DE; Sat, 16 Nov 2013 18:51:42 -0500 (EST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1822\))
From: Ted Lemon <mellon@fugue.com>
In-Reply-To: <5287FA09.3060100@gmail.com>
Date: Sat, 16 Nov 2013 18:51:40 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <C6822D2B-DE14-43FF-A2D4-F96941F054B7@fugue.com>
References: <CAMm+Lwg-AF9fZ5=f5W8JDmiCe=U7Uyxso_bdHGaQhddsQ+aGaw@mail.gmail.com> <5287FA09.3060100@gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
X-Mailer: Apple Mail (2.1822)
Cc: perpass <perpass@ietf.org>, Phillip Hallam-Baker <hallam@gmail.com>
Subject: Re: [perpass] Unauthenticated, ephemeral keying in HTTP/1.0 without TLS
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Nov 2013 23:51:51 -0000

On Nov 16, 2013, at 6:04 PM, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
> Indeed. A "solution" in which caches, proxies, content filtering
> and possibly CDNs don't work is not going to be deployed on any Internet
> on this planet.

Er, be careful here.   It's certainly true that a solution that prevents CDNs, caches, proxies and content filtering from working won't see rapid uptake among providers that depend on these capabilities.   However, there is a rather substantial long tail of web sites that do not depend on these capabilities and never will, and it is these very web sites for which the ability to do various kinds of passive tracking will be most useful, because they say the most about you.

Also, to completely contradict that point, facebook with https enabled still uses a CDN, so the theory that https prevents CDNs from working is apparently wrong anyway.

v2.23.0 | Report a Bug | By Email