Joe Touch wrote this message on Fri, Aug 01, 2014 at 22:03 -0700:
>
>
> On 8/1/2014 8:25 PM, Nico Williams wrote:
> >On Fri, Aug 01, 2014 at 06:57:10PM -0700, Tony Arcieri wrote:
> >>On Fri, Aug 1, 2014 at 5:14 PM, Joe Touch <[email protected]> wrote:
> >>
> >>>I might have thought so. Except Google did it.
> >>>
> >>
> >>Google is a cool story, but in my book it really doesn't count until
> >>everyone does it and we have full network encryption...
> >
> >Right. Big players can impose HTTPS due to the cost to a nation's
> >citizens (or ISP's customers) of blocking it.
>
> A TCP-encrypted solution on port 80 might be blocked for exactly the
> same reason. That's a lot of work for no benefit.
>
> >To really extend this to everyone else might take confidentiality
> >protection for DNS queries and maybe even not having PTR RRsets.
>
> I don't think confidentiality protection will suffice alone. IMO,
> anything that doesn't visibly look like valid DNS and HTTP traffic will
> be blocked in some places, and no level of encryption will do anything
> but help identify traffic as something to block.
Yes, it will be blocked, just like some companies block 443 unless
you install their root cert, or accept it.
But the rest of the world will receive the benefit, and hopefully, as
it gets deployed more widely, things will improve.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
_______________________________________________
Tcpinc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tcpinc
