Re: Proposed Statement on "HTTPS everywhere for the IETF"

ietf

Re: Proposed Statement on "HTTPS everywhere for the IETF"

2015-06-04 11:54:22

On 4 Jun 2015, at 9:37, Tony Hain wrote:

My overall concern here is that statements like this undermine theintegrity of the organization. I understand people wanting to improveoverall privacy, but this step does not do that in any meaningful way.

Encrypting the channel does provide some small amount of privacy for the*request*, which is not public information. Browser capabilities,cookies, etc. benefit from not being easily-correlated with otherinformation.

It would be interesting to define an HTTP header of "Padding" into whichthe client would put some random noise to pad the request to awell-known size, in order to make traffic analysis of the requestslightly more difficult. This is the sort of thing that comes up whenwe talk about doing more encryption for the IETF's data, which shows theIESG's suggested approach to be completely rational.


--
Joe Hildebrand

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Proposed Statement on "HTTPS everywhere for the IETF", (continued) Re: Proposed Statement on "HTTPS everywhere for the IETF", Stephen Farrell RE: Proposed Statement on "HTTPS everywhere for the IETF", Tony Hain Re: Proposed Statement on "HTTPS everywhere for the IETF", Stephen Farrell RE: Proposed Statement on "HTTPS everywhere for the IETF", Tony Hain Re: Proposed Statement on "HTTPS everywhere for the IETF", Brian E Carpenter Re: Proposed Statement on "HTTPS everywhere for the IETF", Yoav Nir Re: Proposed Statement on "HTTPS everywhere for the IETF", Nico Williams Re: Proposed Statement on "HTTPS everywhere for the IETF", Ted Lemon Re: Proposed Statement on "HTTPS everywhere for the IETF", Benson Schliesser RE: Proposed Statement on "HTTPS everywhere for the IETF", Tony Hain Re: Proposed Statement on "HTTPS everywhere for the IETF", Joe Hildebrand <= RE: Proposed Statement on "HTTPS everywhere for the IETF", Christian Huitema RE: Proposed Statement on "HTTPS everywhere for the IETF", Tony Hain Re: Proposed Statement on "HTTPS everywhere for the IETF", Ted Lemon Re: Proposed Statement on "HTTPS everywhere for the IETF", Roy T. Fielding Re: Proposed Statement on "HTTPS everywhere for the IETF", Niels Dettenbach Re: Proposed Statement on "HTTPS everywhere for the IETF", l.wood Re: Proposed Statement on "HTTPS everywhere for the IETF", Joe Touch Re: Proposed Statement on "HTTPS everywhere for the IETF", Nico Williams Re: Proposed Statement on "HTTPS everywhere for the IETF", Mark Nottingham Re: Proposed Statement on "HTTPS everywhere for the IETF", Roy T. Fielding

Previous by Date:	Re: Proposed Statement on "HTTPS everywhere for the IETF", Nico Williams
Next by Date:	RE: Proposed Statement on "HTTPS everywhere for the IETF", Christian Huitema
Previous by Thread:	RE: Proposed Statement on "HTTPS everywhere for the IETF", Tony Hain
Next by Thread:	RE: Proposed Statement on "HTTPS everywhere for the IETF", Christian Huitema
Indexes:	[Date] [Thread] [Top] [All Lists]