ietf
[Top] [All Lists]

Re: [IAB] Mandatory encryption as part of HTTP2

2013-11-15 08:56:57
I've been watching this thread for a while.  The idea of making it harder 
without actually expecting the encryption to work seems like an implicit 
admission of failure.  I think the right posture is to make privacy via 
encryption the default at every level, or perhaps even mandatory, and to expect 
it to work.  Key management has to be seamless and automatic, and the software 
and hardware have to be trusted.  Let's button up the net and protect our 
communication from prying eyes, whether they be ISPs wanting to charge us for 
"high value" traffic, governments wanting to gather intelligence, or others.

There will still be lots of information that we can't easily protect, e.g. 
"metadata."  I am not worried about that even though that really does disclose 
a lot of information.  People who need anonymity or other strong protection 
will need to use special services or third parties, just the way they do in 
real life.

This my personal view and does not represent anyone else's.  In particular, I 
am not speaking for ICANN in this note.

Steve



On Nov 15, 2013, at 11:43 AM, Hannes Tschofenig 
<hannes(_dot_)tschofenig(_at_)gmx(_dot_)net> wrote:

Yaakov, you have very nicely summarized the strategy: We need to make attacks 
more expensive.

Am 15.11.13 14:54, schrieb Yaakov Stein:
That aside, just saying "you MUST do TLS with HTTP/2.0" doesn't buy much 
security in a world
where CAs are not trustworthy, people still use RC4/MD5, use woefully short 
keys for
otherwise strong algorithms, browsers have effectively trained people to 
always click
"visit anyway" and so on.

I believe that this proposal was in line with Bruce Schneier's suggestion at 
the plenary.
Do anything to make more work for people trying to listen in to everything 
on the Internet.

For example, put a key at the top of the content and then encrypt using this 
key.
This is meaningless from the confidentiality point of view,
but eats up computational resources and energy for someone trying to vacuum 
up everything.

Even better - when you don't have anything to transmit, send meaningless 
supposed encrypted packets.
If everyone did this their storage costs would skyrocket.
Even better, send packets with easily broken encryption containing keywords 
of interest.

Y(J)S