Hi Pranesh,
At 20:53 05-12-2013, Pranesh Prakash wrote:
This is not a debate about whether surveillance is good or not.
(Targetted surveillance which is allowed by a law, has a legitimate aim
in a democratic society, is not arbitrary, is necessary to achieve those
aims, is proportionate, authorized by a judicial process, etc., would be
legitimate.) This is a debate about whether it is technically (and
politically) desirable for protocols to prevent mass surveillance.
I read
http://cis-india.org/internet-governance/blog/indias-big-brother-the-central-monitoring-system
There are likely similar cases in other countries.
What could be the effect if (widely deployed) IETF protocols
prevented such systems from working? It is possible to design a
protocol which does not allow "in the clear" traffic [1]. It is not
clear whether such a protocol would be widely deployed.
There is no reason why the 'default' insecurity of HTTP cannot be
handled at the technical level. Do I believe all HTTP2 traffic MUST be
encrypted? Perhaps, and perhaps not. But most certainly, the 'default'
for HTTP2 traffic should be encryption.
Ok.
Regards,
-sm
1. That is different from the "default".
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
