On Thu 2018-11-08 18:31:28 -0800, Ryan Carboni wrote: > Encrypting common knowledge is cargo cult fetishism for cryptography. The > files could be sent unencrypted, and protected using subresource integrity. > If you are sharing the same data to multiple second parties to serve to a > single third party, the value of encryption is less than zero.
I agree that the widespread move to CDNs makes those CDNs a point of vulnerability and potential compromise. But from a harm reduction point of view, encrypting data that transits a CDN does protect that traffic from surveillance by non-CDN network-based adversaries. There is more research and development work to be done to make that protection even more robust: anti-traffic analysis work, for example. But simply reverting to cleartext would be a mistake. Ryan, your posts in this thread suggest an understandable frustration with cryptographic deployment on the public Internet, and perhaps an even more understandable frustration with cryptographic *deprecation* on the public Internet. However, the web suffers from the same two problems as much of the public Internet: the curse of the deployed base, and a small but non-negligible fraction of confused, interfering middleboxes. I love proposals that happily ignore these problems, because they tend to be elegant, and more often correct than janky old stuff! But, if we want our protocol designs to actually eventually replace old, worse protocol designs, we need to look at deployment/upgrade/deprecation paths, which involves a *lot* of ugliness -- the main job of the TLS WG, afaict. Otherwise, our beautiful new designs will get rolled out, and will simply co-exist alongside the old brokenness :/ --dkg _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls