On 8/1/2014 8:25 PM, Nico Williams wrote:
On Fri, Aug 01, 2014 at 06:57:10PM -0700, Tony Arcieri wrote:
On Fri, Aug 1, 2014 at 5:14 PM, Joe Touch <[email protected]> wrote:
I might have thought so. Except Google did it.
Google is a cool story, but in my book it really doesn't count until
everyone does it and we have full network encryption...
Right. Big players can impose HTTPS due to the cost to a nation's
citizens (or ISP's customers) of blocking it.
A TCP-encrypted solution on port 80 might be blocked for exactly the
same reason. That's a lot of work for no benefit.
To really extend this to everyone else might take confidentiality
protection for DNS queries and maybe even not having PTR RRsets.
I don't think confidentiality protection will suffice alone. IMO,
anything that doesn't visibly look like valid DNS and HTTP traffic will
be blocked in some places, and no level of encryption will do anything
but help identify traffic as something to block.
Joe
_______________________________________________
Tcpinc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tcpinc
