On 2/08/2014 06:03 am, Joe Touch wrote: > > > On 8/1/2014 8:25 PM, Nico Williams wrote: >> On Fri, Aug 01, 2014 at 06:57:10PM -0700, Tony Arcieri wrote: >>> On Fri, Aug 1, 2014 at 5:14 PM, Joe Touch <[email protected]> wrote: >>> >>>> I might have thought so. Except Google did it. >>>> >>> >>> Google is a cool story, but in my book it really doesn't count until >>> everyone does it and we have full network encryption... >> >> Right. Big players can impose HTTPS due to the cost to a nation's >> citizens (or ISP's customers) of blocking it. > > A TCP-encrypted solution on port 80 might be blocked for exactly the > same reason. That's a lot of work for no benefit. > >> To really extend this to everyone else might take confidentiality >> protection for DNS queries and maybe even not having PTR RRsets. > > I don't think confidentiality protection will suffice alone. IMO, > anything that doesn't visibly look like valid DNS and HTTP traffic will > be blocked in some places, and no level of encryption will do anything > but help identify traffic as something to block.
Let them block upgrades to encryption in some places. As long as the mass moves forward, once we've got 90% deployment we can go to the next level. If they wish to keep blocking, let them ... blocking all TCP is the same as turning off the net. To make an omelette, you have to break some eggs. The outcome is the issue. iang _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
