Given the fact that the ALTO transaction is local to an ISP, nobody else
is going to be able to see it anyway, so it doesn't matter whether it's
plain text or not. So I'm agreeing with Nick.
RB
Nicholas Weaver wrote:
On Mar 27, 2009, at 4:47 PM, Matthew Kaufman wrote:
Nicholas Weaver wrote:
Additionally, you CAN'T do localization comparison without knowing
which points to compare. Again, privacy can't work in that case.
But an ISP or third-party I trust *could* do comparison without me
showing the list to everyone passively monitoring the path between me
and that service. And in the trusted 3rd-party case, they can
anonymize who I am and why I'm asking even better.
On the wire interception is far less of a privacy concern than just
the fact that you have to give the third party/ISP a list of the IPs
to compare with.
Yes, it would be nice to specify "use either TLS or DTLS", but if you
think this increases privacy significantly, it doesn't.
_______________________________________________
alto mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/alto
--
Richard Bennett
_______________________________________________
alto mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/alto
