Re: Pervasive encryption: Pro and contra from Mark Nottingham on 2013-11-18 (ietf-http-wg@w3.org from October to December 2013)

From: Mark Nottingham <mnot@mnot.net>
Date: Mon, 18 Nov 2013 14:31:07 +1100
To: Tim Bray <tbray@textuality.com>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-Id: <8C1FEBCF-315F-4CC5-AF96-D6960E21580F@mnot.net>

On Sat, Nov 16, 2013 at 5:03 PM, Tim Bray <tbray@textuality.com> wrote:
> There has been a *whole lot* of traffic on this subject.  It�s fascinating that the meeting of minds is so difficult, and any possibility of that happening is made more difficult by the discussion skewing back and forth across the road.
> 
> To help sort things out in my own mind, I just went and read the last few hundred messages and attempted to curate the pervasive/mandatory encryption arguments, pro and contra.  It�s in a Google doc that�s open to comment by anyone: http://goo.gl/6yhpC1  Hm, is there a handy wiki platform somewhere that can stand up to the pressure?
> 
> I don�t know if trying to organize the talking points is generally useful, but I sure found it personally useful; maybe others will too.
> 
> Disclosure: I remain pretty strongly in favor of as much mandatory encryption as we can get, so that may have filtered my expression of the issues.  I've version-stamped this: 2013/11/16, and promise not to change it in case people comment on it.

Thanks, Tim.  I'd encourage you to submit that as an individual (for now) I-D. If you want space to work on it / collect issues, I can give you a repository over on github.

I'd also encourage you to move it quickly past a simplistic "pro/con" model. There are a remarkable number of facets to this discussion, with many interdependencies.

For example, your C1 ("Intermediation") assumes that we won't change that aspect of HTTP, yet there is already a parallel discussion about doing so. Likewise, there are parallel discussions about improving the CA system, crypto algorithms, etc. (C2).

Then,

On 17/11/2013, at 3:27 PM, Tim Bray <tbray@textuality.com> wrote:

> Um, I see some debate on the issues breaking out in the comments.  I�m not the chair, but if it were, I�d holler at you to have those arguments here; I made sure that every bullet point in that doc had an unambiguous address, so you can say in email that �C2.4 isn�t a problem because...�  My goal was to propose a candidate structure to have the debate around, not an alternate place to have it.

... and fresh off a plane, I'm catching up with e-mail; what fun.

Folks, this document is not a WG product, discussion there has absolutely no bearing whatsoever. So, feel free to send bits that way (we've got plenty over here), but realise that they don't count.

Later on,

On 17/11/2013, at 5:15 PM, SM <sm@resistor.net> wrote:

> See http://trac.tools.ietf.org/wg/httpbis/trac/wiki

If Tim wants to collect input, there are much better tools for doing so. Please don't do it there.

Cheers,

--
Mark Nottingham   http://www.mnot.net/

Received on Monday, 18 November 2013 03:31:28 UTC