Re: [rtcweb] Encryption mandate

Christopher Blizzard <blizzard@mozilla.com> Thu, 08 September 2011 04:06 UTC

Return-Path: <blizzard@mozilla.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D7ED21F8B08 for <rtcweb@ietfa.amsl.com>; Wed, 7 Sep 2011 21:06:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.065
X-Spam-Level:
X-Spam-Status: No, score=-2.065 tagged_above=-999 required=5 tests=[AWL=-0.535, BAYES_00=-2.599, DATE_IN_PAST_06_12=1.069]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZV+n9t7bg-8A for <rtcweb@ietfa.amsl.com>; Wed, 7 Sep 2011 21:06:08 -0700 (PDT)
Received: from dm-mail03.mozilla.org (dm-mail03.mozilla.org [63.245.208.213]) by ietfa.amsl.com (Postfix) with ESMTP id 0E4A021F852E for <rtcweb@ietf.org>; Wed, 7 Sep 2011 21:06:08 -0700 (PDT)
Received: from [192.168.1.12] (173-228-106-53.dsl.dynamic.sonic.net [173.228.106.53]) (Authenticated sender: blizzard@mozilla.com) by dm-mail03.mozilla.org (Postfix) with ESMTP id E17DE4AEDE3; Wed, 7 Sep 2011 21:07:57 -0700 (PDT)
Message-ID: <4E6796CF.2060807@mozilla.com>
Date: Wed, 07 Sep 2011 09:07:43 -0700
From: Christopher Blizzard <blizzard@mozilla.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0.2) Gecko/20110902 Thunderbird/6.0.2
MIME-Version: 1.0
To: Paul Kyzivat <pkyzivat@alum.mit.edu>
References: <A444A0F8084434499206E78C106220CA0B00FDB08B@MCHP058A.global-ad.net> <89177AB2-F721-47E4-8471-2180EDA10615@voxeo.com> <A444A0F8084434499206E78C106220CA0B00FDB34D@MCHP058A.global-ad.net> <496EE152-41F2-49AB-A136-05735FE5A9F9@voxeo.com><101C6067BEC68246B0C3F6843BCCC1E31018BF6BE2@MCHP058A.global-ad.net> <4E540FE2.7020605@alcatel-lucent.com> <2E239D6FCD033C4BAF15F386A979BF5106423F@sonusinmail02.sonusnet.com> <4E6595E7.7060503@skype.net> <4E661C83.5000103@alcatel-lucent.com> <2E239D6FCD033C4BAF15F386A979BF510F086B@sonusinmail02.sonusnet.com> <4E666926.8050705@skype.net> <43A0D702-1D1F-4B4E-B8E6-C9F1A06E3F8A@edvina.net> <033458F56EC2A64E8D2D7B759FA3E7E7020E64DC@sonusmail04.sonusnet.com> <E4EC1B17-0CC4-4F79-96DD-84E589FCC4F0@edvina.net> <4E67C3F7.7020304@jesup.org> <4E67D1F4.10002@mozilla.com> <4E6808D5.7090709@alum.mit.edu>
In-Reply-To: <4E6808D5.7090709@alum.mit.edu>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Encryption mandate
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Sep 2011 04:06:08 -0000

On 9/7/2011 5:14 PM, Paul Kyzivat wrote:
> Its going to be hard work to figure out what can both be reliably 
> reported to users and also be understandable and meaningful to users.

Indeed.  It suffers from the same problem that self-signed certs suffer 
from.  That is, you can't guarantee end to end encryption unless you 
know who you are talking to.  And in our current system requires 3rd 
party signings to do that, which as we've seen over the last couple of 
weeks is not always...great.

Do we want to try and tackle that here?  (I'm guessing not!)

--Chris