On Fri, May 27, 2016 at 9:46 AM, Hannes Frederic Sowa <han...@stressinduktion.org> wrote: > On Thu, May 26, 2016, at 20:42, Tom Herbert wrote: >> Thinking about this some more, the per option white list is a better >> approach. If we allow an open ended mechanism for applications to >> signal the network with arbitrary data (like user specified hbp >> options would be), then use of that mechanism will inevitably >> exploited by some authorities to force user to hand over private data >> about their communications. It's better to not build in back doors to >> security... > > Also I don't think that HbH options form some kind of hidden covert > channel. They mostly appear by unused fields which cannot be verified by > the other (receiving) side in any way.
It would be pretty easy to make it that. All a network operator would need to do is strip their proprietary options on egress from their network. So a receiver, say our servers at FB, would have no way to determine that our clients are being manipulated. Tom