On 9/15/14 11:08, Anne van Kesteren wrote:
Google seems to have the right trade off
and the "IETF consensus" seems to be unaware of what is happening
elsewhere.
You're confused.
The whole line of argumentation that web browsers and servers should be
taking advantage of opportunistic encryption is explicitly informed by
what's actually "happening elsewhere." Because what's *actually*
happening is an overly-broad dragnet of personal information by a wide
variety of both private and governmental agencies -- activities that
would be prohibitively expensive in the face of opportunistic encryption.
Google's laser focus on preventing active attackers to the exclusion of
any solution that thwarts passive attacks is a prime example of
insisting on a perfect solution, resulting instead in substantial
deployments of nothing. They're naïvely hoping that finding just the
right carrot will somehow result in mass adoption of an approach that
people have demonstrated, with fourteen years of experience, significant
reluctance to deploy universally.
This is something far worse than being simply unaware of "what's
happening elsewhere": it's an acknowledgement that pervasive passive
monitoring is taking place, and a conscious decision not to care.
--
Adam Roach
Principal Platform Engineer
a...@mozilla.com
+1 650 903 0800 x863
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
