[148125] in cryptography@c2.net mail archive
Re: [Cryptography] HTTP should be deprecated.
daemon@ATHENA.MIT.EDU (Patrick Mylund Nielsen)
Mon Nov 11 20:10:00 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <CAHWD2rKbXWX6n5C-=Sm_xQAUy+dBLYVKoPvwKqpqJd48O5ozdA@mail.gmail.com>
Date: Mon, 11 Nov 2013 20:03:15 -0500
From: Patrick Mylund Nielsen <cryptography@patrickmylund.com>
To: =?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?= <l@odewijk.nl>
Cc: John Kelsey <crypto.jmk@gmail.com>, Russ Nelson <nelson@crynwr.com>,
"cryptography@metzdowd.com List" <cryptography@metzdowd.com>,
Greg <greg@kinostudios.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============3569471914860320700==
Content-Type: multipart/alternative; boundary=047d7b86f172dd4fdd04eaf069fc
--047d7b86f172dd4fdd04eaf069fc
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On Mon, Nov 11, 2013 at 7:45 PM, Lodewijk andr=C3=A9 de la porte <l@odewijk=
.nl>wrote:
> I'm sorry, no. There is information that is simply public. To intricately
> confuse them through our petty plays with numbers would be nothing but
> waste of time and all the peoples' resources.
>
I think you missed John's point, which was that, while the information may
be something that is readily accessible to all, the fact that YOU are
accessing it is interesting information. And that's true, but somebody is
going to get that information whether or not the channel is encrypted.
> Think of the caching disadvantages!
>
Which? It's very easy to cache stuff when HTTPS is used, either server-side
or client-side (Cache-Control header.) It's just a transport.
The fact that the CA model is a mess and browsers depend on it is a much
bigger disadvantage.
--047d7b86f172dd4fdd04eaf069fc
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div>On Mon, Nov 11, 2013 at 7:45 PM, Lodewijk andr=C3=A9 =
de la porte <span dir=3D"ltr"><<a href=3D"mailto:l@odewijk.nl" target=3D=
"_blank">l@odewijk.nl</a>></span> wrote:<br></div><div class=3D"gmail_ex=
tra"><div class=3D"gmail_quote">
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div dir=3D"ltr"><div class=3D"gmail_extra">=
I'm sorry, no. There is information that is simply public. To intricate=
ly confuse them through our petty plays with numbers would be nothing but w=
aste of time and all the peoples' resources.</div>
</div></blockquote><div><br></div><div>I think you missed John's point,=
which was that, while the information may be something that is readily acc=
essible to all, the fact that YOU are accessing it is interesting informati=
on. And that's true, but somebody is going to get that information whet=
her or not the channel is encrypted.</div>
<div>=C2=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8=
ex;border-left:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr"><div class=
=3D"gmail_extra">Think of the caching disadvantages!</div></div></blockquot=
e><div><br>
</div><div>Which? It's very easy to cache stuff when HTTPS is used, eit=
her server-side or client-side (Cache-Control header.) It's just a tran=
sport.</div><div><br></div><div>The fact that the CA model is a mess and br=
owsers depend on it is a much bigger disadvantage.</div>
</div></div></div>
--047d7b86f172dd4fdd04eaf069fc--
--===============3569471914860320700==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============3569471914860320700==--
