ietf
[Top] [All Lists]

Re: Proposed Statement on "HTTPS everywhere for the IETF"

2015-06-01 16:19:36
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Encryption everywhere is good.
You mean  Evers public information should be encrypted? I.e. Radio vor TV? 
Can't see the "feature", sorry...

Once a connection is encrypted and certificate-protectedhole class

of worries can be removed from the threat models; having fewer things
to
worry about is great when designing protocol stacks.

This is correct by theory in many, but not all cases and not in practice.

A https geht takes up to multiple times of energy and computing resources. I 
prefer efficiency even in protocols - resources should be user for real (not 
only theoretic) added value.

Browser HTTP-SSL/TLS isn't "just encrypt and forget" as long as you really 
unterstand the whole infrastruture and setup in practice including their 
implications today - and not in theory only. This is not like and comparable 
with the migration from telnet to SSH and even not with SMTP TLS/SSL...

And getting a faked x509 i.e. for mitm is more a question of some money and/or 
third party CA securitiy and not at first of secure crypto algos or similiar.

And blocking plaintext http is no feature - it is at max a lack of...

Sorry...


best regards,

Niels.
- ---
Niels Dettenbach
Syndicat IT & Internet
http://www.syndicat.com
-----BEGIN PGP SIGNATURE-----

iQJZBAEBCABDPBxOaWVscyBEZXR0ZW5iYWNoIChTeW5kaWNhdCBJVCAmIEludGVy
bmV0KSA8bmRAc3luZGljYXQuY29tPgUCVWzMLwAKCRANu1qIRZIqRBm5D/43u9NJ
Ex2CxQwIXUcuPaPEr/2geCTgGgRBnUb46fzVwf5OlPnQqA+urr1EajpY3XRdWF5r
jmqnfS/ESYL4q3DV3CC8mW1a4uZWQX85+2fvCra8/nzyKP653jAZvSuqGZAnzGuq
ZDM33932y5GKcPLl86C7WG/QqZ7Yb6SPukTUnDY5z0DcbyBIgqAwF0D3N5P7dk49
iaZY31z1F7rI1PvPS874sH4NVnSUh1N8OakRy5tCtQn4WVlaN1WBu+bzzCmsudgw
Oh7o/BWKFGzDTNGpfsyqmzcepHsmoAPcCtbrQOadX2HFxjqzB+NJwwSLSn9koQlH
xnDhDkx0avolGa3nciubPTSJkAp1wFXj9e0zeJX8dGTOjzyJTDrDxNnYkszTnSS/
X0HnoDo3Uo638Ho9sAcweZJ3XNibNNn5ekdU9kd/rBAIHaWG1m4zshMglupJPyst
u0fvqBJi8AXznQ2Qv27CwjNWQSV37NFZcrkzg22f4GB43MJ1+utgTvEX2ft7uhrz
HJug38x8BH0vrLXpcvlKA2f6SaOCfIhCoqv4+SLVHQLE7IoG2ZxdoY4795ORGHFc
NsyfMB1ah52E3/pZjS1NhFhr4ndUQg5jp0eaLF5XhteRS2Zlw8wmYlP2qicpe3T2
S4tO7+56PhnsZQhB8GnDZMnPN9HgD9KsMNEWGg==
=5dba
-----END PGP SIGNATURE-----