On 03/25/2014 04:09 PM, Trevor Perrin wrote:
On Mon, Mar 24, 2014 at 9:51 AM, Daniel Kahn Gillmor
<[email protected]> wrote:
On 03/24/2014 12:36 PM, Keith Moore wrote:
So, what's the incentive for either clients or servers to support OE if
clients just silently accept it without any indication to the user?
Just for the good of mankind?
I'd say "to increase the cost of pervasive monitoring" and "to resist
surveillance by passive attackers"
I'd go further - OE for HTTP could have strong auth added to it in the
future, such as pinning or DANE, which *could* be indicated to the
user.
Why wait? Even if pinning, DANE, or whatever (as appropriate for that
particular protocol) weren't required immediately, we might as well
specify it now.
Maybe we could even recommend a transition schedule - e.g. clients could
ignore the lack of AE for X years after adoption, after which they'd
start providing some sort of warning indication if recommended form of
AE were not present. After Y years, they'd refuse to connect without
AE. Obviously the details and the assumed transition dates would have
to vary according to the deployment considerations for that particular
protocol, and they should perhaps even be implementation-configurable,
but we might as well start encouraging implementation and testing now.
Site developers could set the transition dates to sooner in order to
test features in advance of users' clients actually complaining.
The point is: if you're going to install stepping stones, don't stop
after placing the first stone and assume that the others will be placed
eventually. We have a rare opportunity in which there is considerable
public interest in improving communications privacy. We should not
squander it by specifying only that which is easiest to do.
Also: it is unlikely that we'll improve privacy in practice without also
raising user expectations.
Keith
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
