ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Proposed Statement on "HTTPS everywhere for the IETF"

2015-06-01 16:19:04
from [Niels Dettenbach (Syndicat.com)] [Permanent Link] 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Encryption everywhere is good.

You mean  Evers public information should be encrypted? I.e. Radio vor TV? 
Can't see the "feature", sorry...


Once a connection is encrypted and certificate-protectedhole class

of worries can be removed from the threat models; having fewer things
to
worry about is great when designing protocol stacks.


This is correct by theory in many, but not all cases and not in practice.

A https geht takes up to multiple times of energy and computing resources. I 
prefer efficiency even in protocols - resources should be user for real (not 
only theoretic) added value.

Browser HTTP-SSL/TLS isn't "just encrypt and forget" as long as you really 
unterstand the whole infrastruture and setup in practice including their 
implications today - and not in theory only. This is not like and comparable 
with the migration from telnet to SSH and even not with SMTP TLS/SSL...

And getting a faked x509 i.e. for mitm is more a question of some money and/or 
third party CA securitiy and not at first of secure crypto algos or similiar.

And blocking plaintext http is no feature - it is at max a lack of...

Sorry...


best regards,

Niels.
- ---
Niels Dettenbach
Syndicat IT & Internet
http://www.syndicat.com
-----BEGIN PGP SIGNATURE-----

iQJZBAEBCABDPBxOaWVscyBEZXR0ZW5iYWNoIChTeW5kaWNhdCBJVCAmIEludGVy
bmV0KSA8bmRAc3luZGljYXQuY29tPgUCVWzMLAAKCRANu1qIRZIqRCI8EACgOBnR
b+bcXVnqjjyR9CiPdOpQTQ2/gie2p4ECdhaKcgFna1yn2HBUM6VXw9RZXqnGUtq6
4ItZiiK6xng3osO2xJEBM/316SG5RHX+g2mzmf8qqcI2tmp4okXrAqaxvPgTYuXW
dE5GTabG1np+qIXR3M6gG5xEqjxlsPLr0DPGc+N8XERzR/26vn84lYLhSMdtmm69
dK1jYxMOEEnQFTmkgSa/5AT07NCgmqu6lWGTp/pT8I9vaXnyFnYy79EAHB2rjj4w
5QeUrmxlIGuc6qE4dkE/hn30dQYX1sB7EMMc1AugEw/AFG9XOtp9PYMALXmCPODr
YysImmxmLi3bmOtPmGkJdnUZlCSPkRYAwqBU7Mj3216+y/BJTE+cjeoKGhOtAXK3
eG0m3XDNDY6RYkmg2fbAqsCyjVNIuEp13o70UZVJTbNKxX9WY26Rw/g0GY2Ek33O
OZkb2GvrX69YRsubPY6qr9GzoBEVBBSzaFhepsjpEo6DB1BJIuh/Ud6L5J2RMK6o
4yUoEB5PKH45Zjk2toF5kgFrEK2uEb9xgY/hB4MU1XyMBDNrWfqVNTsah9HIwxPP
4DrWwVWBzOeM+DayEa+cTV4q/5eZD5h61fvl5CtjOJACPTMbaO0s6eySqYpvanjp
DoozGagx1n568TDssO28RSDAL89hEElDjU7lkQ==
=fXAA
-----END PGP SIGNATURE-----
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Proposed Statement on "HTTPS everywhere for the IETF", Nico Williams
Next by Date:  Re: Proposed Statement on "HTTPS everywhere for the IETF", Niels Dettenbach (Syndicat.com)
Previous by Thread:  Re: Proposed Statement on "HTTPS everywhere for the IETF", Harald Alvestrand
Next by Thread:  Re: Proposed Statement on "HTTPS everywhere for the IETF", Niels Dettenbach (Syndicat.com)
Indexes:  [Date] [Thread] [Top] [All Lists]